Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          dB/NwmZA7lhaQ/Hffcdtgaz2laIO6l7S12aXlNaMiMM=
Subject key identifier:   95:3F:1F:32:BE:29:AE:99:25:38:32:7E:AD:02:D3:97:6B:40:F4:8A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7ED91B615766FDE415E74A4455D3DE51E4383B21
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
Signing time:             Fri 27 Jun 2025 12:14:22 +0000
ROA not before:           Fri 27 Jun 2025 12:09:22 +0000
ROA not after:            Fri 26 Jun 2026 12:14:22 +0000
asID:                     20326
IP address blocks:        96.62.200.0/21 maxlen: 24
                          143.14.138.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:d9:1b:61:57:66:fd:e4:15:e7:4a:44:55:d3:de:51:e4:38:3b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 27 12:09:22 2025 GMT
            Not After : Jun 26 12:14:22 2026 GMT
        Subject: CN=953F1F32BE29AE992538327EAD02D3976B40F48A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:60:17:bc:be:9c:50:da:61:8c:46:de:1e:df:
                    c6:14:40:59:c2:cd:7c:7a:4f:56:d7:3c:fb:c7:45:
                    ac:5d:c1:fd:85:ec:ee:0f:16:88:76:18:75:0a:d0:
                    07:83:b7:da:d6:d5:2f:74:12:ec:c6:c2:b6:08:0c:
                    14:71:ca:a6:da:52:79:85:6b:12:d1:66:85:b2:db:
                    52:39:16:cd:77:95:90:fb:f0:de:55:9f:1d:04:29:
                    1a:9e:04:2f:dd:f6:90:d5:e0:bb:a5:5a:c8:20:35:
                    3c:83:51:5f:fb:8a:5a:04:0f:44:51:0b:3d:36:23:
                    9c:f8:50:6e:06:33:c5:96:4e:44:19:85:48:bd:41:
                    d9:1e:6a:47:fb:16:0c:17:5e:e0:ec:56:b6:9b:6f:
                    cf:11:da:00:db:40:5d:c8:4e:fa:c1:40:d5:22:be:
                    07:9d:94:22:bb:45:72:a4:11:00:c6:41:4f:65:31:
                    ba:8f:e0:74:ee:db:6b:30:ea:34:31:a6:10:fe:36:
                    7b:bf:d9:77:7e:71:a6:97:95:4b:b1:42:f4:41:fb:
                    5c:5b:5e:65:3d:04:e7:03:4a:ae:27:d0:fd:06:d6:
                    dd:74:90:c8:99:b3:d1:11:db:6d:c6:83:ce:00:7a:
                    b6:15:19:8d:95:a7:0a:3b:95:09:e5:fa:03:b0:71:
                    3e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:3F:1F:32:BE:29:AE:99:25:38:32:7E:AD:02:D3:97:6B:40:F4:8A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.200.0/21
                  143.14.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:e7:a7:f8:26:6a:0c:8e:44:cb:20:02:37:46:e7:61:96:00:
         e2:c8:4e:12:2f:e4:54:c4:0e:71:62:9c:07:aa:b0:5d:b9:f3:
         5e:92:fd:4e:41:0f:98:aa:8f:d6:a6:37:09:92:f5:2e:27:93:
         65:0d:b4:76:fa:c6:2d:20:2b:c0:aa:d5:0a:f4:7f:0a:24:e6:
         05:dd:ec:88:27:9c:c9:36:fc:52:ca:8a:0a:50:25:45:65:c8:
         90:3b:61:5e:74:00:86:62:6c:9b:4f:2b:2b:a4:2b:46:ad:20:
         01:8d:a7:20:de:f8:70:39:b1:8f:30:cf:4c:f3:f0:9a:a1:5b:
         d9:9b:f3:7c:b8:d8:b0:00:8c:45:3c:4f:40:e1:9b:c2:00:a6:
         ba:7b:4d:ad:0b:97:22:0c:35:3c:c1:48:75:4d:dd:f0:52:1d:
         e7:7e:0f:cc:1d:38:57:92:e9:40:cb:50:97:6b:e4:ef:10:91:
         e0:cc:d3:22:4f:85:d4:47:01:bd:6f:4c:8c:9b:30:29:c9:ac:
         05:e5:4c:bb:30:55:3f:4e:79:85:11:af:1d:b0:a6:cf:87:09:
         6a:ef:97:7f:e9:b8:0b:cf:04:b7:62:10:85:6c:f4:b7:27:35:
         a3:c4:46:c4:ad:a5:1f:d3:eb:21:bd:94:83:8c:c6:bb:5c:14:
         46:f8:46:00
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUftkbYVdm/eQV50pEVdPeUeQ4OyEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MjcxMjA5MjJaFw0yNjA2MjYxMjE0MjJaMDMxMTAvBgNV
BAMTKDk1M0YxRjMyQkUyOUFFOTkyNTM4MzI3RUFEMDJEMzk3NkI0MEY0OEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcYBe8vpxQ2mGMRt4e38YUQFnC
zXx6T1bXPPvHRaxdwf2F7O4PFoh2GHUK0AeDt9rW1S90EuzGwrYIDBRxyqbaUnmF
axLRZoWy21I5Fs13lZD78N5Vnx0EKRqeBC/d9pDV4LulWsggNTyDUV/7iloED0RR
Cz02I5z4UG4GM8WWTkQZhUi9Qdkeakf7FgwXXuDsVrabb88R2gDbQF3ITvrBQNUi
vgedlCK7RXKkEQDGQU9lMbqP4HTu22sw6jQxphD+Nnu/2Xd+caaXlUuxQvRB+1xb
XmU9BOcDSq4n0P0G1t10kMiZs9ER223Gg84AerYVGY2Vpwo7lQnl+gOwcT4jAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUlT8fMr4prpklODJ+rQLTl2tA9IowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBANgPsgD
BAGPDoowDQYJKoZIhvcNAQELBQADggEBACPnp/gmagyORMsgAjdG52GWAOLIThIv
5FTEDnFinAeqsF25816S/U5BD5iqj9amNwmS9S4nk2UNtHb6xi0gK8Cq1Qr0fwok
5gXd7IgnnMk2/FLKigpQJUVlyJA7YV50AIZibJtPKyukK0atIAGNpyDe+HA5sY8w
z0zz8JqhW9mb83y42LAAjEU8T0Dhm8IAprp7Ta0LlyIMNTzBSHVN3fBSHed+D8wd
OFeS6UDLUJdr5O8QkeDM0yJPhdRHAb1vTIybMCnJrAXlTLswVT9OeYURrx2wps+H
CWrvl3/puAvPBLdiEIVs9LcnNaPERsStpR/T6yG9lIOMxrtcFEb4RgA=
-----END CERTIFICATE-----