Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          zaOuhehIw825KYbFz1GoxsxVouZhbSxY2jn/mwIX9UE=
Subject key identifier:   BC:20:21:D6:B3:FA:22:C3:E2:8E:2B:B2:61:C3:59:4C:59:5A:ED:9C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       310B7A98ECC37E6E0F2AB806723D83E1DAF14700
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20326.roa
Signing time:             Sat 18 Apr 2026 13:59:15 +0000
ROA not before:           Sat 18 Apr 2026 13:54:15 +0000
ROA not after:            Sat 17 Apr 2027 13:59:15 +0000
asID:                     20326
IP address blocks:        143.20.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:0b:7a:98:ec:c3:7e:6e:0f:2a:b8:06:72:3d:83:e1:da:f1:47:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Apr 18 13:54:15 2026 GMT
            Not After : Apr 17 13:59:15 2027 GMT
        Subject: CN=BC2021D6B3FA22C3E28E2BB261C3594C595AED9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:71:4f:42:0d:c3:6d:a3:a8:60:33:2b:03:a6:
                    24:04:2f:e4:b8:6b:52:14:b8:83:62:a3:2c:86:85:
                    44:5e:63:26:dc:89:16:29:e8:e7:07:9b:78:2b:4d:
                    e2:44:06:74:8b:3a:d3:07:b1:ab:55:b0:6f:8a:7c:
                    b0:dc:5d:2c:5d:e1:ef:0a:92:f8:89:55:62:df:ed:
                    4f:42:ca:dc:7f:49:a3:0b:26:3b:1a:fc:35:c2:c7:
                    43:d1:ae:3f:b6:da:c4:8a:e7:29:c8:01:cb:06:ee:
                    51:c9:a4:dd:15:3a:5a:0c:a0:34:59:b2:fb:9c:cd:
                    82:8c:b4:29:df:fe:7f:ea:5e:72:44:c6:7e:e0:67:
                    df:eb:ff:9c:65:ef:b4:ca:99:bf:d7:10:52:e6:0d:
                    c4:a9:2f:65:17:d8:9a:90:f6:67:ce:e2:0c:8d:69:
                    6b:32:81:73:fb:44:17:e8:58:81:f4:18:fe:e0:b3:
                    61:66:22:16:06:6c:26:ce:a3:85:4e:2f:b0:78:9e:
                    a4:b4:d9:07:75:37:43:82:32:f8:f6:1e:30:00:17:
                    b6:f3:06:13:c8:98:7e:a9:13:d3:e7:18:b1:99:d7:
                    d0:83:bd:cb:7b:57:70:89:e5:be:14:59:e6:22:d5:
                    88:48:a1:d2:af:94:b5:17:49:07:52:ad:5b:97:20:
                    27:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:20:21:D6:B3:FA:22:C3:E2:8E:2B:B2:61:C3:59:4C:59:5A:ED:9C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:7b:59:e8:8d:5a:ad:16:22:c1:ac:0b:bd:ca:5c:78:35:62:
         41:ae:d5:b9:57:20:3b:68:d0:e0:8e:24:11:b2:91:17:c5:d7:
         dd:e5:18:4c:9e:26:5f:ca:f3:17:13:6d:ab:4f:89:0f:5d:3d:
         50:5f:bf:e2:7d:b9:f8:f5:d1:71:04:be:7e:63:8b:fd:74:d9:
         af:d6:a6:67:b0:c4:e3:85:58:2b:f0:14:6c:62:a9:44:ad:34:
         ee:d9:3d:cf:7d:92:00:f3:d7:3d:1d:00:8e:cf:39:b5:69:c8:
         fa:4c:44:dd:82:d1:e2:cb:1a:24:c9:e5:d3:12:5a:0b:fb:ab:
         75:a3:af:b2:bc:3d:a6:a3:b6:ec:e7:dd:36:ee:16:ca:4a:85:
         4f:12:9d:98:30:d3:a6:7f:26:8a:8a:be:7d:c5:6c:2e:7d:fb:
         4a:11:30:d1:3b:24:7e:3f:3f:68:d8:0b:4e:d9:44:bb:68:48:
         29:39:46:84:c7:97:40:8a:e3:38:93:02:7a:8c:57:b7:2d:a2:
         e1:3b:e5:70:97:19:14:09:d5:25:f1:cc:e9:e4:84:62:ff:7d:
         29:c4:45:68:77:f7:86:a6:bf:57:8f:37:29:6a:06:8a:d8:e5:
         f0:37:27:d4:f7:72:c9:d4:bb:45:46:ec:d1:26:67:79:f1:25:
         71:d3:f8:83
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMQt6mOzDfm4PKrgGcj2D4drxRwAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA0MTgxMzU0MTVaFw0yNzA0MTcxMzU5MTVaMDMxMTAvBgNV
BAMTKEJDMjAyMUQ2QjNGQTIyQzNFMjhFMkJCMjYxQzM1OTRDNTk1QUVEOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClcU9CDcNto6hgMysDpiQEL+S4
a1IUuINioyyGhUReYybciRYp6OcHm3grTeJEBnSLOtMHsatVsG+KfLDcXSxd4e8K
kviJVWLf7U9Cytx/SaMLJjsa/DXCx0PRrj+22sSK5ynIAcsG7lHJpN0VOloMoDRZ
svuczYKMtCnf/n/qXnJExn7gZ9/r/5xl77TKmb/XEFLmDcSpL2UX2JqQ9mfO4gyN
aWsygXP7RBfoWIH0GP7gs2FmIhYGbCbOo4VOL7B4nqS02Qd1N0OCMvj2HjAAF7bz
BhPImH6pE9PnGLGZ19CDvct7V3CJ5b4UWeYi1YhIodKvlLUXSQdSrVuXICdLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUvCAh1rP6IsPijiuyYcNZTFla7ZwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFO4w
DQYJKoZIhvcNAQELBQADggEBALt7WeiNWq0WIsGsC73KXHg1YkGu1blXIDto0OCO
JBGykRfF193lGEyeJl/K8xcTbatPiQ9dPVBfv+J9ufj10XEEvn5ji/102a/Wpmew
xOOFWCvwFGxiqUStNO7ZPc99kgDz1z0dAI7PObVpyPpMRN2C0eLLGiTJ5dMSWgv7
q3Wjr7K8Paajtuzn3TbuFspKhU8SnZgw06Z/JoqKvn3FbC59+0oRMNE7JH4/P2jY
C07ZRLtoSCk5RoTHl0CK4ziTAnqMV7ctouE75XCXGRQJ1SXxzOnkhGL/fSnERWh3
94amv1ePNylqBorY5fA3J9T3csnUu0VG7NEmZ3nxJXHT+IM=
-----END CERTIFICATE-----