Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS203048.roa
File:                     AS203048.roa (raw, json)
Hash identifier:          rv391wv20Zd04Ny/IpNon25mwtGayTvL1I76f5s4Psw=
Subject key identifier:   CE:C5:AF:9C:D1:DF:31:37:38:BC:5B:A8:CD:74:8B:6F:05:E0:4A:1C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       691A1CF3899E3905034AF2E02CB495E398BB4F5A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS203048.roa
Signing time:             Sat 04 Apr 2026 13:25:33 +0000
ROA not before:           Sat 04 Apr 2026 13:20:33 +0000
ROA not after:            Sat 03 Apr 2027 13:25:33 +0000
asID:                     203048
IP address blocks:        143.20.34.0/24 maxlen: 24
                          143.20.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:1a:1c:f3:89:9e:39:05:03:4a:f2:e0:2c:b4:95:e3:98:bb:4f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Apr  4 13:20:33 2026 GMT
            Not After : Apr  3 13:25:33 2027 GMT
        Subject: CN=CEC5AF9CD1DF313738BC5BA8CD748B6F05E04A1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f0:64:78:cd:c1:f2:84:87:fd:6d:81:19:77:
                    6b:0c:c4:b9:1e:65:5e:59:c2:2f:74:c2:0a:ea:43:
                    9a:ce:d9:c9:b5:a3:5a:97:22:8a:77:bf:42:81:b4:
                    12:73:53:63:df:34:31:4a:62:6c:8a:85:50:1e:5a:
                    c2:b4:95:fa:55:f4:60:79:e9:f2:cd:bf:8e:b4:0d:
                    3d:2e:7e:2f:30:72:25:31:3a:5f:30:cf:be:51:15:
                    08:01:93:fc:d7:01:ef:e1:c6:70:5d:98:02:4a:ae:
                    f5:db:6f:0a:f8:b6:ee:a3:7b:43:18:17:33:dd:bc:
                    d0:4e:f3:1d:86:f3:c8:ba:c0:7e:17:f8:66:76:82:
                    80:36:b3:4b:d5:a7:1b:ca:09:5d:92:a7:ba:2b:4e:
                    15:47:99:e1:60:87:8c:83:e6:06:a9:11:82:8f:a2:
                    38:db:4a:ed:c9:b1:a2:0a:a9:5e:55:bd:5e:39:4a:
                    ae:5b:92:99:cc:34:bd:0c:9c:0f:16:2f:5c:cc:de:
                    2f:64:ca:cc:c8:77:cc:93:f9:d1:06:0b:e9:71:6d:
                    fc:8f:8d:c0:07:f9:ae:0a:8d:86:04:0a:aa:9f:14:
                    e8:4f:93:b2:05:07:38:d3:9f:09:62:fe:95:45:32:
                    d8:4c:56:d5:2a:15:53:71:d2:6d:cb:30:62:58:59:
                    29:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C5:AF:9C:D1:DF:31:37:38:BC:5B:A8:CD:74:8B:6F:05:E0:4A:1C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS203048.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.34.0/24
                  143.20.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:b2:59:be:4b:50:85:f4:1b:95:d1:80:8e:f2:90:87:90:15:
         93:c6:bd:57:0f:25:c9:9e:60:1c:b1:1d:8e:c6:73:ad:31:ed:
         53:28:d2:81:4a:05:15:5b:87:f9:3f:d8:23:68:91:05:75:ae:
         b7:5b:b9:f3:7f:39:26:2c:96:bc:68:4b:97:fb:1a:cb:00:9c:
         56:b3:a2:56:e1:c9:79:ff:48:51:68:7d:6b:6b:13:0c:97:6a:
         bc:a1:1a:00:aa:b4:f1:f0:ca:00:9e:60:64:d3:9e:45:30:1c:
         43:bb:1d:d4:84:4d:32:d8:1c:84:e9:a8:36:76:b5:49:0b:dd:
         d1:69:1b:b0:4b:63:c9:bd:3f:03:21:e6:a6:60:ee:96:29:ee:
         38:02:0e:b0:0f:5d:58:9c:26:9e:57:f7:7c:03:01:6a:a0:0f:
         c6:01:1a:64:e4:6e:7d:7d:2d:21:27:ba:38:f6:e1:ca:d6:5b:
         16:f4:f5:98:a6:27:a7:4e:66:bf:49:d3:46:c3:65:a2:5c:97:
         5b:b6:c7:49:64:30:8c:f1:9c:d2:26:50:93:76:70:50:40:51:
         54:3a:df:5b:5d:e8:e1:00:cb:5c:d4:d8:ce:c7:e2:1e:63:40:
         0a:27:3e:8e:64:e1:60:67:db:21:74:e4:f7:c6:fa:72:b1:b6:
         21:ca:3e:78
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUaRoc84meOQUDSvLgLLSV45i7T1owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA0MDQxMzIwMzNaFw0yNzA0MDMxMzI1MzNaMDMxMTAvBgNV
BAMTKENFQzVBRjlDRDFERjMxMzczOEJDNUJBOENENzQ4QjZGMDVFMDRBMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl8GR4zcHyhIf9bYEZd2sMxLke
ZV5Zwi90wgrqQ5rO2cm1o1qXIop3v0KBtBJzU2PfNDFKYmyKhVAeWsK0lfpV9GB5
6fLNv460DT0ufi8wciUxOl8wz75RFQgBk/zXAe/hxnBdmAJKrvXbbwr4tu6je0MY
FzPdvNBO8x2G88i6wH4X+GZ2goA2s0vVpxvKCV2Sp7orThVHmeFgh4yD5gapEYKP
ojjbSu3JsaIKqV5VvV45Sq5bkpnMNL0MnA8WL1zM3i9kyszId8yT+dEGC+lxbfyP
jcAH+a4KjYYECqqfFOhPk7IFBzjTnwli/pVFMthMVtUqFVNx0m3LMGJYWSnJAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUzsWvnNHfMTc4vFuozXSLbwXgShwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjAzMDQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQi
AwQAjxRQMA0GCSqGSIb3DQEBCwUAA4IBAQCPslm+S1CF9BuV0YCO8pCHkBWTxr1X
DyXJnmAcsR2OxnOtMe1TKNKBSgUVW4f5P9gjaJEFda63W7nzfzkmLJa8aEuX+xrL
AJxWs6JW4cl5/0hRaH1raxMMl2q8oRoAqrTx8MoAnmBk055FMBxDux3UhE0y2ByE
6ag2drVJC93RaRuwS2PJvT8DIeamYO6WKe44Ag6wD11YnCaeV/d8AwFqoA/GARpk
5G59fS0hJ7o49uHK1lsW9PWYpienTma/SdNGw2WiXJdbtsdJZDCM8ZzSJlCTdnBQ
QFFUOt9bXejhAMtc1NjOx+IeY0AKJz6OZOFgZ9shdOT3xvpysbYhyj54
-----END CERTIFICATE-----