Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203113.roa
File:                     AS203113.roa (raw, json)
Hash identifier:          mJtu3RQK5ph7pIKwrovdEgVL45e0WmZnLppdYO7/jl8=
Subject key identifier:   42:39:2A:01:7F:DA:BD:A3:6A:9C:37:F9:65:D0:B9:5E:AE:63:A3:4C
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       24F9FA697E9EAB54A80A4EEAAB3F842A2E856A9E
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203113.roa
Signing time:             Tue 26 May 2026 09:08:37 +0000
ROA not before:           Tue 26 May 2026 09:03:37 +0000
ROA not after:            Tue 25 May 2027 09:08:37 +0000
asID:                     203113
IP address blocks:        51.146.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:f9:fa:69:7e:9e:ab:54:a8:0a:4e:ea:ab:3f:84:2a:2e:85:6a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: May 26 09:03:37 2026 GMT
            Not After : May 25 09:08:37 2027 GMT
        Subject: CN=42392A017FDABDA36A9C37F965D0B95EAE63A34C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1c:cb:8c:28:15:9e:6a:49:50:09:86:fc:6d:
                    05:a1:cf:42:2a:05:9f:4e:4b:bf:9d:05:8f:6d:e4:
                    0f:3b:28:ad:27:23:42:74:41:46:77:ec:0c:36:5a:
                    62:08:b5:71:0a:50:70:cc:0c:8a:eb:af:64:d8:40:
                    a4:7c:31:88:fb:a0:db:f5:25:db:92:3a:ea:cf:1b:
                    53:ee:46:3d:e9:9f:3e:dc:84:d9:2b:3f:37:a2:85:
                    b0:4a:60:d5:d8:92:50:70:4b:c5:84:67:48:02:50:
                    fd:d3:d5:33:03:fb:c1:92:c1:43:7c:96:6b:d9:de:
                    a2:e0:25:14:a9:2c:6b:23:b6:a6:44:88:ab:af:2a:
                    58:24:c9:76:f9:15:ae:ee:3b:48:22:86:33:8f:c9:
                    fa:d5:2b:9c:b9:40:2a:91:6e:f7:84:8f:ec:1a:5f:
                    36:73:2e:89:d7:a1:61:c8:1d:b2:54:30:c3:71:ca:
                    10:4a:47:ef:ae:10:3b:85:bf:5b:c4:37:25:51:68:
                    d8:13:13:2d:59:dc:97:ba:3b:5e:2b:e4:95:72:4c:
                    c5:b0:05:73:fc:da:97:b2:fd:8d:ec:28:1a:1f:c1:
                    63:bb:69:f9:f1:f5:78:13:b3:11:a9:71:13:8b:b3:
                    df:d3:cc:1e:3e:82:87:a0:41:27:cb:c8:bc:62:47:
                    24:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:39:2A:01:7F:DA:BD:A3:6A:9C:37:F9:65:D0:B9:5E:AE:63:A3:4C
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203113.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:3e:56:cf:32:cc:3a:e7:c5:95:61:4b:19:40:f6:02:d5:78:
         1c:55:ce:3a:48:0f:f3:eb:17:cc:e1:2b:cb:55:95:57:4e:42:
         b3:63:41:66:a0:d3:13:f1:24:91:c2:76:47:32:83:47:c5:2d:
         d4:a5:5d:42:ea:a9:20:36:8c:aa:23:a1:56:3d:17:ee:10:c5:
         e1:36:65:30:4a:37:65:b1:35:6b:a6:4d:32:56:c8:d1:81:61:
         1b:9e:6b:ec:1c:59:41:f7:38:c2:4d:27:66:9c:e7:e9:45:40:
         77:4d:a1:b8:f4:db:aa:22:75:39:5d:e1:33:3e:21:75:1f:53:
         35:72:b1:22:2e:b0:b7:2e:fa:a8:cd:9b:6b:f9:14:ea:0b:2c:
         c1:60:25:d0:e7:fd:d4:89:af:d6:0e:2c:95:c9:8d:de:c5:e4:
         97:71:a9:4c:f1:5d:47:e3:ef:4b:71:f6:90:93:03:45:bb:a3:
         c2:dc:48:16:21:35:95:7f:f0:19:b3:b3:aa:b8:c1:06:92:e1:
         96:88:80:8e:b6:b1:50:89:5d:5e:4a:84:2a:00:46:ef:6c:18:
         c6:04:48:de:40:94:b7:f0:a4:f2:d5:10:e7:02:40:e5:27:37:
         f8:3a:bf:cf:85:11:8e:a0:06:3b:b3:d1:9b:81:7f:5f:c4:51:
         e0:40:06:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJPn6aX6eq1SoCk7qqz+EKi6Fap4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MjYwOTAzMzdaFw0yNzA1MjUwOTA4MzdaMDMxMTAvBgNV
BAMTKDQyMzkyQTAxN0ZEQUJEQTM2QTlDMzdGOTY1RDBCOTVFQUU2M0EzNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2HMuMKBWeaklQCYb8bQWhz0Iq
BZ9OS7+dBY9t5A87KK0nI0J0QUZ37Aw2WmIItXEKUHDMDIrrr2TYQKR8MYj7oNv1
JduSOurPG1PuRj3pnz7chNkrPzeihbBKYNXYklBwS8WEZ0gCUP3T1TMD+8GSwUN8
lmvZ3qLgJRSpLGsjtqZEiKuvKlgkyXb5Fa7uO0gihjOPyfrVK5y5QCqRbveEj+wa
XzZzLonXoWHIHbJUMMNxyhBKR++uEDuFv1vENyVRaNgTEy1Z3Je6O14r5JVyTMWw
BXP82pey/Y3sKBofwWO7afnx9XgTsxGpcROLs9/TzB4+goegQSfLyLxiRyRzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQjkqAX/avaNqnDf5ZdC5Xq5jo0wwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjAzMTEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAM5IH
MA0GCSqGSIb3DQEBCwUAA4IBAQA8PlbPMsw658WVYUsZQPYC1XgcVc46SA/z6xfM
4SvLVZVXTkKzY0FmoNMT8SSRwnZHMoNHxS3UpV1C6qkgNoyqI6FWPRfuEMXhNmUw
SjdlsTVrpk0yVsjRgWEbnmvsHFlB9zjCTSdmnOfpRUB3TaG49NuqInU5XeEzPiF1
H1M1crEiLrC3LvqozZtr+RTqCyzBYCXQ5/3Uia/WDiyVyY3exeSXcalM8V1H4+9L
cfaQkwNFu6PC3EgWITWVf/AZs7OquMEGkuGWiICOtrFQiV1eSoQqAEbvbBjGBEje
QJS38KTy1RDnAkDlJzf4Or/PhRGOoAY7s9GbgX9fxFHgQAZe
-----END CERTIFICATE-----