Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS207019.roa
File:                     AS207019.roa (raw, json)
Hash identifier:          uFNp3mjkwyVOyyqoFfhwOoUubEPZTcCrhJdSrx5Fx98=
Subject key identifier:   F1:C2:43:A6:BC:E9:71:C4:6E:6E:0F:B2:F2:24:1C:9E:D2:DF:E8:D3
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       247AE9534C7D9E06F24229C72663A8835043B416
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS207019.roa
Signing time:             Wed 20 May 2026 08:09:22 +0000
ROA not before:           Wed 20 May 2026 08:04:22 +0000
ROA not after:            Wed 19 May 2027 08:09:22 +0000
asID:                     207019
IP address blocks:        51.241.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:7a:e9:53:4c:7d:9e:06:f2:42:29:c7:26:63:a8:83:50:43:b4:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: May 20 08:04:22 2026 GMT
            Not After : May 19 08:09:22 2027 GMT
        Subject: CN=F1C243A6BCE971C46E6E0FB2F2241C9ED2DFE8D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c5:78:73:95:85:ac:8c:7a:52:14:d5:95:f8:
                    f7:cc:1d:a4:5e:4f:5a:6c:a6:19:db:cd:15:cb:c3:
                    a8:f6:a8:4e:09:47:92:33:d0:2f:1a:fc:db:d1:61:
                    1f:2b:ef:96:53:5d:13:84:75:cd:d3:13:8c:03:c6:
                    d4:83:02:9c:6e:10:a8:3c:a4:b2:82:83:6a:48:6b:
                    c6:d4:5e:e4:97:35:d3:ed:51:72:a1:a9:67:47:21:
                    50:ae:c2:66:c2:ad:ef:da:4b:e6:5d:27:7a:4f:8f:
                    c7:c2:31:6c:84:e3:1e:83:43:9c:38:b4:3d:6b:4a:
                    50:24:ab:ef:dd:4f:a4:ae:f6:d4:f1:d8:b8:27:9d:
                    de:a7:bf:93:2c:3f:e5:7e:57:c0:75:ea:45:cb:4b:
                    c6:9d:47:81:68:ab:0e:ce:06:ec:30:c8:58:1f:bc:
                    15:07:70:fd:16:24:bd:a1:b6:ed:1d:fa:c8:f1:d7:
                    d4:9c:c2:8b:54:42:6f:6b:84:8c:d7:80:57:23:bf:
                    64:5a:6a:8b:cc:af:43:42:11:cc:73:bc:6c:e2:ab:
                    ec:97:19:a8:0b:1d:f1:cf:7b:f1:53:48:fb:f9:9e:
                    8a:84:63:1f:0a:0a:7d:59:d9:91:76:16:49:62:4e:
                    d2:3c:0a:2c:ff:05:61:1d:60:e1:7a:3f:96:7b:c4:
                    46:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:C2:43:A6:BC:E9:71:C4:6E:6E:0F:B2:F2:24:1C:9E:D2:DF:E8:D3
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS207019.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.241.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:b4:57:cd:9e:87:ec:05:18:56:a1:cb:a8:c1:3e:35:c5:2c:
         70:6f:c5:c6:ca:c6:74:78:69:c6:ea:f7:92:95:0d:18:3a:90:
         70:af:90:3b:13:a8:d8:50:d7:82:46:6b:bd:38:21:a0:bf:e5:
         de:db:4f:e5:b4:82:c0:a3:33:b5:bc:50:79:f7:6f:5e:52:c3:
         a5:4c:dc:60:52:bf:b6:74:7e:01:ba:f3:31:7a:e7:31:de:98:
         3e:44:37:96:40:35:c4:62:24:04:09:8e:f1:e0:6c:3e:62:a8:
         36:bf:db:2e:f4:9a:c2:6a:80:78:30:b5:3c:c5:a2:ea:05:d6:
         71:06:41:2f:74:8f:a6:3b:47:1d:9d:83:ed:20:69:0e:49:dc:
         c2:5d:be:d6:d4:0f:38:0a:45:d4:c1:f6:d0:8e:f7:c1:7a:21:
         61:d2:0e:1f:71:6a:63:06:d4:9a:65:38:ec:52:49:75:8e:37:
         9f:07:a0:fa:1e:1e:40:72:61:d0:eb:6c:5e:f8:c0:5f:21:9b:
         47:f3:aa:57:dc:6b:d6:f1:3e:14:3a:f1:5a:74:69:ac:57:db:
         6e:6d:1a:c1:3e:72:a0:6b:a9:55:ba:c7:e7:7a:c2:c9:3d:58:
         d5:48:ea:44:46:90:f3:62:1a:af:54:4e:96:b7:69:bf:6d:8b:
         05:08:ce:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJHrpU0x9ngbyQinHJmOog1BDtBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MjAwODA0MjJaFw0yNzA1MTkwODA5MjJaMDMxMTAvBgNV
BAMTKEYxQzI0M0E2QkNFOTcxQzQ2RTZFMEZCMkYyMjQxQzlFRDJERkU4RDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWxXhzlYWsjHpSFNWV+PfMHaRe
T1psphnbzRXLw6j2qE4JR5Iz0C8a/NvRYR8r75ZTXROEdc3TE4wDxtSDApxuEKg8
pLKCg2pIa8bUXuSXNdPtUXKhqWdHIVCuwmbCre/aS+ZdJ3pPj8fCMWyE4x6DQ5w4
tD1rSlAkq+/dT6Su9tTx2Lgnnd6nv5MsP+V+V8B16kXLS8adR4Foqw7OBuwwyFgf
vBUHcP0WJL2htu0d+sjx19ScwotUQm9rhIzXgFcjv2RaaovMr0NCEcxzvGziq+yX
GagLHfHPe/FTSPv5noqEYx8KCn1Z2ZF2FkliTtI8Ciz/BWEdYOF6P5Z7xEb7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU8cJDprzpccRubg+y8iQcntLf6NMwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjA3MDE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAM/GJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAWtFfNnofsBRhWocuowT41xSxwb8XGysZ0eGnG
6veSlQ0YOpBwr5A7E6jYUNeCRmu9OCGgv+Xe20/ltILAozO1vFB5929eUsOlTNxg
Ur+2dH4BuvMxeucx3pg+RDeWQDXEYiQECY7x4Gw+Yqg2v9su9JrCaoB4MLU8xaLq
BdZxBkEvdI+mO0cdnYPtIGkOSdzCXb7W1A84CkXUwfbQjvfBeiFh0g4fcWpjBtSa
ZTjsUkl1jjefB6D6Hh5AcmHQ62xe+MBfIZtH86pX3GvW8T4UOvFadGmsV9tubRrB
PnKga6lVusfnesLJPVjVSOpERpDzYhqvVE6Wt2m/bYsFCM4u
-----END CERTIFICATE-----