Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          Xd++ODFeNs8oOH3u+/orgHf/LLFqbzDWdn5yjFPNKV0=
Subject key identifier:   0A:BE:9D:33:FD:96:5B:8B:9B:7F:EA:A5:20:E3:29:7A:BD:D7:72:8A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2C56EC9C5B386F7ADCCCAE2BA688CB7D211D964E
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa
Signing time:             Mon 08 Sep 2025 12:29:15 +0000
ROA not before:           Mon 08 Sep 2025 12:24:15 +0000
ROA not after:            Mon 07 Sep 2026 12:29:15 +0000
asID:                     20473
IP address blocks:        193.25.207.0/24 maxlen: 24
                          193.164.1.0/24 maxlen: 24
                          194.104.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 13:49:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:56:ec:9c:5b:38:6f:7a:dc:cc:ae:2b:a6:88:cb:7d:21:1d:96:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep  8 12:24:15 2025 GMT
            Not After : Sep  7 12:29:15 2026 GMT
        Subject: CN=0ABE9D33FD965B8B9B7FEAA520E3297ABDD7728A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ae:70:fd:7a:3c:cb:d1:03:34:70:17:42:3c:
                    5d:9d:81:2b:31:41:f4:63:39:f3:6d:aa:1b:c0:3b:
                    82:1d:26:17:53:14:6f:a4:0f:0f:58:79:f8:67:fc:
                    c4:64:7c:57:bd:f4:68:05:5d:e0:0e:7e:f2:90:fb:
                    10:88:c6:eb:cb:e9:17:32:f8:7b:fc:84:33:a1:b3:
                    c1:d7:c5:8b:74:7c:1c:55:2b:f2:91:33:a4:d9:02:
                    7e:bd:35:68:d5:6f:d2:a5:d8:ae:f9:fa:be:1e:1c:
                    8e:3e:25:64:4d:47:e7:ab:f9:ec:b1:61:c4:0f:40:
                    bb:50:ce:ce:41:49:22:2f:bf:e1:64:1a:cb:73:85:
                    f3:07:1d:5c:5e:30:19:43:53:8a:09:57:46:a2:ab:
                    cb:f0:95:e8:8c:b6:38:8b:42:d2:3d:6e:35:4f:d7:
                    66:5e:0e:0c:35:b6:81:9b:4e:ab:0e:00:d6:1b:6c:
                    ad:86:4d:f4:41:59:5a:a3:e4:72:54:ab:71:a6:3a:
                    fd:4c:ff:43:c1:73:e6:7c:1b:ed:95:0e:12:42:be:
                    ec:44:64:15:6d:01:2a:29:8a:1b:ee:38:1a:03:cd:
                    dc:6b:77:a2:91:38:f9:8e:e5:0d:1e:be:0e:7c:1f:
                    10:61:c6:dd:56:16:d8:11:66:0d:27:bf:46:16:f6:
                    bd:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:BE:9D:33:FD:96:5B:8B:9B:7F:EA:A5:20:E3:29:7A:BD:D7:72:8A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.207.0/24
                  193.164.1.0/24
                  194.104.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:c5:b9:a3:20:79:4f:f1:69:0a:55:33:6b:15:7f:96:97:e3:
         0c:8a:70:9f:43:99:eb:27:ed:4e:d4:c4:23:ae:26:c8:d0:54:
         57:df:20:8d:38:f8:d5:17:ab:fd:96:a7:88:1a:ac:07:ab:88:
         d8:36:fe:b7:e1:a8:dd:c3:83:e0:19:cb:a1:99:0c:69:c7:fa:
         99:70:45:21:39:02:10:8d:31:47:25:bd:b8:1d:a3:bf:38:e8:
         27:3e:49:7a:9c:7f:48:1d:15:28:b7:fe:56:fe:b9:da:d2:5f:
         e1:6b:1c:a2:f9:67:fe:54:7e:e7:f3:33:55:b9:be:97:ea:fb:
         ac:b7:f3:bf:55:2e:4f:c7:f1:b2:da:51:ac:d8:66:e6:b3:72:
         f3:b9:cf:51:00:17:9d:0d:53:dc:06:56:a0:a4:5b:95:1d:07:
         10:70:ce:12:f1:91:cc:f9:03:ab:bf:f0:37:14:6f:49:ab:64:
         d8:2c:20:88:9a:c0:fe:c4:e3:a1:9c:4a:d7:52:ed:a6:63:5e:
         8a:23:6e:b0:f8:3b:f5:14:ba:e2:4b:bf:5e:58:37:21:37:63:
         02:80:0f:9c:5b:1d:63:a1:94:c1:ef:ec:e7:87:b0:cd:de:68:
         07:27:6a:42:fd:e8:2f:d8:b2:01:dd:cd:39:f2:a2:e6:73:3e:
         b4:6b:fb:c1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIULFbsnFs4b3rczK4rpojLfSEdlk4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA5MDgxMjI0MTVaFw0yNjA5MDcxMjI5MTVaMDMxMTAvBgNV
BAMTKDBBQkU5RDMzRkQ5NjVCOEI5QjdGRUFBNTIwRTMyOTdBQkRENzcyOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJrnD9ejzL0QM0cBdCPF2dgSsx
QfRjOfNtqhvAO4IdJhdTFG+kDw9Yefhn/MRkfFe99GgFXeAOfvKQ+xCIxuvL6Rcy
+Hv8hDOhs8HXxYt0fBxVK/KRM6TZAn69NWjVb9Kl2K75+r4eHI4+JWRNR+er+eyx
YcQPQLtQzs5BSSIvv+FkGstzhfMHHVxeMBlDU4oJV0aiq8vwleiMtjiLQtI9bjVP
12ZeDgw1toGbTqsOANYbbK2GTfRBWVqj5HJUq3GmOv1M/0PBc+Z8G+2VDhJCvuxE
ZBVtASopihvuOBoDzdxrd6KROPmO5Q0evg58HxBhxt1WFtgRZg0nv0YW9r0nAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUCr6dM/2WW4ubf+qlIOMper3XcoowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBADBGc8D
BADBpAEDBADCaJ4wDQYJKoZIhvcNAQELBQADggEBAAXFuaMgeU/xaQpVM2sVf5aX
4wyKcJ9Dmesn7U7UxCOuJsjQVFffII04+NUXq/2Wp4garAeriNg2/rfhqN3Dg+AZ
y6GZDGnH+plwRSE5AhCNMUclvbgdo7846Cc+SXqcf0gdFSi3/lb+udrSX+FrHKL5
Z/5UfufzM1W5vpfq+6y3879VLk/H8bLaUazYZuazcvO5z1EAF50NU9wGVqCkW5Ud
BxBwzhLxkcz5A6u/8DcUb0mrZNgsIIiawP7E46GcStdS7aZjXoojbrD4O/UUuuJL
v15YNyE3YwKAD5xbHWOhlMHv7OeHsM3eaAcnakL96C/YsgHdzTnyouZzPrRr+8E=
-----END CERTIFICATE-----