Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS206136.roa
File:                     AS206136.roa (raw, json)
Hash identifier:          OdY4Djvu28A5hZXu0kfeNayKlq5UNQwLasDmE4R1hOM=
Subject key identifier:   1A:05:62:B9:83:70:B9:84:80:49:F4:D3:B7:CA:1A:3C:50:72:F6:7E
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       08E3E08B2B2961351E74B4C9A023D693D11172E5
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS206136.roa
Signing time:             Wed 20 May 2026 08:09:17 +0000
ROA not before:           Wed 20 May 2026 08:04:17 +0000
ROA not after:            Wed 19 May 2027 08:09:17 +0000
asID:                     206136
IP address blocks:        51.241.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:e3:e0:8b:2b:29:61:35:1e:74:b4:c9:a0:23:d6:93:d1:11:72:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: May 20 08:04:17 2026 GMT
            Not After : May 19 08:09:17 2027 GMT
        Subject: CN=1A0562B98370B9848049F4D3B7CA1A3C5072F67E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ec:89:c3:f8:09:2d:d6:02:58:50:da:46:fa:
                    79:78:b8:a2:86:a8:86:43:0b:d1:1d:f2:b1:61:61:
                    a5:0c:33:3b:1d:c0:a5:24:c6:54:e0:28:4c:4d:bc:
                    90:18:77:4d:9d:c8:2f:01:12:84:f8:3b:1f:96:af:
                    32:66:01:6d:c9:43:81:32:69:d7:91:84:56:07:fa:
                    dd:a0:f5:c8:36:8b:5d:14:ef:d7:bf:00:50:d9:88:
                    b8:4f:e6:9d:ad:0c:63:d7:f6:9b:06:e7:1a:c9:8a:
                    40:2b:ee:df:a4:08:31:57:b2:4b:99:b6:77:e1:47:
                    a4:d7:88:b8:ac:87:75:b2:d3:e2:66:fb:3e:32:ea:
                    7d:de:55:1b:86:43:35:3c:a6:60:a9:eb:80:4b:8c:
                    e4:21:99:73:fa:32:0b:f6:47:a9:f0:6b:22:c0:4a:
                    f8:bf:cc:50:18:58:26:a5:23:2c:81:07:ac:e9:e4:
                    be:dd:6d:15:4b:d4:37:fe:c9:69:d0:25:e8:02:0a:
                    31:61:ca:4b:c7:51:de:59:9c:f8:a5:7b:fb:a0:83:
                    8b:1b:42:ed:40:6e:fa:d2:7b:f7:f6:68:4a:b2:71:
                    23:68:ae:ae:77:e6:5d:fe:e0:26:bf:ef:c5:db:76:
                    0f:6b:c8:96:33:28:14:29:e8:d7:a8:a1:30:43:df:
                    60:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:05:62:B9:83:70:B9:84:80:49:F4:D3:B7:CA:1A:3C:50:72:F6:7E
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS206136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.241.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:5e:0b:85:80:84:df:0e:67:e1:6b:51:a1:02:46:a0:2b:8c:
         a5:17:b5:7a:68:02:6c:55:5a:85:e9:af:97:b8:18:b0:78:a3:
         07:79:2c:ea:41:98:4c:9d:67:94:99:e0:26:45:2f:e2:6c:50:
         b1:48:ab:a4:e7:88:69:37:c0:ab:a0:63:b7:08:ba:77:4e:d8:
         fb:58:9d:3d:75:e1:3b:83:09:0b:07:7f:28:40:f4:c7:e4:8e:
         bf:62:ff:58:b6:a5:7d:04:2b:ae:e5:76:09:fc:1c:4d:9b:11:
         c0:8e:e9:c3:0e:c4:f2:4b:ad:c7:c9:47:66:dd:d6:d7:2e:84:
         63:09:51:d2:bc:8e:b9:eb:da:36:f0:8e:f2:40:d2:bc:e1:c6:
         c3:13:58:15:79:e1:4c:9d:26:23:8c:14:b2:0e:35:bb:7d:2d:
         fb:ca:fe:8e:ae:fa:fb:dc:08:ef:8c:73:ff:6a:3e:02:dc:bb:
         d8:4f:6a:94:93:70:eb:a8:ee:e5:d1:3e:12:72:80:73:db:18:
         ad:08:17:7b:f9:2b:e4:f6:d3:1e:2b:a0:2c:4d:b7:c3:0d:21:
         62:a1:99:50:b3:f0:91:df:9d:97:de:09:41:1d:8b:cf:f5:eb:
         a4:27:4f:b8:f4:6f:ae:3c:de:c9:2a:b4:36:4f:fb:b9:79:fe:
         b2:fc:2a:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCOPgiyspYTUedLTJoCPWk9ERcuUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MjAwODA0MTdaFw0yNzA1MTkwODA5MTdaMDMxMTAvBgNV
BAMTKDFBMDU2MkI5ODM3MEI5ODQ4MDQ5RjREM0I3Q0ExQTNDNTA3MkY2N0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl7InD+Akt1gJYUNpG+nl4uKKG
qIZDC9Ed8rFhYaUMMzsdwKUkxlTgKExNvJAYd02dyC8BEoT4Ox+WrzJmAW3JQ4Ey
adeRhFYH+t2g9cg2i10U79e/AFDZiLhP5p2tDGPX9psG5xrJikAr7t+kCDFXskuZ
tnfhR6TXiLish3Wy0+Jm+z4y6n3eVRuGQzU8pmCp64BLjOQhmXP6Mgv2R6nwayLA
Svi/zFAYWCalIyyBB6zp5L7dbRVL1Df+yWnQJegCCjFhykvHUd5ZnPile/ugg4sb
Qu1AbvrSe/f2aEqycSNorq535l3+4Ca/78Xbdg9ryJYzKBQp6NeooTBD32C7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGgViuYNwuYSASfTTt8oaPFBy9n4wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjA2MTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAM/GL
MA0GCSqGSIb3DQEBCwUAA4IBAQBEXguFgITfDmfha1GhAkagK4ylF7V6aAJsVVqF
6a+XuBiweKMHeSzqQZhMnWeUmeAmRS/ibFCxSKuk54hpN8CroGO3CLp3Ttj7WJ09
deE7gwkLB38oQPTH5I6/Yv9YtqV9BCuu5XYJ/BxNmxHAjunDDsTyS63HyUdm3dbX
LoRjCVHSvI6569o28I7yQNK84cbDE1gVeeFMnSYjjBSyDjW7fS37yv6Orvr73Ajv
jHP/aj4C3LvYT2qUk3DrqO7l0T4ScoBz2xitCBd7+Svk9tMeK6AsTbfDDSFioZlQ
s/CR352X3glBHYvP9eukJ0+49G+uPN7JKrQ2T/u5ef6y/Cph
-----END CERTIFICATE-----