Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS204765.roa
File:                     AS204765.roa (raw, json)
Hash identifier:          F9ySVJL3awCJrscpEQCttnorFbhiZb0noSV9sVI4l/U=
Subject key identifier:   A9:54:4D:D8:3E:06:E2:BC:8E:55:D1:78:4E:4E:13:51:45:EA:CC:37
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       708E27FB37C42BC54E271C389D47F4A15A427FA5
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS204765.roa
Signing time:             Thu 05 Mar 2026 17:59:35 +0000
ROA not before:           Thu 05 Mar 2026 17:54:35 +0000
ROA not after:            Thu 04 Mar 2027 17:59:35 +0000
asID:                     204765
IP address blocks:        143.20.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:8e:27:fb:37:c4:2b:c5:4e:27:1c:38:9d:47:f4:a1:5a:42:7f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Mar  5 17:54:35 2026 GMT
            Not After : Mar  4 17:59:35 2027 GMT
        Subject: CN=A9544DD83E06E2BC8E55D1784E4E135145EACC37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c8:e2:f3:70:55:16:4f:cd:40:5e:a4:c6:3e:
                    26:28:b7:a4:b3:d3:6d:7b:cd:6a:09:93:88:0e:c4:
                    4e:19:5c:2f:5a:c6:9f:b8:13:3b:2b:54:69:40:80:
                    07:54:68:c6:70:f8:f2:43:f1:dc:ae:59:47:72:81:
                    24:71:8a:3c:b9:9d:7b:4b:c4:d7:a4:ea:84:73:df:
                    e4:aa:cf:72:1f:18:9b:ca:c6:2d:cc:9e:65:0f:f2:
                    48:fc:b9:02:0a:a0:60:c6:10:38:10:45:17:67:dd:
                    2e:a7:e9:5a:d9:b4:94:7e:f7:63:15:f8:5f:65:95:
                    9f:08:da:44:7a:5d:32:46:1b:a8:59:9a:5a:4e:f3:
                    68:0a:0f:55:79:f5:23:71:dc:66:a7:24:ab:73:91:
                    7f:aa:c7:23:f5:10:01:3b:51:aa:6f:6b:1b:39:e9:
                    78:e4:b9:74:9c:24:d0:04:84:8c:49:2d:eb:e3:f8:
                    3c:48:db:6d:3e:04:3a:ab:03:eb:f1:02:b2:2e:4f:
                    f2:d8:de:a9:0e:f7:12:e8:f4:e2:0a:c3:6c:91:31:
                    10:1d:05:c0:fd:8d:0d:6b:b3:c2:3b:28:0d:68:29:
                    b0:be:71:d8:46:4c:4e:d9:0b:f6:5d:d1:bf:9e:1f:
                    8d:22:bc:e7:a3:51:e8:0a:4b:90:28:ad:20:41:b8:
                    8a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:54:4D:D8:3E:06:E2:BC:8E:55:D1:78:4E:4E:13:51:45:EA:CC:37
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS204765.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:ae:d0:31:d2:01:f1:6b:fb:1c:35:9b:76:02:70:ac:df:7b:
         25:81:2f:94:76:62:ae:15:70:f1:52:e5:e6:8e:f0:9f:1d:3d:
         28:b3:85:10:e9:fa:d1:af:b0:99:16:3f:1e:83:e1:78:0d:52:
         ae:1c:f6:54:ca:be:73:60:6e:0b:0e:93:71:7b:5e:c4:d5:00:
         17:d6:ed:ec:8c:5a:ed:df:14:38:3c:9b:c2:e3:ae:d0:53:64:
         af:c8:65:cc:9c:a5:6e:e1:0f:0c:e2:fb:26:5f:95:3f:d3:4b:
         73:52:7e:60:bf:fe:7e:24:d4:e0:19:a7:7d:1c:75:f8:65:bf:
         ae:d7:99:65:22:63:02:48:7c:d0:ba:6e:bd:bd:7f:ad:7d:ea:
         72:1c:aa:44:27:e4:7f:c5:28:cb:2e:d1:97:b7:d2:a3:8d:36:
         d7:93:00:6a:2c:0b:a7:78:aa:75:19:c7:68:c6:68:0f:bd:1a:
         ae:8e:93:0e:d3:5b:6f:a9:67:ff:30:28:fe:70:a5:de:26:94:
         9e:97:9c:2b:da:1c:4f:58:91:2f:d7:36:21:25:0f:9f:1b:69:
         95:90:1e:08:30:c7:71:d4:5a:ba:85:15:9d:bb:f9:5c:56:b7:
         d6:44:96:d9:ba:c2:7a:37:6a:4e:38:4a:36:da:61:03:77:e5:
         a8:91:80:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcI4n+zfEK8VOJxw4nUf0oVpCf6UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMDUxNzU0MzVaFw0yNzAzMDQxNzU5MzVaMDMxMTAvBgNV
BAMTKEE5NTQ0REQ4M0UwNkUyQkM4RTU1RDE3ODRFNEUxMzUxNDVFQUNDMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfyOLzcFUWT81AXqTGPiYot6Sz
0217zWoJk4gOxE4ZXC9axp+4EzsrVGlAgAdUaMZw+PJD8dyuWUdygSRxijy5nXtL
xNek6oRz3+Sqz3IfGJvKxi3MnmUP8kj8uQIKoGDGEDgQRRdn3S6n6VrZtJR+92MV
+F9llZ8I2kR6XTJGG6hZmlpO82gKD1V59SNx3GanJKtzkX+qxyP1EAE7Uapvaxs5
6XjkuXScJNAEhIxJLevj+DxI220+BDqrA+vxArIuT/LY3qkO9xLo9OIKw2yRMRAd
BcD9jQ1rs8I7KA1oKbC+cdhGTE7ZC/Zd0b+eH40ivOejUegKS5AorSBBuIr/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqVRN2D4G4ryOVdF4Tk4TUUXqzDcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA0NzY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxR5
MA0GCSqGSIb3DQEBCwUAA4IBAQBsrtAx0gHxa/scNZt2AnCs33slgS+UdmKuFXDx
UuXmjvCfHT0os4UQ6frRr7CZFj8eg+F4DVKuHPZUyr5zYG4LDpNxe17E1QAX1u3s
jFrt3xQ4PJvC467QU2SvyGXMnKVu4Q8M4vsmX5U/00tzUn5gv/5+JNTgGad9HHX4
Zb+u15llImMCSHzQum69vX+tfepyHKpEJ+R/xSjLLtGXt9KjjTbXkwBqLAuneKp1
GcdoxmgPvRqujpMO01tvqWf/MCj+cKXeJpSel5wr2hxPWJEv1zYhJQ+fG2mVkB4I
MMdx1Fq6hRWdu/lcVrfWRJbZusJ6N2pOOEo22mEDd+WokYCm
-----END CERTIFICATE-----