Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS204535.roa
File:                     AS204535.roa (raw, json)
Hash identifier:          ehiBWJUFFCsXxYynqpdpPY353uHggFZWHagE+QQyHCI=
Subject key identifier:   7A:A9:02:87:5E:ED:9B:B6:B2:3E:BB:62:02:CC:67:BA:B7:19:14:AF
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       18EEA7921E658187DFDC48DDB2734EB231D97922
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS204535.roa
Signing time:             Fri 08 May 2026 08:30:04 +0000
ROA not before:           Fri 08 May 2026 08:25:04 +0000
ROA not after:            Fri 07 May 2027 08:30:04 +0000
asID:                     204535
IP address blocks:        46.203.37.0/24 maxlen: 24
                          91.124.24.0/24 maxlen: 24
                          178.95.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 May 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ee:a7:92:1e:65:81:87:df:dc:48:dd:b2:73:4e:b2:31:d9:79:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  8 08:25:04 2026 GMT
            Not After : May  7 08:30:04 2027 GMT
        Subject: CN=7AA902875EED9BB6B23EBB6202CC67BAB71914AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:2b:ad:02:98:39:86:ba:b9:a9:0c:0f:8b:88:
                    30:d2:1b:7e:4d:d5:68:a3:cc:64:75:ef:26:0e:6b:
                    2e:c6:28:4f:3f:52:9c:99:55:92:05:53:13:b8:23:
                    3f:eb:37:21:85:a1:2a:ce:10:83:19:82:d7:2b:f8:
                    36:51:89:6f:3c:c9:50:2f:75:97:89:a9:c6:d7:99:
                    2d:bc:47:d5:a7:cc:b0:c5:1f:6b:ff:c5:32:9e:a1:
                    6f:c6:cd:81:32:8f:6e:5a:d7:a6:2a:8f:02:d3:33:
                    f2:aa:7b:c6:53:cf:2b:e6:81:eb:48:20:43:f7:e5:
                    c5:31:94:aa:bf:d4:7d:c5:c1:80:6c:79:cb:17:ef:
                    b1:12:e9:0e:0e:d5:02:12:9f:d9:03:d8:de:13:05:
                    89:e8:fd:43:9d:be:f5:6c:02:91:aa:71:e0:36:14:
                    67:2e:46:ce:39:d4:78:45:a5:9a:bb:17:68:ab:e5:
                    ac:02:b8:fc:2f:2c:d6:c5:62:e6:98:3c:3e:8a:30:
                    bc:e3:36:2b:49:c6:3d:87:dd:a8:ac:56:87:3e:e8:
                    2e:22:0d:d6:21:22:df:cb:0b:7a:75:c3:07:b6:8e:
                    df:63:52:f5:cf:1b:cf:8c:ac:26:c8:8c:71:90:30:
                    4c:71:a2:00:57:35:65:a4:5e:56:45:96:50:14:91:
                    c8:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A9:02:87:5E:ED:9B:B6:B2:3E:BB:62:02:CC:67:BA:B7:19:14:AF
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS204535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.37.0/24
                  91.124.24.0/24
                  178.95.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:09:b3:46:e3:35:93:ea:bb:08:78:eb:ce:73:2a:06:44:7e:
         84:ae:a3:f8:53:25:d7:be:ae:e2:43:c9:d3:8d:e3:fb:51:75:
         73:a7:f4:8d:ed:84:6b:d2:bb:87:62:9c:88:83:e9:2f:3e:66:
         b4:1b:66:60:a1:19:f9:fe:de:a5:d0:05:04:f5:ed:13:9c:fc:
         44:f9:4d:2b:17:66:01:94:92:17:a4:b9:7f:31:7a:67:47:83:
         5b:f5:b8:ef:99:77:e6:bc:dd:fb:92:ae:3e:e5:fb:7c:d4:fe:
         80:c3:d3:32:9a:9f:f7:cf:a3:b5:c6:5d:e5:ce:a7:82:72:a3:
         ba:e3:bc:8f:a9:f6:59:1e:cf:09:9c:a8:aa:ca:01:36:00:38:
         9c:94:4f:77:2a:fc:2d:8f:ae:69:e9:15:db:a2:31:18:4b:3b:
         a1:66:09:98:b1:0f:de:55:30:80:07:15:68:a5:0a:58:05:ea:
         a4:22:f5:6a:fd:75:31:ec:54:a1:cf:58:95:4e:7d:05:a4:cd:
         aa:37:03:40:ac:85:59:72:9a:bb:1b:6a:b3:88:6d:1b:65:32:
         f6:31:96:f3:08:7e:bc:71:01:96:e2:93:ad:2b:64:e7:a9:1d:
         0e:36:f0:ec:c6:99:60:64:6a:a6:12:7b:2c:fa:91:d1:7a:76:
         ea:3d:6e:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUGO6nkh5lgYff3EjdsnNOsjHZeSIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MDgwODI1MDRaFw0yNzA1MDcwODMwMDRaMDMxMTAvBgNV
BAMTKDdBQTkwMjg3NUVFRDlCQjZCMjNFQkI2MjAyQ0M2N0JBQjcxOTE0QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzK60CmDmGurmpDA+LiDDSG35N
1WijzGR17yYOay7GKE8/UpyZVZIFUxO4Iz/rNyGFoSrOEIMZgtcr+DZRiW88yVAv
dZeJqcbXmS28R9WnzLDFH2v/xTKeoW/GzYEyj25a16YqjwLTM/Kqe8ZTzyvmgetI
IEP35cUxlKq/1H3FwYBsecsX77ES6Q4O1QISn9kD2N4TBYno/UOdvvVsApGqceA2
FGcuRs451HhFpZq7F2ir5awCuPwvLNbFYuaYPD6KMLzjNitJxj2H3aisVoc+6C4i
DdYhIt/LC3p1wwe2jt9jUvXPG8+MrCbIjHGQMExxogBXNWWkXlZFllAUkci1AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUeqkCh17tm7ayPrtiAsxnurcZFK8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA0NTM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALssl
AwQAW3wYAwQAsl8HMA0GCSqGSIb3DQEBCwUAA4IBAQCGCbNG4zWT6rsIeOvOcyoG
RH6ErqP4UyXXvq7iQ8nTjeP7UXVzp/SN7YRr0ruHYpyIg+kvPma0G2ZgoRn5/t6l
0AUE9e0TnPxE+U0rF2YBlJIXpLl/MXpnR4Nb9bjvmXfmvN37kq4+5ft81P6Aw9My
mp/3z6O1xl3lzqeCcqO647yPqfZZHs8JnKiqygE2ADiclE93Kvwtj65p6RXbojEY
SzuhZgmYsQ/eVTCABxVopQpYBeqkIvVq/XUx7FShz1iVTn0FpM2qNwNArIVZcpq7
G2qziG0bZTL2MZbzCH68cQGW4pOtK2TnqR0ONvDsxplgZGqmEnss+pHRenbqPW7m
-----END CERTIFICATE-----