Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203149.roa
File:                     AS203149.roa (raw, json)
Hash identifier:          gp/HZogxlO+CQbRDn9I1CoS+yl9fAeLiFvUABfMONz0=
Subject key identifier:   A0:06:26:7A:C5:7C:E5:F1:B2:01:6F:8E:0F:02:67:2F:B1:6F:ED:73
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       772F8C2B0439C8F26C9464433B54F938E3815BBD
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203149.roa
Signing time:             Fri 08 May 2026 12:32:29 +0000
ROA not before:           Fri 08 May 2026 12:27:29 +0000
ROA not after:            Fri 07 May 2027 12:32:29 +0000
asID:                     203149
IP address blocks:        162.141.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:2f:8c:2b:04:39:c8:f2:6c:94:64:43:3b:54:f9:38:e3:81:5b:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  8 12:27:29 2026 GMT
            Not After : May  7 12:32:29 2027 GMT
        Subject: CN=A006267AC57CE5F1B2016F8E0F02672FB16FED73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:50:40:d6:5a:2d:23:90:b9:5d:de:4f:46:a5:
                    c7:66:f9:71:cf:b6:43:f6:19:55:1d:e7:75:d7:dc:
                    e7:c0:d7:6f:ca:d3:26:72:f7:d5:73:65:c2:aa:b4:
                    b4:58:a6:0d:e1:44:d0:a8:5f:0c:49:32:65:56:55:
                    ec:58:d7:ca:70:22:7d:1e:e5:c7:a3:b7:26:67:fe:
                    43:f3:d1:65:cf:09:02:d1:62:9f:32:de:fd:66:8e:
                    16:d2:1a:0a:b8:f4:a7:96:ce:1e:b4:31:7e:db:c4:
                    b4:88:1b:06:10:08:f9:91:8d:07:e4:b1:85:fb:f5:
                    fb:57:86:3e:37:2d:2c:70:80:ff:e0:eb:ee:03:c3:
                    dc:e3:41:dc:43:25:5c:fb:16:87:9c:de:0a:3b:82:
                    e8:17:22:66:75:01:d7:8e:13:25:76:27:bc:3f:7a:
                    b6:65:e6:9c:ed:0f:e4:ca:f7:f1:70:75:f7:f3:c9:
                    86:08:96:35:ed:69:58:4e:81:66:93:14:ef:2e:81:
                    87:db:e9:d5:d5:52:f0:a9:f5:38:14:20:bd:b5:e4:
                    b9:85:3b:a1:d6:b6:13:d1:21:7b:48:b4:c5:aa:7c:
                    38:35:ff:26:8f:87:b3:3e:0d:01:c2:67:34:77:2a:
                    9c:3d:88:cd:c2:20:c9:f1:73:0c:39:be:e7:ba:d7:
                    f8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:06:26:7A:C5:7C:E5:F1:B2:01:6F:8E:0F:02:67:2F:B1:6F:ED:73
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203149.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:f5:6c:cc:61:71:56:41:34:09:ab:40:b5:1e:6e:69:23:42:
         32:94:54:a6:56:bc:d8:26:7c:a8:c1:16:d1:58:20:70:f8:b4:
         eb:21:c2:8e:fa:aa:00:59:0f:56:ef:40:db:09:1a:46:07:cd:
         df:89:2b:a5:e4:4a:20:38:16:cf:2c:20:1b:f2:71:12:6d:ff:
         90:04:2c:c9:1c:3c:6c:8f:7c:8c:21:75:72:d9:50:40:90:31:
         6b:11:21:97:54:b9:1d:99:13:9b:cf:a3:ad:8f:30:e4:3b:f1:
         c2:85:25:61:c7:6a:bc:62:7d:56:e8:4a:74:89:64:ec:38:e3:
         c5:25:40:ae:67:70:53:14:55:28:84:ca:d5:83:4d:d0:13:8b:
         d1:d8:63:9c:23:b9:7a:15:04:71:82:db:5a:bf:96:ac:c0:0f:
         76:72:66:45:cb:7e:32:c2:09:a1:92:8b:86:a0:fa:6d:d7:95:
         be:08:7e:35:d8:ba:44:d9:64:6e:04:2f:0c:78:a1:2f:4d:f5:
         be:41:55:16:f8:07:a8:41:64:3e:ea:ab:fc:8a:1a:bf:df:ea:
         9d:b4:a6:35:ad:8f:d1:0d:56:27:62:e6:c0:69:13:a8:a1:fb:
         ad:38:21:5a:51:89:93:04:41:f4:4d:9e:ea:36:99:af:17:66:
         e2:2c:58:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdy+MKwQ5yPJslGRDO1T5OOOBW70wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDgxMjI3MjlaFw0yNzA1MDcxMjMyMjlaMDMxMTAvBgNV
BAMTKEEwMDYyNjdBQzU3Q0U1RjFCMjAxNkY4RTBGMDI2NzJGQjE2RkVENzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/UEDWWi0jkLld3k9Gpcdm+XHP
tkP2GVUd53XX3OfA12/K0yZy99VzZcKqtLRYpg3hRNCoXwxJMmVWVexY18pwIn0e
5cejtyZn/kPz0WXPCQLRYp8y3v1mjhbSGgq49KeWzh60MX7bxLSIGwYQCPmRjQfk
sYX79ftXhj43LSxwgP/g6+4Dw9zjQdxDJVz7Foec3go7gugXImZ1AdeOEyV2J7w/
erZl5pztD+TK9/FwdffzyYYIljXtaVhOgWaTFO8ugYfb6dXVUvCp9TgUIL215LmF
O6HWthPRIXtItMWqfDg1/yaPh7M+DQHCZzR3Kpw9iM3CIMnxcww5vue61/jnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoAYmesV85fGyAW+ODwJnL7Fv7XMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMTQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo2M
MA0GCSqGSIb3DQEBCwUAA4IBAQCu9WzMYXFWQTQJq0C1Hm5pI0IylFSmVrzYJnyo
wRbRWCBw+LTrIcKO+qoAWQ9W70DbCRpGB83fiSul5EogOBbPLCAb8nESbf+QBCzJ
HDxsj3yMIXVy2VBAkDFrESGXVLkdmRObz6OtjzDkO/HChSVhx2q8Yn1W6Ep0iWTs
OOPFJUCuZ3BTFFUohMrVg03QE4vR2GOcI7l6FQRxgttav5aswA92cmZFy34ywgmh
kouGoPpt15W+CH412LpE2WRuBC8MeKEvTfW+QVUW+AeoQWQ+6qv8ihq/3+qdtKY1
rY/RDVYnYubAaROoofutOCFaUYmTBEH0TZ7qNpmvF2biLFgC
-----END CERTIFICATE-----