Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203048.roa
File:                     AS203048.roa (raw, json)
Hash identifier:          upthvDX9+sSfSKGiv6CFq/OCqOes+JFa7vWUU+KK3Uk=
Subject key identifier:   F4:8D:64:48:13:8B:00:30:DA:11:47:39:C0:23:12:6F:B5:96:D8:75
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       750C66FB4B64D37BD872585AF7B877F9436ADEAF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203048.roa
Signing time:             Fri 27 Mar 2026 13:50:15 +0000
ROA not before:           Fri 27 Mar 2026 13:45:15 +0000
ROA not after:            Fri 26 Mar 2027 13:50:15 +0000
asID:                     203048
IP address blocks:        148.135.255.0/24 maxlen: 24
                          155.117.102.0/24 maxlen: 24
                          162.141.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:0c:66:fb:4b:64:d3:7b:d8:72:58:5a:f7:b8:77:f9:43:6a:de:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 27 13:45:15 2026 GMT
            Not After : Mar 26 13:50:15 2027 GMT
        Subject: CN=F48D6448138B0030DA114739C023126FB596D875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b9:53:d2:3d:ee:32:b0:d4:85:b1:af:3e:2b:
                    4a:98:b9:5b:8c:c6:a5:25:42:8e:72:ee:de:0d:bf:
                    08:ab:19:7f:83:e4:03:5e:18:b0:a4:91:cc:0b:d3:
                    32:06:d4:3b:cc:d8:7b:7b:2c:aa:df:fe:e4:1c:f8:
                    2d:10:fd:a2:40:df:47:d1:31:6b:b7:b7:9f:fe:0e:
                    99:0b:9f:10:90:a7:83:6b:85:39:0e:b1:00:b7:67:
                    29:9b:74:0e:1e:29:dc:64:7f:84:bc:82:8f:63:90:
                    30:e1:24:b3:86:e0:8d:db:b9:c0:2b:38:13:af:c9:
                    34:63:e9:39:6c:a7:ad:31:d3:27:f5:43:cb:18:50:
                    b4:65:49:48:5b:51:86:eb:39:a7:70:b6:11:fe:58:
                    bf:63:6e:33:46:dc:84:9f:90:61:d2:58:33:f4:ac:
                    d0:fb:b4:c7:3f:79:24:12:fa:9d:79:6a:d7:e1:77:
                    ca:66:cb:31:29:a7:cc:67:83:b5:57:6f:5a:cf:b7:
                    42:db:d9:5a:59:a5:bb:43:cc:68:17:a4:e9:a9:5c:
                    4e:e7:9f:72:93:f9:57:e4:7a:19:f3:60:e1:8e:f7:
                    f4:97:1b:c2:08:ac:c7:a2:7a:0a:d2:98:30:48:e4:
                    77:f3:c2:c4:bc:98:d2:4c:01:0e:a4:ec:28:6b:a2:
                    04:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8D:64:48:13:8B:00:30:DA:11:47:39:C0:23:12:6F:B5:96:D8:75
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203048.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.255.0/24
                  155.117.102.0/24
                  162.141.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:1d:fa:83:14:81:11:d0:ee:45:c1:91:cf:e8:71:1f:5a:2c:
         4d:4f:96:6d:28:78:e9:66:43:b3:c1:1e:d4:9d:d2:74:51:a0:
         c9:3f:79:b5:a8:50:4a:a8:8e:ae:53:8b:61:9b:b6:54:f4:7c:
         b5:99:04:6e:17:e2:68:f6:59:cf:c3:b1:26:bf:6f:3e:61:8d:
         ab:29:61:04:2d:fd:b3:ec:f1:17:e7:3d:b9:07:df:98:b5:d1:
         92:d1:ee:1f:29:ae:57:3e:2c:48:a2:ca:f0:fd:48:6c:7c:12:
         16:3f:11:a4:44:3f:73:9c:1f:51:00:9e:37:87:ce:76:37:fb:
         27:eb:ea:5a:f4:40:8e:89:f9:1a:8f:35:80:44:b7:f2:65:fe:
         ef:5f:22:4c:14:8a:6e:87:4e:86:04:21:8a:b1:42:5e:f2:c2:
         ef:5e:8c:b2:15:60:5f:b4:2b:ba:70:96:01:3c:38:ca:0e:5a:
         dd:a6:df:4f:b3:8f:a2:a7:53:a9:73:b3:25:fe:e7:a9:d0:ba:
         19:c9:bb:82:37:19:f9:18:ec:bd:ed:d9:d6:52:4e:17:95:30:
         c3:fb:3b:27:78:42:d2:58:d0:84:a8:40:9f:e7:4a:bf:fc:e1:
         db:3c:0a:06:70:c1:87:89:8e:58:08:f5:55:2c:51:60:50:42:
         17:06:01:75
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUdQxm+0tk03vYclha97h3+UNq3q8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjcxMzQ1MTVaFw0yNzAzMjYxMzUwMTVaMDMxMTAvBgNV
BAMTKEY0OEQ2NDQ4MTM4QjAwMzBEQTExNDczOUMwMjMxMjZGQjU5NkQ4NzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjuVPSPe4ysNSFsa8+K0qYuVuM
xqUlQo5y7t4NvwirGX+D5ANeGLCkkcwL0zIG1DvM2Ht7LKrf/uQc+C0Q/aJA30fR
MWu3t5/+DpkLnxCQp4NrhTkOsQC3ZymbdA4eKdxkf4S8go9jkDDhJLOG4I3bucAr
OBOvyTRj6Tlsp60x0yf1Q8sYULRlSUhbUYbrOadwthH+WL9jbjNG3ISfkGHSWDP0
rND7tMc/eSQS+p15atfhd8pmyzEpp8xng7VXb1rPt0Lb2VpZpbtDzGgXpOmpXE7n
n3KT+VfkehnzYOGO9/SXG8IIrMeiegrSmDBI5HfzwsS8mNJMAQ6k7ChrogTNAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU9I1kSBOLADDaEUc5wCMSb7WW2HUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMDQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAlIf/
AwQAm3VmAwQAoo1rMA0GCSqGSIb3DQEBCwUAA4IBAQCkHfqDFIER0O5FwZHP6HEf
WixNT5ZtKHjpZkOzwR7UndJ0UaDJP3m1qFBKqI6uU4thm7ZU9Hy1mQRuF+Jo9lnP
w7Emv28+YY2rKWEELf2z7PEX5z25B9+YtdGS0e4fKa5XPixIosrw/UhsfBIWPxGk
RD9znB9RAJ43h852N/sn6+pa9ECOifkajzWARLfyZf7vXyJMFIpuh06GBCGKsUJe
8sLvXoyyFWBftCu6cJYBPDjKDlrdpt9Ps4+ip1Opc7Ml/uep0LoZybuCNxn5GOy9
7dnWUk4XlTDD+zsneELSWNCEqECf50q//OHbPAoGcMGHiY5YCPVVLFFgUEIXBgF1
-----END CERTIFICATE-----