Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          TOESb1LHrrsX6v8oOT0rXj/g+BpCx4uFEh3nS22zsiI=
Subject key identifier:   50:E6:44:E7:F5:78:DD:5D:40:9E:BF:CA:AA:A4:86:7F:EE:9A:00:80
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1D3B5D785E7AB6510CE0B2550B88A4DF62CC84EA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
Signing time:             Mon 06 Jul 2026 06:01:23 +0000
ROA not before:           Mon 06 Jul 2026 05:56:23 +0000
ROA not after:            Mon 05 Jul 2027 06:01:23 +0000
asID:                     20326
IP address blocks:        96.62.200.0/21 maxlen: 24
                          167.148.198.0/24 maxlen: 24
                          167.148.204.0/24 maxlen: 24
                          167.148.207.0/24 maxlen: 24
                          167.148.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:3b:5d:78:5e:7a:b6:51:0c:e0:b2:55:0b:88:a4:df:62:cc:84:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  6 05:56:23 2026 GMT
            Not After : Jul  5 06:01:23 2027 GMT
        Subject: CN=50E644E7F578DD5D409EBFCAAAA4867FEE9A0080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:16:a0:ea:dd:83:91:ac:7e:8e:6f:84:38:07:
                    b3:70:23:fd:f7:de:a8:9c:ad:87:64:73:9b:c3:fc:
                    b3:59:bd:18:c8:e4:91:e1:5f:c3:4a:78:6b:ae:a7:
                    cf:7e:4c:a1:e6:4e:fe:f9:74:5d:43:03:9c:9e:d6:
                    45:40:14:c2:21:85:04:df:db:ee:07:e5:e5:e9:52:
                    51:e3:6e:20:2f:b7:d1:bb:ae:ed:dd:db:a8:cf:cc:
                    13:0a:44:78:ee:c1:78:3e:f5:a8:e8:36:fb:2e:2e:
                    09:e7:5a:f1:d2:6c:fe:56:76:10:40:2a:75:1b:f4:
                    83:1e:3e:40:e7:6b:34:cb:81:b6:58:ee:30:1f:19:
                    1a:e0:58:1c:6e:28:2e:9a:df:62:e8:d6:06:f6:ac:
                    1c:33:8e:91:0d:9e:b7:da:43:6e:0f:32:23:03:08:
                    0b:4d:28:f0:5d:18:b1:2d:c9:97:db:ef:d4:53:df:
                    e9:e8:3c:95:e5:23:43:19:fc:5b:7a:3f:9d:fd:48:
                    eb:60:56:7d:83:d3:87:ea:26:4e:28:03:e4:22:3d:
                    f2:58:30:24:30:7f:cf:8c:90:dc:4d:15:8a:6d:a9:
                    db:f8:92:ce:4e:98:8f:1e:55:f6:53:4a:6d:56:0c:
                    37:a0:05:1d:61:c7:c1:f1:d7:ed:29:c8:c8:28:2f:
                    28:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E6:44:E7:F5:78:DD:5D:40:9E:BF:CA:AA:A4:86:7F:EE:9A:00:80
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.200.0/21
                  167.148.198.0/24
                  167.148.204.0/24
                  167.148.207.0/24
                  167.148.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:a1:92:3d:6e:11:4a:c9:eb:b7:e3:df:cd:6c:47:cb:9a:5a:
         81:84:54:a4:18:d5:65:1b:be:9b:37:82:eb:6a:4f:34:c5:b8:
         e7:48:ec:71:7e:bd:38:00:27:c2:9b:4e:a6:28:98:24:fd:b8:
         2e:17:2f:a1:1e:e0:c2:0a:93:a4:1f:06:9d:c7:60:64:78:fb:
         70:5f:40:03:e8:a1:96:af:20:28:7c:70:e0:e0:74:77:b3:8c:
         8e:a5:45:52:ec:c6:c2:67:bc:11:1a:71:d5:8f:78:89:d0:13:
         da:2a:85:37:ba:66:92:22:80:65:85:3c:33:c3:29:f6:80:54:
         1d:97:7c:f7:7a:4d:db:86:e5:9d:46:01:be:a2:8f:a7:86:cc:
         35:28:e2:59:82:b5:94:21:d0:3f:09:a3:6d:d9:41:b2:a7:b9:
         37:78:16:ef:5f:f6:bb:57:a2:58:c0:48:ff:6e:38:c3:52:f6:
         9e:6b:a0:46:db:bc:83:63:f1:62:19:e1:f5:91:b3:b5:af:94:
         47:dd:c2:d1:f4:68:30:df:42:61:d8:d2:17:60:03:60:1a:33:
         4f:ee:cf:4c:6d:e3:31:2b:bb:79:71:b2:b1:6b:9e:91:16:58:
         01:fd:7b:dd:5d:07:ac:24:2d:bb:82:f4:f2:5a:4d:5f:12:9f:
         58:bb:a4:52
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUHTtdeF56tlEM4LJVC4ik32LMhOowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA3MDYwNTU2MjNaFw0yNzA3MDUwNjAxMjNaMDMxMTAvBgNV
BAMTKDUwRTY0NEU3RjU3OERENUQ0MDlFQkZDQUFBQTQ4NjdGRUU5QTAwODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSFqDq3YORrH6Ob4Q4B7NwI/33
3qicrYdkc5vD/LNZvRjI5JHhX8NKeGuup89+TKHmTv75dF1DA5ye1kVAFMIhhQTf
2+4H5eXpUlHjbiAvt9G7ru3d26jPzBMKRHjuwXg+9ajoNvsuLgnnWvHSbP5WdhBA
KnUb9IMePkDnazTLgbZY7jAfGRrgWBxuKC6a32Lo1gb2rBwzjpENnrfaQ24PMiMD
CAtNKPBdGLEtyZfb79RT3+noPJXlI0MZ/Ft6P539SOtgVn2D04fqJk4oA+QiPfJY
MCQwf8+MkNxNFYptqdv4ks5OmI8eVfZTSm1WDDegBR1hx8Hx1+0pyMgoLyixAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUUOZE5/V43V1Anr/KqqSGf+6aAIAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBANgPsgD
BACnlMYDBACnlMwDBACnlM8DBACnlNIwDQYJKoZIhvcNAQELBQADggEBACOhkj1u
EUrJ67fj381sR8uaWoGEVKQY1WUbvps3gutqTzTFuOdI7HF+vTgAJ8KbTqYomCT9
uC4XL6Ee4MIKk6QfBp3HYGR4+3BfQAPooZavICh8cODgdHezjI6lRVLsxsJnvBEa
cdWPeInQE9oqhTe6ZpIigGWFPDPDKfaAVB2XfPd6TduG5Z1GAb6ij6eGzDUo4lmC
tZQh0D8Jo23ZQbKnuTd4Fu9f9rtXoljASP9uOMNS9p5roEbbvINj8WIZ4fWRs7Wv
lEfdwtH0aDDfQmHY0hdgA2AaM0/uz0xt4zEru3lxsrFrnpEWWAH9e91dB6wkLbuC
9PJaTV8Sn1i7pFI=
-----END CERTIFICATE-----
Generated at Sat Jul 18 01:48:44 2026 by rpki-client