Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20001.roa
File:                     AS20001.roa (raw, json)
Hash identifier:          UBjQZwZdL6aioaGRd1xaqqESchPn01Dy008DAaviu8o=
Subject key identifier:   0D:04:BC:7D:81:94:54:D0:5C:03:35:2A:01:23:BC:61:43:A2:96:67
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       064BFC44A6BCCB605A4894C0A45F87F2B423B993
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20001.roa
Signing time:             Tue 26 May 2026 16:00:26 +0000
ROA not before:           Tue 26 May 2026 15:55:26 +0000
ROA not after:            Tue 25 May 2027 16:00:26 +0000
asID:                     20001
IP address blocks:        143.20.153.0/24 maxlen: 24
                          143.20.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:4b:fc:44:a6:bc:cb:60:5a:48:94:c0:a4:5f:87:f2:b4:23:b9:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 26 15:55:26 2026 GMT
            Not After : May 25 16:00:26 2027 GMT
        Subject: CN=0D04BC7D819454D05C03352A0123BC6143A29667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c4:71:f7:ab:bd:cb:e4:b7:7f:e2:48:b6:c6:
                    75:86:aa:c0:be:5b:e9:31:bc:75:d2:a5:be:a7:b8:
                    e5:84:0c:27:27:6b:ee:58:99:6f:02:15:1a:b1:e0:
                    f2:bf:bb:c0:b8:8e:73:e6:98:30:a4:ee:41:a0:6a:
                    3b:13:e0:0e:91:d7:19:91:12:80:c3:59:6c:a8:55:
                    0e:67:4c:58:10:eb:df:6a:15:52:02:03:39:9e:29:
                    d3:87:44:a2:ab:30:1e:08:ce:ce:5d:c1:3b:4c:eb:
                    05:41:5e:82:9c:ea:cb:51:4a:1a:ac:be:37:56:e1:
                    45:0f:a2:3e:3e:79:be:fb:80:43:d1:fa:f2:52:b7:
                    8b:bc:25:6b:b7:4e:59:ca:39:45:a6:ba:5d:8a:db:
                    34:f6:0e:f3:d9:1b:dc:9a:b1:b9:5a:45:b2:e8:4c:
                    c6:d0:52:10:f0:b9:9d:a4:22:44:56:3e:13:37:b0:
                    95:64:61:8d:75:2e:31:b1:2d:dc:39:88:80:1a:39:
                    bc:46:4e:af:80:5d:e1:7b:24:1c:3c:d6:f7:70:5c:
                    ef:0b:fc:b7:d7:16:16:d1:19:9f:fc:8c:7c:c2:0b:
                    3e:26:49:1a:0a:98:45:f5:cd:d6:c0:01:d1:82:4a:
                    9e:43:86:c0:be:a0:df:7e:b4:d3:2d:87:02:9f:1e:
                    70:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:04:BC:7D:81:94:54:D0:5C:03:35:2A:01:23:BC:61:43:A2:96:67
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20001.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.153.0/24
                  143.20.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:ab:ec:44:5e:85:91:25:83:b6:78:45:bb:6f:1c:d1:05:47:
         df:08:97:ac:0d:63:e4:cc:b4:47:1d:4a:0e:55:b5:db:10:49:
         c2:1c:4f:0b:2a:ee:ef:58:48:34:d2:05:f6:40:00:a7:99:1a:
         3b:39:c5:a1:fc:4c:bd:5d:94:44:46:3c:bd:24:44:8d:4e:95:
         40:35:59:19:8c:b1:ea:3d:41:43:3a:56:7d:bd:f0:91:1b:f9:
         2d:1b:15:bb:29:fe:32:bb:70:46:b8:22:de:35:aa:a5:8d:81:
         da:8e:d5:68:ed:87:ae:09:07:5b:26:a4:6c:a1:00:c6:37:07:
         d1:c4:e9:24:47:64:9f:f9:17:b5:a9:67:8c:c8:69:60:46:9c:
         f4:df:bf:30:80:a1:70:40:0f:34:0e:45:e3:af:55:c7:17:5c:
         e1:64:99:51:18:f0:a4:09:b3:88:cc:c6:1e:60:4b:61:d7:d6:
         08:80:51:3a:19:4b:fa:22:0e:57:d2:91:54:0c:33:6e:3f:12:
         07:2e:d0:5e:94:62:fd:66:87:88:43:cd:57:78:26:7b:82:b3:
         1f:5c:cf:1d:bd:1f:f6:bf:27:bf:be:c0:2c:98:85:02:d1:d4:
         c4:fd:99:48:30:12:0e:10:62:54:ec:52:eb:28:87:46:58:99:
         9f:a5:47:37
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUBkv8RKa8y2BaSJTApF+H8rQjuZMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MjYxNTU1MjZaFw0yNzA1MjUxNjAwMjZaMDMxMTAvBgNV
BAMTKDBEMDRCQzdEODE5NDU0RDA1QzAzMzUyQTAxMjNCQzYxNDNBMjk2NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdxHH3q73L5Ld/4ki2xnWGqsC+
W+kxvHXSpb6nuOWEDCcna+5YmW8CFRqx4PK/u8C4jnPmmDCk7kGgajsT4A6R1xmR
EoDDWWyoVQ5nTFgQ699qFVICAzmeKdOHRKKrMB4Izs5dwTtM6wVBXoKc6stRShqs
vjdW4UUPoj4+eb77gEPR+vJSt4u8JWu3TlnKOUWmul2K2zT2DvPZG9yasblaRbLo
TMbQUhDwuZ2kIkRWPhM3sJVkYY11LjGxLdw5iIAaObxGTq+AXeF7JBw81vdwXO8L
/LfXFhbRGZ/8jHzCCz4mSRoKmEX1zdbAAdGCSp5DhsC+oN9+tNMthwKfHnD5AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUDQS8fYGUVNBcAzUqASO8YUOilmcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjAwMDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFJkD
BACPFMYwDQYJKoZIhvcNAQELBQADggEBAMGr7ERehZElg7Z4RbtvHNEFR98Il6wN
Y+TMtEcdSg5VtdsQScIcTwsq7u9YSDTSBfZAAKeZGjs5xaH8TL1dlERGPL0kRI1O
lUA1WRmMseo9QUM6Vn298JEb+S0bFbsp/jK7cEa4It41qqWNgdqO1Wjth64JB1sm
pGyhAMY3B9HE6SRHZJ/5F7WpZ4zIaWBGnPTfvzCAoXBADzQOReOvVccXXOFkmVEY
8KQJs4jMxh5gS2HX1giAUToZS/oiDlfSkVQMM24/Egcu0F6UYv1mh4hDzVd4JnuC
sx9czx29H/a/J7++wCyYhQLR1MT9mUgwEg4QYlTsUusoh0ZYmZ+lRzc=
-----END CERTIFICATE-----