Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS20712.roa
File:                     AS20712.roa (raw, json)
Hash identifier:          gs+qyy8JNd68LNHyf9zUJP0F3U2EBtg+7DdyJjG3kK8=
Subject key identifier:   71:9C:F9:5C:42:2F:43:58:8E:C4:4F:CD:2E:31:FF:6C:09:66:35:BA
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       5CC998D0C63DF89953B6B78E952B6A549888537F
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS20712.roa
Signing time:             Mon 01 Jun 2026 21:54:50 +0000
ROA not before:           Mon 01 Jun 2026 21:49:50 +0000
ROA not after:            Mon 31 May 2027 21:54:50 +0000
asID:                     20712
IP address blocks:        51.194.130.0/24 maxlen: 24
                          188.220.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:c9:98:d0:c6:3d:f8:99:53:b6:b7:8e:95:2b:6a:54:98:88:53:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  1 21:49:50 2026 GMT
            Not After : May 31 21:54:50 2027 GMT
        Subject: CN=719CF95C422F43588EC44FCD2E31FF6C096635BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1b:86:ce:37:8f:15:a7:36:31:99:62:b2:82:
                    11:1e:88:ba:12:20:65:22:5c:0e:28:3d:35:5d:3e:
                    21:37:e0:17:fe:75:19:80:85:38:c6:bb:d2:17:23:
                    a9:9a:6f:51:1b:70:9b:f0:38:0c:66:2f:5a:26:8e:
                    83:64:8c:d3:cb:93:51:1a:b9:54:d5:36:c2:8a:d8:
                    09:c3:03:35:15:2e:c8:27:12:b0:51:41:3f:55:a8:
                    96:40:59:06:8f:62:36:c9:0d:ad:6d:dd:7b:1a:dc:
                    df:25:af:bc:c9:45:bf:dc:a2:64:11:b7:9d:f5:8d:
                    29:e9:c6:95:ed:16:9c:23:8a:4e:2c:08:1d:da:2c:
                    df:40:ef:ab:0e:e8:98:7e:af:c1:69:81:ce:51:83:
                    0c:b0:41:09:ee:b5:95:7b:e8:62:49:41:de:4c:a4:
                    84:2a:1d:c9:da:ae:79:63:cd:5a:aa:89:87:13:00:
                    4d:73:f6:ff:69:88:9b:83:26:df:26:c7:6e:34:88:
                    13:18:2e:9f:ee:ec:51:9d:9a:21:86:b1:96:a5:9a:
                    94:1b:39:e2:fd:93:57:0f:ec:c7:8f:ff:c4:df:2e:
                    6e:c8:15:b0:5e:16:1d:73:3f:e9:70:05:99:92:38:
                    a1:9b:0e:44:ca:dc:90:81:ba:4e:9d:d6:82:ff:8a:
                    e2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9C:F9:5C:42:2F:43:58:8E:C4:4F:CD:2E:31:FF:6C:09:66:35:BA
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS20712.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.130.0/24
                  188.220.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:a1:d6:ae:b2:ea:3c:f8:c4:62:73:8f:ac:6f:19:c0:ab:3a:
         59:a1:a1:2a:ff:31:ad:f4:09:cd:72:b0:6e:ab:97:5e:26:c8:
         f7:07:a6:1b:5b:59:ee:f5:27:68:87:79:c3:09:7d:91:be:97:
         92:55:c1:59:d1:7d:77:b7:af:17:61:35:46:fa:6a:03:68:70:
         59:85:5e:ca:5d:4a:3d:ae:5f:cc:a2:65:1b:7a:91:cf:c6:d3:
         bc:f3:05:b1:41:af:05:88:58:db:22:c2:89:ea:60:39:0b:d9:
         21:d5:e3:c6:e7:c7:29:59:3d:b2:ce:38:35:b2:16:75:cb:ef:
         d9:e4:ec:8e:ed:9b:50:44:89:fd:65:8c:25:11:72:f6:02:cc:
         2c:8e:65:b5:08:87:25:d2:87:ab:8a:ce:c1:d1:4a:28:3a:cf:
         3a:4a:f1:da:4b:62:2b:f9:e1:03:17:68:bf:74:9f:30:d3:c8:
         2d:49:95:fb:c1:0a:f3:83:e0:56:27:b4:d3:a5:3a:2e:27:3b:
         e2:4d:d2:f1:35:e4:c3:0f:27:4b:20:ae:8f:6d:5a:10:b6:96:
         73:2a:77:c5:e5:07:72:a0:0f:30:e1:6f:22:1a:81:37:8d:d5:
         a8:83:fa:bb:5c:d0:f3:12:63:92:bd:5e:9a:fc:bf:46:0a:aa:
         03:f5:f0:06
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUXMmY0MY9+JlTtreOlStqVJiIU38wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDEyMTQ5NTBaFw0yNzA1MzEyMTU0NTBaMDMxMTAvBgNV
BAMTKDcxOUNGOTVDNDIyRjQzNTg4RUM0NEZDRDJFMzFGRjZDMDk2NjM1QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGG4bON48VpzYxmWKyghEeiLoS
IGUiXA4oPTVdPiE34Bf+dRmAhTjGu9IXI6mab1EbcJvwOAxmL1omjoNkjNPLk1Ea
uVTVNsKK2AnDAzUVLsgnErBRQT9VqJZAWQaPYjbJDa1t3Xsa3N8lr7zJRb/comQR
t531jSnpxpXtFpwjik4sCB3aLN9A76sO6Jh+r8Fpgc5RgwywQQnutZV76GJJQd5M
pIQqHcnarnljzVqqiYcTAE1z9v9piJuDJt8mx240iBMYLp/u7FGdmiGGsZalmpQb
OeL9k1cP7MeP/8TfLm7IFbBeFh1zP+lwBZmSOKGbDkTK3JCBuk6d1oL/iuLrAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUcZz5XEIvQ1iOxE/NLjH/bAlmNbowHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjA3MTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAzwoID
BAC83AowDQYJKoZIhvcNAQELBQADggEBACqh1q6y6jz4xGJzj6xvGcCrOlmhoSr/
Ma30Cc1ysG6rl14myPcHphtbWe71J2iHecMJfZG+l5JVwVnRfXe3rxdhNUb6agNo
cFmFXspdSj2uX8yiZRt6kc/G07zzBbFBrwWIWNsiwonqYDkL2SHV48bnxylZPbLO
ODWyFnXL79nk7I7tm1BEif1ljCURcvYCzCyOZbUIhyXSh6uKzsHRSig6zzpK8dpL
Yiv54QMXaL90nzDTyC1JlfvBCvOD4FYntNOlOi4nO+JN0vE15MMPJ0sgro9tWhC2
lnMqd8XlB3KgDzDhbyIagTeN1aiD+rtc0PMSY5K9Xpr8v0YKqgP18AY=
-----END CERTIFICATE-----