Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          yAPgL6zEkcl3fpzrKtKYKOD8gdEsyferUzLVRW6pNqM=
Subject key identifier:   24:E0:09:B0:72:1D:A2:DF:1C:F9:90:4A:9E:CF:F6:F0:FA:44:A3:F6
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       57CCDC5FDBC67FD2A0C6F455633EFB37D8520DB1
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa
Signing time:             Thu 05 Feb 2026 00:01:40 +0000
ROA not before:           Wed 04 Feb 2026 23:56:40 +0000
ROA not after:            Thu 04 Feb 2027 00:01:40 +0000
asID:                     20473
IP address blocks:        193.25.207.0/24 maxlen: 24
                          194.104.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 15:25:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:cc:dc:5f:db:c6:7f:d2:a0:c6:f4:55:63:3e:fb:37:d8:52:0d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb  4 23:56:40 2026 GMT
            Not After : Feb  4 00:01:40 2027 GMT
        Subject: CN=24E009B0721DA2DF1CF9904A9ECFF6F0FA44A3F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ef:e6:13:6e:4b:60:06:74:66:93:a6:8a:99:
                    08:e3:57:ee:07:30:4b:7f:19:df:8b:f0:9e:54:40:
                    b8:59:44:bc:f4:3c:77:ec:50:fd:f4:2e:87:e4:b4:
                    4e:bb:1d:cb:b3:c5:81:35:cd:f0:35:81:db:fc:56:
                    b1:ed:35:b3:7f:6f:fc:a0:a0:1f:97:c8:ca:91:56:
                    8a:b5:a1:6c:06:3c:6f:82:a6:df:66:e1:4c:65:e2:
                    32:5e:d6:30:5a:b3:1b:e5:b4:5b:1a:7f:e1:fd:29:
                    26:93:b7:5e:9d:18:4c:15:a5:6c:74:32:7c:c7:50:
                    bb:a2:b0:ac:80:5e:2e:34:10:09:6c:29:b8:b6:c0:
                    74:8d:c6:4a:d8:10:f6:95:6e:fe:f1:28:ac:47:22:
                    50:6e:9e:6a:dd:13:19:d2:74:dc:f0:15:85:50:51:
                    04:81:ee:9b:f2:12:2a:a3:a1:a0:07:22:b5:df:95:
                    bf:dc:66:c5:63:04:d8:22:4a:ee:c5:c1:46:45:e3:
                    8f:d3:d8:23:88:8f:ba:3c:55:5b:07:ed:ed:90:90:
                    1b:1c:83:bd:fe:d3:71:5e:90:b9:a5:7b:a7:f3:1a:
                    b6:6d:e4:8b:4e:ee:ba:43:15:59:6a:bf:34:c1:8d:
                    ab:c0:27:ad:8d:ba:6b:5d:56:35:48:37:0f:34:ee:
                    29:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E0:09:B0:72:1D:A2:DF:1C:F9:90:4A:9E:CF:F6:F0:FA:44:A3:F6
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.207.0/24
                  194.104.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:b4:84:7a:43:b0:de:04:95:79:18:33:6e:14:5a:f4:dd:c4:
         18:57:a4:16:ff:bc:f6:d3:43:1e:7e:8f:7a:80:4a:96:b8:3a:
         06:fa:13:57:5c:9b:a8:0d:71:aa:a8:92:d6:e5:d2:a7:7b:24:
         57:f7:0a:14:0b:c9:46:20:75:7a:ef:6b:ec:64:ea:64:ea:e4:
         ae:40:38:f6:83:96:13:9f:67:2b:07:56:b8:9c:89:a5:8e:41:
         ed:af:77:ca:93:fe:94:5f:9f:94:bb:68:4d:e3:8e:20:6c:3a:
         b3:dc:da:a0:ee:fb:fe:d6:ff:07:fe:b1:fe:38:64:f8:37:f7:
         9a:36:fb:47:c3:c9:16:5a:5d:fe:db:cf:b5:39:6a:35:95:8e:
         46:1e:4e:ab:de:e5:c4:f5:ff:da:0b:87:5b:7e:6d:10:14:ca:
         48:95:c1:3c:61:4a:e4:e8:5b:37:90:04:13:64:cd:61:9d:09:
         0d:39:36:74:f8:a8:5c:34:e4:73:b1:11:6b:fc:0a:14:f4:09:
         05:18:d3:6b:62:9a:5f:5a:a2:01:55:b0:48:b1:c1:f9:db:6e:
         0d:be:8b:e3:65:13:54:ae:f4:ef:0e:d6:35:07:15:b6:65:e5:
         60:c0:9c:15:4d:f6:a2:3c:5a:88:fc:b9:ec:f6:95:47:0e:af:
         93:32:d1:f8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUV8zcX9vGf9KgxvRVYz77N9hSDbEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAyMDQyMzU2NDBaFw0yNzAyMDQwMDAxNDBaMDMxMTAvBgNV
BAMTKDI0RTAwOUIwNzIxREEyREYxQ0Y5OTA0QTlFQ0ZGNkYwRkE0NEEzRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB7+YTbktgBnRmk6aKmQjjV+4H
MEt/Gd+L8J5UQLhZRLz0PHfsUP30LofktE67HcuzxYE1zfA1gdv8VrHtNbN/b/yg
oB+XyMqRVoq1oWwGPG+Cpt9m4Uxl4jJe1jBasxvltFsaf+H9KSaTt16dGEwVpWx0
MnzHULuisKyAXi40EAlsKbi2wHSNxkrYEPaVbv7xKKxHIlBunmrdExnSdNzwFYVQ
UQSB7pvyEiqjoaAHIrXflb/cZsVjBNgiSu7FwUZF44/T2COIj7o8VVsH7e2QkBsc
g73+03FekLmle6fzGrZt5ItO7rpDFVlqvzTBjavAJ62NumtdVjVINw807ik7AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUJOAJsHIdot8c+ZBKns/28PpEo/YwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBADBGc8D
BADCaJ4wDQYJKoZIhvcNAQELBQADggEBALu0hHpDsN4ElXkYM24UWvTdxBhXpBb/
vPbTQx5+j3qASpa4Ogb6E1dcm6gNcaqoktbl0qd7JFf3ChQLyUYgdXrva+xk6mTq
5K5AOPaDlhOfZysHVriciaWOQe2vd8qT/pRfn5S7aE3jjiBsOrPc2qDu+/7W/wf+
sf44ZPg395o2+0fDyRZaXf7bz7U5ajWVjkYeTqve5cT1/9oLh1t+bRAUykiVwTxh
SuToWzeQBBNkzWGdCQ05NnT4qFw05HOxEWv8ChT0CQUY02timl9aogFVsEixwfnb
bg2+i+NlE1Su9O8O1jUHFbZl5WDAnBVN9qI8Woj8uez2lUcOr5My0fg=
-----END CERTIFICATE-----