Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54203.roa
File:                     AS54203.roa (raw, json)
Hash identifier:          ajif+mJzbOtNRZbgR/5FFQCE0Z8TNCusGkwoe0ssqsU=
Subject key identifier:   B3:32:41:7A:86:F7:5A:C9:4E:E3:71:DE:94:99:8B:45:8A:63:81:B9
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       783DDCC99A7EA29B54ADD4DE90652ECDE75118B9
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54203.roa
Signing time:             Fri 29 May 2026 18:54:03 +0000
ROA not before:           Fri 29 May 2026 18:49:03 +0000
ROA not after:            Fri 28 May 2027 18:54:03 +0000
asID:                     54203
IP address blocks:        167.148.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:3d:dc:c9:9a:7e:a2:9b:54:ad:d4:de:90:65:2e:cd:e7:51:18:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 29 18:49:03 2026 GMT
            Not After : May 28 18:54:03 2027 GMT
        Subject: CN=B332417A86F75AC94EE371DE94998B458A6381B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:f4:ac:29:3d:de:8d:7c:2b:81:f0:ad:2d:84:
                    e8:68:24:f9:63:33:b9:10:d0:50:43:7e:26:b4:86:
                    07:8d:5b:e8:30:b5:97:2a:ef:b7:bc:0f:81:23:44:
                    cc:3c:96:f0:e9:8d:51:f6:ef:d8:bb:10:6f:a7:a0:
                    64:13:1f:a0:d0:54:32:8a:c8:c2:38:b6:d8:f7:2e:
                    f2:88:a6:7e:9f:6e:33:21:59:bd:6d:87:6b:40:ab:
                    b9:f2:26:34:08:97:ec:5d:fc:1e:94:ea:71:70:d1:
                    90:4c:64:53:ab:8e:a1:07:d6:d6:47:89:08:31:d6:
                    bb:08:80:71:3b:c2:54:25:49:39:47:ef:9f:0d:68:
                    01:aa:83:02:e4:95:41:bc:22:2f:c1:82:42:3d:27:
                    4a:e3:5c:9b:d9:62:36:67:d5:6b:cb:34:39:e6:62:
                    f1:67:3f:3e:20:cf:62:92:22:13:9e:26:e6:85:19:
                    1a:9a:a0:b2:11:cc:67:60:7f:39:a3:85:0c:b8:58:
                    cf:a9:2a:05:26:d8:fa:43:d4:90:39:fa:a8:30:8d:
                    28:d4:ea:1e:88:54:e1:e9:90:b5:b5:6c:b2:45:29:
                    a2:f9:92:99:47:7b:28:6f:a7:ec:0a:de:b7:08:f4:
                    a2:7a:1d:ef:23:2e:3f:53:7c:83:ca:75:3f:e3:cd:
                    71:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:32:41:7A:86:F7:5A:C9:4E:E3:71:DE:94:99:8B:45:8A:63:81:B9
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54203.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:5e:88:58:54:54:01:2c:9e:3f:ad:38:cf:94:d2:da:0c:23:
         e5:29:04:88:03:34:a3:76:47:6b:ef:6e:c3:b7:75:7b:92:a7:
         d8:09:a3:6b:89:45:a7:b6:07:cc:a8:03:03:f7:c5:a6:15:7d:
         39:26:7a:ad:c7:84:43:59:c1:a3:42:d5:ab:fd:3c:d4:2f:84:
         d7:22:12:4a:40:0e:93:81:92:6a:43:8c:d7:50:9d:8d:78:23:
         4c:fb:8e:d1:f3:49:ca:ab:f7:e5:6b:c9:73:c1:43:cb:f2:0e:
         46:de:75:79:92:29:cb:ad:a0:bd:ff:b2:11:05:f9:14:22:03:
         b7:74:33:3b:c6:0a:41:12:5f:6c:de:b8:89:12:a3:84:da:e7:
         cc:04:1a:4e:09:58:e8:b2:bc:07:67:89:96:b4:15:f2:b2:26:
         a5:85:5a:02:e0:4c:ff:dd:bb:31:e8:64:b7:eb:26:09:74:34:
         73:24:c9:b5:5a:bf:23:e9:24:bf:07:5f:fa:ea:c5:f2:e9:b9:
         c2:4d:a9:ea:69:28:c8:1d:04:58:9f:af:e1:3b:33:a3:df:cc:
         4e:7c:86:c0:90:97:57:01:0e:b7:03:1e:41:e8:b3:63:b1:38:
         06:e6:01:90:6c:72:a8:53:6e:c7:96:7f:ca:de:ce:57:fa:d2:
         d9:b8:22:f3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeD3cyZp+optUrdTekGUuzedRGLkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjkxODQ5MDNaFw0yNzA1MjgxODU0MDNaMDMxMTAvBgNV
BAMTKEIzMzI0MTdBODZGNzVBQzk0RUUzNzFERTk0OTk4QjQ1OEE2MzgxQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD+9KwpPd6NfCuB8K0thOhoJPlj
M7kQ0FBDfia0hgeNW+gwtZcq77e8D4EjRMw8lvDpjVH279i7EG+noGQTH6DQVDKK
yMI4ttj3LvKIpn6fbjMhWb1th2tAq7nyJjQIl+xd/B6U6nFw0ZBMZFOrjqEH1tZH
iQgx1rsIgHE7wlQlSTlH758NaAGqgwLklUG8Ii/BgkI9J0rjXJvZYjZn1WvLNDnm
YvFnPz4gz2KSIhOeJuaFGRqaoLIRzGdgfzmjhQy4WM+pKgUm2PpD1JA5+qgwjSjU
6h6IVOHpkLW1bLJFKaL5kplHeyhvp+wK3rcI9KJ6He8jLj9TfIPKdT/jzXFpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUszJBeob3WslO43HelJmLRYpjgbkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTQyMDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACnlC4w
DQYJKoZIhvcNAQELBQADggEBADJeiFhUVAEsnj+tOM+U0toMI+UpBIgDNKN2R2vv
bsO3dXuSp9gJo2uJRae2B8yoAwP3xaYVfTkmeq3HhENZwaNC1av9PNQvhNciEkpA
DpOBkmpDjNdQnY14I0z7jtHzScqr9+VryXPBQ8vyDkbedXmSKcutoL3/shEF+RQi
A7d0MzvGCkESX2zeuIkSo4Ta58wEGk4JWOiyvAdniZa0FfKyJqWFWgLgTP/duzHo
ZLfrJgl0NHMkybVavyPpJL8HX/rqxfLpucJNqeppKMgdBFifr+E7M6PfzE58hsCQ
l1cBDrcDHkHos2OxOAbmAZBscqhTbseWf8rezlf60tm4IvM=
-----END CERTIFICATE-----