Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203054.roa
File:                     AS203054.roa (raw, json)
Hash identifier:          Esj13oQBgGbs21UkMUgSG+gdnc9sW+UZ2gO4A4UtPKU=
Subject key identifier:   83:F2:DC:63:91:4F:CF:4A:54:86:A7:BD:25:0B:59:B6:11:9B:A8:1F
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7A2E02EB558ABCA6D837592EE25C625B562A8C32
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203054.roa
Signing time:             Fri 27 Mar 2026 13:50:30 +0000
ROA not before:           Fri 27 Mar 2026 13:45:30 +0000
ROA not after:            Fri 26 Mar 2027 13:50:30 +0000
asID:                     203054
IP address blocks:        150.241.143.0/24 maxlen: 24
                          162.141.83.0/24 maxlen: 24
                          162.141.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:2e:02:eb:55:8a:bc:a6:d8:37:59:2e:e2:5c:62:5b:56:2a:8c:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 27 13:45:30 2026 GMT
            Not After : Mar 26 13:50:30 2027 GMT
        Subject: CN=83F2DC63914FCF4A5486A7BD250B59B6119BA81F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0c:f8:29:0e:a5:89:5a:47:96:b9:10:81:17:
                    e3:39:e8:40:e0:ca:d0:84:2e:bf:9a:a3:3f:4a:53:
                    f5:8d:e9:d5:74:c5:40:c0:97:46:8f:e3:80:1c:48:
                    e0:e5:3e:ff:93:a3:db:40:2e:46:4e:10:6d:5e:95:
                    30:2f:8f:be:4b:fa:0d:34:77:45:a6:30:a8:40:30:
                    84:10:6c:86:1d:56:d7:31:03:e3:69:99:f9:06:36:
                    90:e9:69:c9:88:d2:9e:88:dd:0b:22:92:b6:39:ce:
                    7b:29:30:3d:3f:42:28:63:e3:0f:84:59:e5:2a:86:
                    e5:64:38:df:b4:33:bc:61:44:d4:89:fa:c1:96:57:
                    64:e3:6e:24:59:aa:08:a5:42:66:5d:58:da:28:81:
                    8e:41:e5:26:9d:d4:92:d7:27:75:32:1d:08:41:1e:
                    d9:b0:37:61:94:15:91:dc:94:04:db:ab:48:49:4b:
                    3d:71:30:e4:c7:b0:8e:3d:e9:58:d9:5b:fd:1e:7d:
                    55:65:3b:73:2b:0c:3f:43:6c:6f:67:6f:1a:d1:3f:
                    37:b7:46:ce:d4:4f:c0:5f:4b:bd:09:26:5a:ec:36:
                    01:a6:66:fb:db:a5:46:c3:66:79:07:15:58:fb:80:
                    fc:b1:a9:02:10:0e:9a:82:5b:40:75:09:ba:1f:10:
                    91:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F2:DC:63:91:4F:CF:4A:54:86:A7:BD:25:0B:59:B6:11:9B:A8:1F
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203054.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.143.0/24
                  162.141.83.0/24
                  162.141.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:69:d9:94:ba:33:05:93:fd:2f:eb:41:8f:54:7f:14:ad:01:
         d4:c7:60:f4:16:3b:19:61:dd:8e:e5:c3:49:96:fb:a8:16:95:
         f9:de:3d:39:e4:a2:74:46:f1:3c:49:bf:a8:b1:fe:bd:88:7a:
         47:8f:26:bd:7f:87:25:24:4c:03:de:2a:ba:3e:f9:87:cc:fa:
         64:52:de:78:91:3c:a7:af:8d:48:2a:ec:37:49:af:d2:ca:bf:
         70:4e:23:1c:62:a6:91:d4:ac:31:09:41:46:c2:5b:68:e5:18:
         9a:43:a0:c1:d2:03:59:75:98:e0:64:f3:12:f3:79:4c:e1:a4:
         e8:af:35:03:5e:51:c2:39:20:e8:2e:ec:31:c6:bd:62:8c:d4:
         89:a4:83:35:0c:2e:07:40:59:aa:72:d4:a3:bd:f4:c6:e9:57:
         ef:66:92:6b:17:f5:09:f3:c5:9f:9a:3e:6d:84:c1:9b:e9:f8:
         7a:ad:b6:9d:1b:db:e3:02:e8:12:09:32:d1:11:fa:2b:28:fc:
         87:7e:7b:a9:f6:74:12:67:3c:0d:fa:e2:4c:50:01:4d:36:42:
         24:a1:7f:27:89:95:d9:bc:bc:18:77:f1:b8:53:00:51:5e:86:
         87:3e:60:66:19:74:e1:73:a4:16:85:01:19:1a:6c:c2:2e:b3:
         66:fb:13:27
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUei4C61WKvKbYN1ku4lxiW1YqjDIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjcxMzQ1MzBaFw0yNzAzMjYxMzUwMzBaMDMxMTAvBgNV
BAMTKDgzRjJEQzYzOTE0RkNGNEE1NDg2QTdCRDI1MEI1OUI2MTE5QkE4MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeDPgpDqWJWkeWuRCBF+M56EDg
ytCELr+aoz9KU/WN6dV0xUDAl0aP44AcSODlPv+To9tALkZOEG1elTAvj75L+g00
d0WmMKhAMIQQbIYdVtcxA+NpmfkGNpDpacmI0p6I3QsikrY5znspMD0/Qihj4w+E
WeUqhuVkON+0M7xhRNSJ+sGWV2TjbiRZqgilQmZdWNoogY5B5Sad1JLXJ3UyHQhB
HtmwN2GUFZHclATbq0hJSz1xMOTHsI496VjZW/0efVVlO3MrDD9DbG9nbxrRPze3
Rs7UT8BfS70JJlrsNgGmZvvbpUbDZnkHFVj7gPyxqQIQDpqCW0B1CbofEJFTAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUg/LcY5FPz0pUhqe9JQtZthGbqB8wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMDU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAlvGP
AwQAoo1TAwQAoo10MA0GCSqGSIb3DQEBCwUAA4IBAQAHadmUujMFk/0v60GPVH8U
rQHUx2D0FjsZYd2O5cNJlvuoFpX53j055KJ0RvE8Sb+osf69iHpHjya9f4clJEwD
3iq6PvmHzPpkUt54kTynr41IKuw3Sa/Syr9wTiMcYqaR1KwxCUFGwlto5RiaQ6DB
0gNZdZjgZPMS83lM4aTorzUDXlHCOSDoLuwxxr1ijNSJpIM1DC4HQFmqctSjvfTG
6VfvZpJrF/UJ88Wfmj5thMGb6fh6rbadG9vjAugSCTLREforKPyHfnup9nQSZzwN
+uJMUAFNNkIkoX8niZXZvLwYd/G4UwBRXoaHPmBmGXThc6QWhQEZGmzCLrNm+xMn
-----END CERTIFICATE-----