Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20860.roa
File:                     AS20860.roa (raw, json)
Hash identifier:          coIxmF+0sy82qHgYDjsHL3egzR2FZslifZJgR9rDSfI=
Subject key identifier:   BE:29:4A:C4:84:7F:B2:9C:94:77:04:0F:1F:E4:A4:18:86:27:FD:AC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       63F93C4A7D83EE66777FAA76935A6F9137777601
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20860.roa
Signing time:             Wed 02 Jul 2025 18:54:13 +0000
ROA not before:           Wed 02 Jul 2025 18:49:13 +0000
ROA not after:            Wed 01 Jul 2026 18:54:13 +0000
asID:                     20860
IP address blocks:        146.103.7.0/24 maxlen: 24
                          146.103.20.0/24 maxlen: 24
                          146.103.21.0/24 maxlen: 24
                          146.103.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:f9:3c:4a:7d:83:ee:66:77:7f:aa:76:93:5a:6f:91:37:77:76:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  2 18:49:13 2025 GMT
            Not After : Jul  1 18:54:13 2026 GMT
        Subject: CN=BE294AC4847FB29C9477040F1FE4A4188627FDAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:66:31:32:e9:27:7c:fa:05:11:0f:a2:f4:5e:
                    e6:86:86:a6:46:1e:1a:f3:87:b9:6d:4e:d0:55:53:
                    e5:7a:1e:9c:29:c5:1b:5c:96:81:4d:f2:22:df:01:
                    b5:5d:79:fb:5d:97:61:22:ea:3f:6f:af:be:9b:0e:
                    eb:8c:a2:ff:7a:2e:78:39:c7:5b:3e:74:a4:7b:bb:
                    e0:83:bb:2e:bc:d7:2b:33:8e:e8:b7:39:5e:3c:74:
                    4a:80:cc:6e:0a:12:9a:d5:e6:8a:e2:13:79:ad:3d:
                    94:1a:5f:1b:93:6a:59:f7:02:17:f3:8a:6d:71:ca:
                    3c:18:df:89:d2:2b:cf:7d:e9:0b:f0:cd:48:5a:cc:
                    01:e2:57:7d:db:b3:7f:49:27:57:da:fe:9e:c6:d6:
                    ba:ab:83:64:f8:9c:01:f2:a0:87:e3:5f:95:64:ef:
                    e1:c7:50:7c:03:06:1a:9c:e0:e2:18:e1:01:8f:5b:
                    de:10:52:d5:b4:f2:2a:8f:d6:00:b0:f4:9c:67:01:
                    c2:06:6a:7f:12:ab:c5:23:99:95:1a:43:0e:02:2d:
                    41:d2:d9:3a:19:0b:4e:d3:bc:6c:0a:bf:32:b6:c4:
                    fe:81:8d:5d:5f:84:5b:41:86:d5:de:e1:df:64:65:
                    fd:04:f4:9f:c1:ff:11:62:97:27:f3:4c:ee:b5:8a:
                    68:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:29:4A:C4:84:7F:B2:9C:94:77:04:0F:1F:E4:A4:18:86:27:FD:AC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20860.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.7.0/24
                  146.103.20.0/23
                  146.103.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:f6:56:9d:5e:16:9c:b2:2a:1f:5e:f9:a7:df:59:18:f4:e6:
         bc:54:43:49:a2:dd:5c:ef:6b:31:9f:a0:97:fc:4c:6d:55:8e:
         1c:da:20:23:c4:eb:21:06:e6:86:84:44:ad:25:71:fa:ac:00:
         09:09:ee:e5:75:bd:18:3e:59:c4:25:91:d4:ea:a0:06:2d:6b:
         7a:5d:91:d1:f1:b8:d3:b7:a3:28:ab:0c:da:0f:04:46:42:fa:
         71:3b:bb:18:0a:eb:c1:0f:12:23:22:67:ad:ef:6d:7d:c7:1b:
         1d:49:a0:3c:70:92:d2:e0:a2:aa:2a:1b:62:ee:81:0f:4c:09:
         32:85:97:be:f8:31:62:5d:c8:fc:2a:66:27:08:f4:4c:e1:76:
         2e:90:1e:41:9e:87:49:fe:26:45:cf:92:81:f4:8c:b2:1d:77:
         1b:e1:a9:a9:6a:ed:74:75:e3:3e:fa:b3:f3:c5:18:3d:3a:14:
         05:e2:ac:6b:e1:40:a6:6d:f7:b4:d0:87:5b:67:ed:13:2d:fc:
         3f:65:b4:c8:bd:f4:83:fa:c1:e7:94:45:fe:55:60:98:29:be:
         92:a6:48:73:2e:2d:dc:34:fa:00:19:02:a5:a2:a8:97:69:38:
         dd:6d:b8:57:9f:93:47:52:34:65:f3:ba:91:9e:35:6d:91:bd:
         a8:fe:3e:6e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUY/k8Sn2D7mZ3f6p2k1pvkTd3dgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MDIxODQ5MTNaFw0yNjA3MDExODU0MTNaMDMxMTAvBgNV
BAMTKEJFMjk0QUM0ODQ3RkIyOUM5NDc3MDQwRjFGRTRBNDE4ODYyN0ZEQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsZjEy6Sd8+gURD6L0XuaGhqZG
Hhrzh7ltTtBVU+V6HpwpxRtcloFN8iLfAbVdeftdl2Ei6j9vr76bDuuMov96Lng5
x1s+dKR7u+CDuy681yszjui3OV48dEqAzG4KEprV5oriE3mtPZQaXxuTaln3Ahfz
im1xyjwY34nSK8996QvwzUhazAHiV33bs39JJ1fa/p7G1rqrg2T4nAHyoIfjX5Vk
7+HHUHwDBhqc4OIY4QGPW94QUtW08iqP1gCw9JxnAcIGan8Sq8UjmZUaQw4CLUHS
2ToZC07TvGwKvzK2xP6BjV1fhFtBhtXe4d9kZf0E9J/B/xFilyfzTO61imgPAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUvilKxIR/spyUdwQPH+SkGIYn/awwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA4NjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACSZwcD
BAGSZxQDBACSZxcwDQYJKoZIhvcNAQELBQADggEBAI/2Vp1eFpyyKh9e+affWRj0
5rxUQ0mi3VzvazGfoJf8TG1VjhzaICPE6yEG5oaERK0lcfqsAAkJ7uV1vRg+WcQl
kdTqoAYta3pdkdHxuNO3oyirDNoPBEZC+nE7uxgK68EPEiMiZ63vbX3HGx1JoDxw
ktLgoqoqG2LugQ9MCTKFl774MWJdyPwqZicI9Ezhdi6QHkGeh0n+JkXPkoH0jLId
dxvhqalq7XR14z76s/PFGD06FAXirGvhQKZt97TQh1tn7RMt/D9ltMi99IP6weeU
Rf5VYJgpvpKmSHMuLdw0+gAZAqWiqJdpON1tuFefk0dSNGXzupGeNW2Rvaj+Pm4=
-----END CERTIFICATE-----