Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          ZMdTLK5A1VO4RYfYKzXBcyEmqbQyXwetxCg5k5Tv02w=
Subject key identifier:   D8:13:F5:FE:78:06:3B:9E:F4:D2:C4:61:11:94:9B:41:22:96:E4:91
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1BA34110CA40108285A07DE3DBC575A053A32136
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa
Signing time:             Sun 30 Mar 2025 20:57:49 +0000
ROA not before:           Sun 30 Mar 2025 20:52:49 +0000
ROA not after:            Sun 29 Mar 2026 20:57:49 +0000
asID:                     20473
IP address blocks:        193.25.207.0/24 maxlen: 24
                          193.164.1.0/24 maxlen: 24
                          194.104.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:a3:41:10:ca:40:10:82:85:a0:7d:e3:db:c5:75:a0:53:a3:21:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 30 20:52:49 2025 GMT
            Not After : Mar 29 20:57:49 2026 GMT
        Subject: CN=D813F5FE78063B9EF4D2C46111949B412296E491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:29:f6:b6:8a:67:2a:73:75:8b:66:a1:7d:90:
                    66:94:a4:a2:94:25:ac:fd:f1:f6:4b:c8:a3:3b:13:
                    15:0d:57:26:9f:6b:73:f1:f5:ac:12:19:3a:92:1d:
                    84:0a:e7:76:68:ec:38:20:bb:7b:7e:c2:51:84:c6:
                    3b:2f:65:10:19:70:00:cd:6c:46:28:66:ad:11:14:
                    6f:23:86:e2:24:e7:47:fe:4a:73:b1:ee:6f:62:87:
                    dd:91:62:6b:3e:3c:e7:01:0c:11:e7:62:78:53:c2:
                    2a:73:a9:3b:98:e3:84:ab:6e:d7:d2:b7:f7:ce:60:
                    07:55:00:b2:28:33:3e:d7:12:f7:63:dd:7f:7e:41:
                    35:9f:5d:20:9f:67:c1:2f:91:40:55:78:d2:b4:85:
                    5f:83:d3:24:df:83:3f:f1:6c:2b:14:48:74:d3:9c:
                    e5:f9:01:e5:1d:fe:07:d5:31:c1:87:ca:e8:6f:76:
                    d3:d5:55:f0:99:53:5d:e4:cf:a4:b1:d4:f8:0f:f9:
                    b2:bd:2f:ed:70:44:ec:51:80:8f:0a:5d:eb:9e:dd:
                    a6:fb:68:37:ac:55:d0:9f:f2:5f:d8:cb:e8:69:ad:
                    b4:9f:d5:77:f1:bb:8b:e3:91:5a:72:66:04:fd:93:
                    34:ae:e9:ea:87:6e:4d:78:ad:2c:30:c3:87:44:0e:
                    d1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:13:F5:FE:78:06:3B:9E:F4:D2:C4:61:11:94:9B:41:22:96:E4:91
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.207.0/24
                  193.164.1.0/24
                  194.104.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:91:67:ae:25:9d:49:02:9b:78:45:54:f1:f8:c2:57:5d:20:
         13:e4:64:0c:5c:31:7a:c1:e7:03:a4:bb:03:b3:cd:84:12:38:
         16:77:11:1a:cd:37:e7:1f:06:54:ef:12:e5:b1:8c:6a:56:1b:
         5c:6d:ee:e1:0d:c6:2e:1a:9b:32:e9:f5:5b:09:cf:52:61:b1:
         85:3f:1f:0c:79:eb:3e:84:08:0f:9c:f2:21:24:3b:2d:45:14:
         95:3c:23:8e:cd:ed:45:31:c0:4a:c0:08:25:15:20:10:7e:35:
         de:80:6c:c5:59:9e:90:e1:5e:01:b5:7e:08:a0:fa:3b:54:3e:
         36:f5:e5:ea:56:b5:4e:cf:fe:e3:87:8a:02:26:af:95:ab:b4:
         d0:24:09:92:76:60:1e:1d:0b:45:63:d3:1c:14:7e:ac:a4:91:
         a1:5e:7f:f0:83:d9:3e:6a:5b:2c:dd:d7:53:ff:e2:a2:58:6e:
         cf:ac:13:59:a9:1d:c8:5e:a8:a2:c3:4c:16:bf:7b:90:cd:80:
         16:90:01:8e:db:54:d1:73:a7:fb:59:be:29:d8:9e:51:38:e0:
         37:32:ca:8b:22:4b:22:48:06:3f:53:53:12:37:6a:e6:42:09:
         4f:84:cd:45:63:66:37:99:7f:8f:3e:ba:c5:5b:fd:3c:4b:e0:
         1e:b2:8b:b8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUG6NBEMpAEIKFoH3j28V1oFOjITYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAzMzAyMDUyNDlaFw0yNjAzMjkyMDU3NDlaMDMxMTAvBgNV
BAMTKEQ4MTNGNUZFNzgwNjNCOUVGNEQyQzQ2MTExOTQ5QjQxMjI5NkU0OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Kfa2imcqc3WLZqF9kGaUpKKU
Jaz98fZLyKM7ExUNVyafa3Px9awSGTqSHYQK53Zo7Dggu3t+wlGExjsvZRAZcADN
bEYoZq0RFG8jhuIk50f+SnOx7m9ih92RYms+POcBDBHnYnhTwipzqTuY44SrbtfS
t/fOYAdVALIoMz7XEvdj3X9+QTWfXSCfZ8EvkUBVeNK0hV+D0yTfgz/xbCsUSHTT
nOX5AeUd/gfVMcGHyuhvdtPVVfCZU13kz6Sx1PgP+bK9L+1wROxRgI8KXeue3ab7
aDesVdCf8l/Yy+hprbSf1Xfxu4vjkVpyZgT9kzSu6eqHbk14rSwww4dEDtF9AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU2BP1/ngGO5700sRhEZSbQSKW5JEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBADBGc8D
BADBpAEDBADCaJ4wDQYJKoZIhvcNAQELBQADggEBABKRZ64lnUkCm3hFVPH4wldd
IBPkZAxcMXrB5wOkuwOzzYQSOBZ3ERrNN+cfBlTvEuWxjGpWG1xt7uENxi4amzLp
9VsJz1JhsYU/Hwx56z6ECA+c8iEkOy1FFJU8I47N7UUxwErACCUVIBB+Nd6AbMVZ
npDhXgG1fgig+jtUPjb15epWtU7P/uOHigImr5WrtNAkCZJ2YB4dC0Vj0xwUfqyk
kaFef/CD2T5qWyzd11P/4qJYbs+sE1mpHcheqKLDTBa/e5DNgBaQAY7bVNFzp/tZ
vinYnlE44DcyyosiSyJIBj9TUxI3auZCCU+EzUVjZjeZf48+usVb/TxL4B6yi7g=
-----END CERTIFICATE-----