Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS204767.roa
File:                     AS204767.roa (raw, json)
Hash identifier:          mJ0kGyEdXPx19Tqr2cE0Jy+rH475uuL3HYKyFn6c93s=
Subject key identifier:   68:2D:74:28:3F:F7:D7:96:2B:C0:B0:65:29:6C:25:11:06:3B:FB:2C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0978C24FCE4CA77DF81216B9C878116139F2604F
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS204767.roa
Signing time:             Fri 06 Mar 2026 11:19:18 +0000
ROA not before:           Fri 06 Mar 2026 11:14:18 +0000
ROA not after:            Fri 05 Mar 2027 11:19:18 +0000
asID:                     204767
IP address blocks:        91.124.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:78:c2:4f:ce:4c:a7:7d:f8:12:16:b9:c8:78:11:61:39:f2:60:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar  6 11:14:18 2026 GMT
            Not After : Mar  5 11:19:18 2027 GMT
        Subject: CN=682D74283FF7D7962BC0B065296C2511063BFB2C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9d:3d:1b:e0:e5:ac:cc:2a:a9:15:65:af:5f:
                    b7:44:f3:20:aa:47:3d:6f:45:c4:4e:88:53:66:1d:
                    ef:d7:f1:6b:4a:3d:9c:9b:5d:c0:0e:03:cd:3a:f3:
                    94:e3:27:ac:cb:ec:ca:f9:a0:5f:ff:d0:5e:1b:b2:
                    9a:94:b6:87:91:df:a1:f3:b7:37:b4:ea:6f:ba:8c:
                    71:c9:e6:b5:dc:a5:6d:4b:5b:83:9b:56:dc:10:62:
                    35:d4:c2:b1:bf:2d:ee:ce:cf:cb:56:8b:bd:de:a1:
                    d4:ca:28:9f:2c:78:66:09:94:48:de:d0:92:f7:b9:
                    6f:c6:8b:45:95:2c:8e:35:19:7b:cd:c0:60:be:06:
                    43:cf:3b:3c:e1:68:c5:7d:b9:38:e5:10:ea:66:35:
                    dd:6b:67:77:d0:2d:8b:b9:45:e1:0b:96:5d:61:be:
                    c1:5c:61:e3:95:29:01:61:24:c9:35:a0:80:91:2a:
                    eb:d1:f8:67:6f:e9:fe:72:8f:20:a9:87:ed:47:3b:
                    b5:b9:ed:0e:85:56:c7:87:e5:f4:1d:a2:cf:af:73:
                    1a:72:d3:30:cf:70:a2:8c:9a:24:82:fd:79:f5:28:
                    ee:8d:eb:40:0e:b3:43:15:9b:40:8d:2c:4e:5f:cb:
                    ba:2c:41:5f:34:0f:f1:0c:4a:57:1e:84:46:51:99:
                    8b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:2D:74:28:3F:F7:D7:96:2B:C0:B0:65:29:6C:25:11:06:3B:FB:2C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS204767.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:13:55:a2:5e:90:24:a2:15:11:fb:e1:e5:4c:9e:e7:8a:0b:
         5f:54:a1:c6:fd:9f:88:92:02:ef:f2:eb:f6:5e:e6:36:fd:bd:
         cb:fb:40:a9:ac:ab:4d:e2:a9:b0:0c:83:60:f4:74:9a:9a:80:
         86:cc:41:9a:69:12:c9:cc:23:56:af:39:93:d4:01:e2:98:50:
         dc:f9:dc:6d:ee:e9:0f:ff:0b:42:b3:ba:2f:fc:d7:a2:0b:9e:
         37:fe:1a:ba:85:00:9c:b9:33:6b:ad:51:be:08:67:8e:61:93:
         ed:57:a6:68:49:6f:98:64:ef:5d:6f:92:68:5b:20:31:82:34:
         67:5f:17:af:e3:85:be:e1:c7:83:5e:0c:45:df:39:f6:73:85:
         b8:c0:77:22:a5:11:7b:69:8c:a0:25:9f:2b:43:90:78:2f:9a:
         13:97:b2:63:15:1c:11:94:8b:ea:3c:4a:69:a2:e5:2c:4a:5f:
         88:0f:84:6f:ea:6c:48:43:46:03:85:c8:3d:95:d4:1f:2d:7a:
         00:2e:f2:e4:bf:bc:33:3e:cb:3e:d2:1c:30:73:fc:84:e6:cc:
         ed:c7:e8:83:b9:53:7d:26:45:7c:34:91:cc:6b:0a:f6:12:96:
         8d:29:b7:fd:5f:f5:90:df:44:e1:c2:bf:4c:c9:92:86:5a:59:
         00:99:98:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCXjCT85Mp334Eha5yHgRYTnyYE8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMDYxMTE0MThaFw0yNzAzMDUxMTE5MThaMDMxMTAvBgNV
BAMTKDY4MkQ3NDI4M0ZGN0Q3OTYyQkMwQjA2NTI5NkMyNTExMDYzQkZCMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMnT0b4OWszCqpFWWvX7dE8yCq
Rz1vRcROiFNmHe/X8WtKPZybXcAOA80685TjJ6zL7Mr5oF//0F4bspqUtoeR36Hz
tze06m+6jHHJ5rXcpW1LW4ObVtwQYjXUwrG/Le7Oz8tWi73eodTKKJ8seGYJlEje
0JL3uW/Gi0WVLI41GXvNwGC+BkPPOzzhaMV9uTjlEOpmNd1rZ3fQLYu5ReELll1h
vsFcYeOVKQFhJMk1oICRKuvR+Gdv6f5yjyCph+1HO7W57Q6FVseH5fQdos+vcxpy
0zDPcKKMmiSC/Xn1KO6N60AOs0MVm0CNLE5fy7osQV80D/EMSlcehEZRmYsfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUaC10KD/315YrwLBlKWwlEQY7+ywwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA0NzY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3w2
MA0GCSqGSIb3DQEBCwUAA4IBAQAcE1WiXpAkohUR++HlTJ7nigtfVKHG/Z+IkgLv
8uv2XuY2/b3L+0CprKtN4qmwDINg9HSamoCGzEGaaRLJzCNWrzmT1AHimFDc+dxt
7ukP/wtCs7ov/NeiC543/hq6hQCcuTNrrVG+CGeOYZPtV6ZoSW+YZO9db5JoWyAx
gjRnXxev44W+4ceDXgxF3zn2c4W4wHcipRF7aYygJZ8rQ5B4L5oTl7JjFRwRlIvq
PEppouUsSl+ID4Rv6mxIQ0YDhcg9ldQfLXoALvLkv7wzPss+0hwwc/yE5sztx+iD
uVN9JkV8NJHMawr2EpaNKbf9X/WQ30Thwr9MyZKGWlkAmZhb
-----END CERTIFICATE-----