Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS205502.roa
File:                     AS205502.roa (raw, json)
Hash identifier:          4TYIKcbA98Ci8vw/hE5YinODTCgW5AciFNeCMS4lxcE=
Subject key identifier:   93:9D:1E:D1:57:04:7E:29:DA:A5:3F:F4:96:82:60:9A:5F:B4:27:C1
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       1DEEC4F5F7BE1C3EFCB9DEF61D5EBBAA7215D35C
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS205502.roa
Signing time:             Wed 20 May 2026 08:09:20 +0000
ROA not before:           Wed 20 May 2026 08:04:20 +0000
ROA not after:            Wed 19 May 2027 08:09:20 +0000
asID:                     205502
IP address blocks:        51.241.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:ee:c4:f5:f7:be:1c:3e:fc:b9:de:f6:1d:5e:bb:aa:72:15:d3:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: May 20 08:04:20 2026 GMT
            Not After : May 19 08:09:20 2027 GMT
        Subject: CN=939D1ED157047E29DAA53FF49682609A5FB427C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:64:41:fa:64:ac:98:0f:12:81:35:50:c1:73:
                    00:a9:f4:1b:6f:72:35:81:0d:72:a6:7b:15:b7:3e:
                    22:c5:36:5b:01:23:14:7a:9c:cd:7c:c2:a8:6f:b3:
                    31:9e:00:91:d0:32:cf:e3:73:cb:68:f3:c0:63:c1:
                    9f:86:33:ba:92:63:36:40:6a:4f:4f:b8:c0:04:bb:
                    c6:06:2d:2b:ed:1a:bb:54:0e:12:33:00:d3:aa:63:
                    5a:58:ab:17:e5:02:80:99:e6:ad:5d:70:16:78:42:
                    75:dc:5e:c6:7a:2c:d6:6c:ce:cc:18:44:fa:f8:41:
                    c8:bb:29:21:48:af:95:e0:f1:59:f1:6c:ae:e5:f8:
                    8f:bf:65:8d:1b:c8:68:cf:f7:d1:a9:53:c2:bd:86:
                    da:da:1e:48:70:ab:bd:00:36:31:7c:c6:79:1c:42:
                    18:e2:53:72:bc:78:6e:00:e6:7e:60:55:fe:d6:5e:
                    91:5b:b5:18:45:92:d1:ac:90:d8:41:d1:fb:d5:a5:
                    53:a6:97:d9:7c:ef:3d:1d:dc:01:87:71:bd:1e:85:
                    87:2e:bc:21:de:16:de:d8:e9:52:0e:40:6b:d6:da:
                    eb:e4:30:83:36:00:a0:97:d8:c5:24:e1:08:97:9d:
                    46:54:52:58:04:17:02:bf:26:bf:6b:03:de:73:e6:
                    dc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:9D:1E:D1:57:04:7E:29:DA:A5:3F:F4:96:82:60:9A:5F:B4:27:C1
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS205502.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.241.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:c9:5f:94:4e:8c:29:41:f8:19:47:98:72:fb:4d:19:7c:a9:
         24:25:20:ae:19:fa:8a:53:87:ed:33:5e:20:cc:93:12:2c:58:
         45:d3:bb:87:78:f8:ab:d7:61:22:c8:dc:a8:53:58:fa:01:15:
         90:fe:8c:bc:f9:ed:d7:c0:74:9b:5a:bb:f9:f2:ac:2d:08:1b:
         fc:fa:fd:a0:87:8a:ec:1f:24:4e:25:ec:04:5e:23:1f:2c:e6:
         1b:a2:54:97:48:87:fe:83:79:de:71:42:2a:f7:8d:39:29:1c:
         35:16:6a:f8:69:5d:5d:44:a7:ba:87:bf:7e:e1:56:6f:60:a9:
         2e:b5:75:7c:85:82:41:cf:fa:31:c0:42:88:73:64:db:f7:bb:
         a7:74:c6:d0:b9:2a:d1:a9:38:25:cd:4a:ec:c8:68:e9:50:2b:
         c0:29:56:8a:64:11:45:be:d3:a6:4b:b7:92:15:2d:19:61:3b:
         cb:c5:16:b6:ba:e5:bd:67:e4:5e:c2:bb:06:b6:97:ee:e3:01:
         46:21:12:d3:a3:62:7e:7b:b8:e4:70:c5:9c:ec:eb:71:52:01:
         be:71:a6:ea:da:d4:e8:8d:f7:39:71:2b:36:cf:29:74:be:88:
         1c:d2:16:93:5a:33:d9:d5:d4:6e:b9:08:1d:36:54:f3:66:71:
         22:61:63:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHe7E9fe+HD78ud72HV67qnIV01wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MjAwODA0MjBaFw0yNzA1MTkwODA5MjBaMDMxMTAvBgNV
BAMTKDkzOUQxRUQxNTcwNDdFMjlEQUE1M0ZGNDk2ODI2MDlBNUZCNDI3QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMZEH6ZKyYDxKBNVDBcwCp9Btv
cjWBDXKmexW3PiLFNlsBIxR6nM18wqhvszGeAJHQMs/jc8to88BjwZ+GM7qSYzZA
ak9PuMAEu8YGLSvtGrtUDhIzANOqY1pYqxflAoCZ5q1dcBZ4QnXcXsZ6LNZszswY
RPr4Qci7KSFIr5Xg8VnxbK7l+I+/ZY0byGjP99GpU8K9htraHkhwq70ANjF8xnkc
QhjiU3K8eG4A5n5gVf7WXpFbtRhFktGskNhB0fvVpVOml9l87z0d3AGHcb0ehYcu
vCHeFt7Y6VIOQGvW2uvkMIM2AKCX2MUk4QiXnUZUUlgEFwK/Jr9rA95z5tytAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUk50e0VcEfinapT/0loJgml+0J8EwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjA1NTAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAM/GH
MA0GCSqGSIb3DQEBCwUAA4IBAQChyV+UTowpQfgZR5hy+00ZfKkkJSCuGfqKU4ft
M14gzJMSLFhF07uHePir12EiyNyoU1j6ARWQ/oy8+e3XwHSbWrv58qwtCBv8+v2g
h4rsHyROJewEXiMfLOYbolSXSIf+g3necUIq9405KRw1Fmr4aV1dRKe6h79+4VZv
YKkutXV8hYJBz/oxwEKIc2Tb97undMbQuSrRqTglzUrsyGjpUCvAKVaKZBFFvtOm
S7eSFS0ZYTvLxRa2uuW9Z+RewrsGtpfu4wFGIRLTo2J+e7jkcMWc7OtxUgG+cabq
2tTojfc5cSs2zyl0vogc0haTWjPZ1dRuuQgdNlTzZnEiYWPv
-----END CERTIFICATE-----