Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          BtA/Od6oYPIHvTDOnHbDYRQ/cMRzODtGaCAkih4dIeQ=
Subject key identifier:   27:DE:F6:59:CB:4A:9B:1B:3D:D3:8B:AF:F9:FA:94:80:E4:C0:71:09
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       034CCB3D8F0200DBCB4E8FE2026A7809A5361D33
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS20473.roa
Signing time:             Tue 02 Jun 2026 02:25:13 +0000
ROA not before:           Tue 02 Jun 2026 02:20:13 +0000
ROA not after:            Tue 01 Jun 2027 02:25:13 +0000
asID:                     20473
IP address blocks:        51.194.65.0/24 maxlen: 24
                          51.194.141.0/24 maxlen: 24
                          188.220.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:4c:cb:3d:8f:02:00:db:cb:4e:8f:e2:02:6a:78:09:a5:36:1d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  2 02:20:13 2026 GMT
            Not After : Jun  1 02:25:13 2027 GMT
        Subject: CN=27DEF659CB4A9B1B3DD38BAFF9FA9480E4C07109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:75:0d:0e:54:1c:db:83:3c:a2:19:85:7f:91:
                    74:4f:6c:39:28:83:5c:3d:29:b3:72:aa:6b:33:f1:
                    d7:09:83:cf:b9:19:a2:a4:d6:52:9f:30:6f:1c:24:
                    8e:38:3c:35:a9:66:52:c3:ee:c3:59:57:c5:ec:7d:
                    a9:c1:63:05:e2:9a:34:9a:d4:de:bd:e7:8f:07:7a:
                    9e:bb:91:ee:f0:e0:da:00:bf:8c:24:d0:ca:3e:18:
                    41:d2:27:75:16:6e:77:7b:3b:13:61:a7:4d:ad:0c:
                    ec:db:f2:5a:34:97:89:0c:f2:2e:2c:1d:f9:ba:da:
                    81:a9:5c:bd:72:63:58:c6:ad:9f:b5:dc:15:c6:53:
                    a3:46:7c:8b:28:74:7e:db:45:a1:6a:6c:8b:54:79:
                    a3:62:34:26:fb:a0:77:90:9d:31:f6:80:a0:b7:5e:
                    f9:8a:44:b8:3a:e0:7a:99:a3:84:b7:5d:bc:78:a2:
                    42:96:64:5e:2a:ee:55:78:bf:3d:c7:90:1d:82:eb:
                    7a:f7:76:9f:42:d8:26:36:c4:b1:8b:ad:81:1c:5c:
                    a7:b6:8f:eb:d2:6f:ce:e6:65:41:48:b1:3b:b0:a8:
                    6a:3e:0e:c7:82:8d:72:b1:8d:fa:65:8e:40:a7:f4:
                    93:db:1a:1c:85:d0:df:ab:15:91:9a:a0:02:82:63:
                    a3:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:DE:F6:59:CB:4A:9B:1B:3D:D3:8B:AF:F9:FA:94:80:E4:C0:71:09
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.65.0/24
                  51.194.141.0/24
                  188.220.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ef:9a:66:9e:f4:43:c3:96:db:e2:22:5a:e8:43:ce:45:30:
         d9:71:fc:99:a0:0d:b6:7e:81:7b:30:4a:d7:87:4e:b8:cd:10:
         98:f1:f3:cb:79:c7:fc:cd:47:13:83:14:ce:c2:f0:9d:94:cc:
         ff:ce:44:e6:b3:d5:31:95:b7:96:44:b2:27:98:91:af:7c:10:
         52:ef:9f:e4:7c:19:c8:88:36:fa:7c:f9:b4:d1:42:65:02:85:
         a3:a1:dd:a2:be:3d:2a:4d:b7:31:2c:75:03:4b:05:18:47:23:
         9f:90:1c:96:6d:6f:60:6b:d0:a6:c2:ea:00:1c:cc:2c:d7:30:
         2c:82:3e:f2:7a:43:e2:9a:46:2d:1c:c5:4d:c7:06:3e:29:df:
         8d:fb:e9:39:0d:67:21:30:5b:bb:fa:98:ee:39:e5:7f:29:2b:
         1a:54:14:59:27:a9:84:b0:b2:0b:35:99:7b:34:57:17:92:85:
         e9:42:68:09:5f:03:86:1f:2e:c8:06:a1:c8:6c:d1:5c:cb:fb:
         ab:da:3a:70:7a:36:09:25:a6:d8:80:77:e9:77:ce:5c:77:97:
         d3:c8:8c:be:bb:8c:10:60:9d:c3:b7:9a:72:51:bc:50:7b:c3:
         ab:2c:e1:b1:27:c7:f7:aa:ce:aa:f8:74:b0:5d:ab:ed:49:68:
         a8:7d:fa:40
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUA0zLPY8CANvLTo/iAmp4CaU2HTMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDIwMjIwMTNaFw0yNzA2MDEwMjI1MTNaMDMxMTAvBgNV
BAMTKDI3REVGNjU5Q0I0QTlCMUIzREQzOEJBRkY5RkE5NDgwRTRDMDcxMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWdQ0OVBzbgzyiGYV/kXRPbDko
g1w9KbNyqmsz8dcJg8+5GaKk1lKfMG8cJI44PDWpZlLD7sNZV8XsfanBYwXimjSa
1N69548Hep67ke7w4NoAv4wk0Mo+GEHSJ3UWbnd7OxNhp02tDOzb8lo0l4kM8i4s
Hfm62oGpXL1yY1jGrZ+13BXGU6NGfIsodH7bRaFqbItUeaNiNCb7oHeQnTH2gKC3
XvmKRLg64HqZo4S3Xbx4okKWZF4q7lV4vz3HkB2C63r3dp9C2CY2xLGLrYEcXKe2
j+vSb87mZUFIsTuwqGo+DseCjXKxjfpljkCn9JPbGhyF0N+rFZGaoAKCY6NfAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUJ972WctKmxs904uv+fqUgOTAcQkwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAzwkED
BAAzwo0DBAC83EUwDQYJKoZIhvcNAQELBQADggEBAJzvmmae9EPDltviIlroQ85F
MNlx/JmgDbZ+gXswSteHTrjNEJjx88t5x/zNRxODFM7C8J2UzP/OROaz1TGVt5ZE
sieYka98EFLvn+R8GciINvp8+bTRQmUChaOh3aK+PSpNtzEsdQNLBRhHI5+QHJZt
b2Br0KbC6gAczCzXMCyCPvJ6Q+KaRi0cxU3HBj4p34376TkNZyEwW7v6mO455X8p
KxpUFFknqYSwsgs1mXs0VxeShelCaAlfA4YfLsgGochs0VzL+6vaOnB6NgklptiA
d+l3zlx3l9PIjL67jBBgncO3mnJRvFB7w6ss4bEnx/eqzqr4dLBdq+1JaKh9+kA=
-----END CERTIFICATE-----