Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS202792.roa
File:                     AS202792.roa (raw, json)
Hash identifier:          F84leg6XuCtlIu4gjAuzfkOIF9el3TGDiIGiwrVr5tA=
Subject key identifier:   CA:EA:E0:4A:9B:51:16:94:6E:F5:AC:9D:E1:18:34:02:7D:A8:45:0E
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       29A63EB3DFB0F7DC6FCB2D90E652E994CCA795F1
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS202792.roa
Signing time:             Wed 20 May 2026 08:09:22 +0000
ROA not before:           Wed 20 May 2026 08:04:22 +0000
ROA not after:            Wed 19 May 2027 08:09:22 +0000
asID:                     202792
IP address blocks:        51.241.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:a6:3e:b3:df:b0:f7:dc:6f:cb:2d:90:e6:52:e9:94:cc:a7:95:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: May 20 08:04:22 2026 GMT
            Not After : May 19 08:09:22 2027 GMT
        Subject: CN=CAEAE04A9B5116946EF5AC9DE11834027DA8450E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:bd:f7:68:5c:03:b1:42:a2:b8:11:79:d5:a2:
                    fe:11:55:d5:e3:d5:e7:1f:c4:9a:e8:60:b2:e2:67:
                    5a:8e:a2:27:33:6f:72:96:8c:fa:ca:1c:a0:ee:3e:
                    ac:07:c7:3a:9c:62:c4:17:4b:bc:9a:a7:77:b2:0b:
                    2f:97:57:79:40:03:c9:98:b2:7a:bf:ee:46:b9:98:
                    c9:57:92:a3:f9:8b:f0:92:00:98:b8:ed:7e:e3:f7:
                    ec:43:ff:c4:91:f3:c7:3e:db:25:96:68:a1:ac:c0:
                    f8:8a:51:a6:d6:45:18:13:8f:7e:91:49:2b:a4:a3:
                    01:72:c2:a1:fa:d4:8c:59:e4:61:06:67:14:ff:19:
                    7d:c7:39:57:70:a7:c4:f6:e9:c9:72:b0:a2:76:50:
                    87:9d:7d:e5:ed:db:35:aa:57:d5:c4:16:66:0f:d6:
                    35:11:1c:c7:c2:75:d7:4e:61:91:58:4f:7f:98:c0:
                    b3:6a:ae:6a:d0:76:dc:e8:de:53:2f:94:70:16:40:
                    80:e2:a0:1a:d9:19:64:8e:35:bf:55:1e:15:71:26:
                    b2:a6:b4:4c:d5:23:cf:45:05:4b:05:0f:e5:70:b5:
                    21:a2:46:6b:c7:d6:85:6a:e6:80:de:dd:bc:43:9c:
                    6b:7b:38:75:a3:a9:74:4d:06:05:a5:21:47:b6:e4:
                    ad:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EA:E0:4A:9B:51:16:94:6E:F5:AC:9D:E1:18:34:02:7D:A8:45:0E
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS202792.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.241.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:1c:67:17:0c:d3:9d:b0:0c:1b:01:6c:fa:fc:31:04:be:2d:
         c6:ab:6e:be:55:73:f8:cd:38:98:d3:5a:69:99:b5:2e:22:0c:
         72:33:64:7f:09:10:94:c3:59:4d:a5:13:b6:29:cf:7a:5f:83:
         fa:30:f6:b9:4f:5f:8f:11:ab:28:14:d1:9a:f9:8a:a7:86:25:
         38:cb:98:45:38:20:d4:d3:49:6b:a5:00:12:0d:ca:82:aa:c9:
         a7:3b:06:32:53:23:59:ff:e9:62:7f:ea:c9:a2:4d:2b:d6:0c:
         93:ac:07:79:4f:dd:47:b1:d4:84:53:49:f6:a9:16:94:27:42:
         1c:26:8d:14:97:72:63:13:88:24:b4:2c:6e:ba:b2:a7:1e:a8:
         c5:79:fb:54:da:d5:21:25:07:11:96:8f:43:93:ad:6f:c9:7e:
         6c:b7:d6:44:e6:6a:22:99:b2:83:7d:93:ef:4f:07:0f:a6:12:
         87:d9:80:29:d3:3b:42:87:a6:7f:19:2e:0c:e1:a6:1b:90:a0:
         a5:b7:15:6f:9c:f2:a6:3c:9f:61:16:74:fd:25:fa:fd:91:12:
         34:6a:1f:8a:ed:12:7e:59:78:c0:80:98:be:cd:83:0e:27:9f:
         2c:b4:16:7b:fb:1c:da:c8:50:cc:5f:83:8e:8f:5d:98:46:f5:
         aa:58:38:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKaY+s9+w99xvyy2Q5lLplMynlfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MjAwODA0MjJaFw0yNzA1MTkwODA5MjJaMDMxMTAvBgNV
BAMTKENBRUFFMDRBOUI1MTE2OTQ2RUY1QUM5REUxMTgzNDAyN0RBODQ1MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpvfdoXAOxQqK4EXnVov4RVdXj
1ecfxJroYLLiZ1qOoiczb3KWjPrKHKDuPqwHxzqcYsQXS7yap3eyCy+XV3lAA8mY
snq/7ka5mMlXkqP5i/CSAJi47X7j9+xD/8SR88c+2yWWaKGswPiKUabWRRgTj36R
SSukowFywqH61IxZ5GEGZxT/GX3HOVdwp8T26clysKJ2UIedfeXt2zWqV9XEFmYP
1jURHMfCdddOYZFYT3+YwLNqrmrQdtzo3lMvlHAWQIDioBrZGWSONb9VHhVxJrKm
tEzVI89FBUsFD+VwtSGiRmvH1oVq5oDe3bxDnGt7OHWjqXRNBgWlIUe25K0PAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyurgSptRFpRu9ayd4Rg0An2oRQ4wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjAyNzkyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAM/GU
MA0GCSqGSIb3DQEBCwUAA4IBAQAYHGcXDNOdsAwbAWz6/DEEvi3Gq26+VXP4zTiY
01ppmbUuIgxyM2R/CRCUw1lNpRO2Kc96X4P6MPa5T1+PEasoFNGa+YqnhiU4y5hF
OCDU00lrpQASDcqCqsmnOwYyUyNZ/+lif+rJok0r1gyTrAd5T91HsdSEU0n2qRaU
J0IcJo0Ul3JjE4gktCxuurKnHqjFeftU2tUhJQcRlo9Dk61vyX5st9ZE5moimbKD
fZPvTwcPphKH2YAp0ztCh6Z/GS4M4aYbkKCltxVvnPKmPJ9hFnT9Jfr9kRI0ah+K
7RJ+WXjAgJi+zYMOJ58stBZ7+xzayFDMX4OOj12YRvWqWDht
-----END CERTIFICATE-----