Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20860.roa
File:                     AS20860.roa (raw, json)
Hash identifier:          7U8fULpYgi8CzBQj2FUM45ouA2qsaqQWh7BuTtFi1J4=
Subject key identifier:   CC:E1:40:B6:2B:EA:A8:73:B0:EC:DB:E9:4F:B9:7F:53:BA:AB:06:29
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4570054E385BECA6DC730428C378469289965122
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20860.roa
Signing time:             Mon 01 Sep 2025 12:57:26 +0000
ROA not before:           Mon 01 Sep 2025 12:52:26 +0000
ROA not after:            Mon 31 Aug 2026 12:57:26 +0000
asID:                     20860
IP address blocks:        146.103.7.0/24 maxlen: 24
                          146.103.20.0/24 maxlen: 24
                          146.103.21.0/24 maxlen: 24
                          146.103.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:70:05:4e:38:5b:ec:a6:dc:73:04:28:c3:78:46:92:89:96:51:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep  1 12:52:26 2025 GMT
            Not After : Aug 31 12:57:26 2026 GMT
        Subject: CN=CCE140B62BEAA873B0ECDBE94FB97F53BAAB0629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e5:4f:f9:3d:62:a9:83:5b:c3:aa:2b:ad:cd:
                    b1:fc:e1:f2:fb:8b:b0:f0:45:f7:31:db:49:34:f5:
                    06:b5:e9:84:db:de:8c:5c:c8:66:05:c6:45:05:a6:
                    d1:9a:ba:17:25:c2:d6:35:ae:f5:26:07:ad:b0:b4:
                    9a:d5:b5:94:8c:03:8a:a4:62:6c:7d:b8:4d:dd:5e:
                    f6:16:a7:c1:dc:6b:25:2c:6d:91:1e:cd:20:c6:ba:
                    0c:43:26:a0:8d:71:b2:d7:ed:22:c5:b1:5a:3e:22:
                    e0:6c:c7:f7:37:9d:6a:a9:ec:52:a9:2a:45:ca:e4:
                    46:6b:49:4b:07:c8:26:91:f5:4a:25:b5:50:2a:7f:
                    2d:d6:e4:bb:53:5c:d4:88:35:6d:a0:bf:9e:1c:d2:
                    db:eb:45:6c:43:d9:83:af:b0:d8:d3:92:b2:ce:64:
                    c9:9e:de:eb:18:b8:45:52:08:54:fd:2d:c8:a2:1b:
                    99:ff:de:61:55:59:34:72:bd:65:4a:d7:5e:f4:46:
                    59:e3:55:13:93:bc:ca:cd:da:5d:b0:23:2f:b2:5e:
                    8b:64:b8:77:26:72:2d:55:9b:7d:97:a2:2e:e0:90:
                    0a:07:3e:cf:a6:b6:18:c7:18:61:35:87:e4:1e:b7:
                    7e:cd:41:d3:6c:d6:4e:90:b2:fc:09:2e:cb:b3:ea:
                    a0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E1:40:B6:2B:EA:A8:73:B0:EC:DB:E9:4F:B9:7F:53:BA:AB:06:29
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20860.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.7.0/24
                  146.103.20.0/23
                  146.103.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:37:2f:23:0d:10:f5:ba:66:94:38:98:d1:17:49:89:c4:96:
         40:41:41:2a:6a:08:5a:09:ef:35:90:b8:5f:7d:16:3a:50:d3:
         52:7f:3f:04:8a:3e:85:bc:8b:0c:d3:66:ba:4a:61:04:90:92:
         b3:34:3f:cb:f5:66:b9:fb:b7:39:f9:2d:83:89:3b:79:2e:8f:
         8b:62:71:4d:93:24:c5:2f:a2:5b:f2:19:fe:1a:c9:3d:34:b9:
         22:04:00:66:ea:43:77:1c:1c:d6:4e:67:eb:95:89:57:20:53:
         40:9f:ff:2b:9b:09:af:8e:96:b3:49:c2:25:7d:f4:2d:bf:67:
         47:87:03:0b:c4:d7:1c:d0:85:08:ab:42:58:1a:a5:7e:79:7c:
         23:2a:f3:93:d6:77:de:47:3d:d3:9a:a2:18:46:62:7b:52:79:
         58:30:01:36:25:cb:92:ef:5e:20:d0:ec:30:91:fd:5c:c2:cf:
         bc:12:83:0c:6b:1e:5e:5f:6a:48:63:c4:bc:41:1b:6b:1b:26:
         44:89:f7:c1:98:e2:2b:95:26:74:5e:18:65:2b:b8:65:4e:e4:
         af:6c:11:18:8e:43:09:28:19:f7:7e:69:d4:2f:cf:0a:39:fd:
         d5:f8:52:8b:6e:66:60:fc:a9:46:d9:09:e2:41:0f:43:a5:e8:
         50:67:83:20
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIURXAFTjhb7KbccwQow3hGkomWUSIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDExMjUyMjZaFw0yNjA4MzExMjU3MjZaMDMxMTAvBgNV
BAMTKENDRTE0MEI2MkJFQUE4NzNCMEVDREJFOTRGQjk3RjUzQkFBQjA2MjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI5U/5PWKpg1vDqiutzbH84fL7
i7DwRfcx20k09Qa16YTb3oxcyGYFxkUFptGauhclwtY1rvUmB62wtJrVtZSMA4qk
Ymx9uE3dXvYWp8HcayUsbZEezSDGugxDJqCNcbLX7SLFsVo+IuBsx/c3nWqp7FKp
KkXK5EZrSUsHyCaR9UoltVAqfy3W5LtTXNSINW2gv54c0tvrRWxD2YOvsNjTkrLO
ZMme3usYuEVSCFT9LciiG5n/3mFVWTRyvWVK1170RlnjVROTvMrN2l2wIy+yXotk
uHcmci1Vm32Xoi7gkAoHPs+mthjHGGE1h+Qet37NQdNs1k6QsvwJLsuz6qDnAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUzOFAtivqqHOw7NvpT7l/U7qrBikwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA4NjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACSZwcD
BAGSZxQDBACSZxcwDQYJKoZIhvcNAQELBQADggEBAGA3LyMNEPW6ZpQ4mNEXSYnE
lkBBQSpqCFoJ7zWQuF99FjpQ01J/PwSKPoW8iwzTZrpKYQSQkrM0P8v1Zrn7tzn5
LYOJO3kuj4ticU2TJMUvolvyGf4ayT00uSIEAGbqQ3ccHNZOZ+uViVcgU0Cf/yub
Ca+OlrNJwiV99C2/Z0eHAwvE1xzQhQirQlgapX55fCMq85PWd95HPdOaohhGYntS
eVgwATYly5LvXiDQ7DCR/VzCz7wSgwxrHl5fakhjxLxBG2sbJkSJ98GY4iuVJnRe
GGUruGVO5K9sERiOQwkoGfd+adQvzwo5/dX4UotuZmD8qUbZCeJBD0Ol6FBngyA=
-----END CERTIFICATE-----