Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          5YgfBB5tSPLtaVtfn6BO5fm2GtaUhIxtCieu8G2jBdI=
Subject key identifier:   93:37:FB:D6:AC:42:95:8B:87:FE:99:EA:E2:CB:AD:B3:9E:83:4C:09
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1D237C8C043A4B561BFAD66BBFAD35A0EA7068F0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
Signing time:             Wed 30 Apr 2025 22:01:57 +0000
ROA not before:           Wed 30 Apr 2025 21:56:57 +0000
ROA not after:            Wed 29 Apr 2026 22:01:57 +0000
asID:                     20326
IP address blocks:        96.62.200.0/21 maxlen: 24
                          155.117.32.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:23:7c:8c:04:3a:4b:56:1b:fa:d6:6b:bf:ad:35:a0:ea:70:68:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 30 21:56:57 2025 GMT
            Not After : Apr 29 22:01:57 2026 GMT
        Subject: CN=9337FBD6AC42958B87FE99EAE2CBADB39E834C09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a7:f4:1b:33:c2:04:66:54:28:53:e0:4f:88:
                    09:14:76:39:b6:69:82:d8:87:66:06:45:26:00:f8:
                    b5:a1:f2:63:63:7f:f2:ef:38:af:83:dd:ab:64:9a:
                    7e:f0:29:f4:bc:94:62:7b:44:2c:d7:02:4d:23:68:
                    fc:bf:49:12:fe:e0:5a:2a:44:42:e1:69:7b:0b:32:
                    56:fe:0f:dc:ff:1f:fc:c4:a9:fc:4e:51:73:04:8d:
                    00:1b:30:20:ab:6a:d8:87:d7:ee:fc:66:7f:b2:54:
                    13:c0:8f:10:6a:7c:89:fb:56:28:d6:90:64:62:4a:
                    84:0f:e3:13:db:17:04:97:ff:a5:67:f1:e7:2e:ef:
                    c5:83:5c:d0:62:be:b8:48:c0:5c:27:ac:55:b3:d7:
                    76:05:b2:f4:a6:03:1b:26:b7:2b:de:60:2e:b9:f6:
                    c9:57:65:c0:a8:e8:b1:4d:1e:de:eb:61:ad:0c:4a:
                    81:fb:2e:32:50:49:0b:12:7b:1b:b9:bf:89:15:6f:
                    06:69:17:f6:c0:4d:53:79:0e:4e:b0:6c:e8:63:85:
                    d9:c9:7b:43:36:a1:4d:90:a0:80:b2:c1:45:4b:da:
                    58:81:a7:fe:b8:f9:50:68:c2:a2:9d:78:99:a7:77:
                    e4:93:d1:08:57:7e:da:19:60:6d:2a:dd:a3:a3:0e:
                    3e:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:37:FB:D6:AC:42:95:8B:87:FE:99:EA:E2:CB:AD:B3:9E:83:4C:09
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.200.0/21
                  155.117.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         03:ab:44:96:45:a1:13:19:55:b2:62:67:6b:94:5d:e1:f0:26:
         be:5e:5e:4b:5e:1c:ab:8d:2a:37:06:99:b8:9e:f4:b8:c5:0c:
         16:95:8d:94:ab:9a:36:ef:27:97:59:5c:49:26:d8:41:29:de:
         e5:3f:b4:29:08:12:11:f8:45:21:0f:74:b4:33:92:fd:46:2d:
         5f:64:4a:ac:49:2f:58:a6:fd:44:98:2c:f1:ef:a5:b5:1a:21:
         d5:5a:67:4d:53:3a:36:8b:61:94:91:da:c3:05:50:20:7d:c3:
         d7:59:15:51:62:d9:29:36:96:f4:43:51:86:1d:b7:fd:ff:44:
         1e:28:63:43:a7:4b:7e:4b:fd:bc:1b:e3:45:e3:ba:61:73:e2:
         34:01:99:b5:6c:ce:12:8e:8b:44:e9:c6:ae:29:a1:c2:77:ee:
         0f:42:c3:8f:56:b3:c1:cf:4d:02:f4:e4:30:3a:03:81:7e:3c:
         9d:71:f0:ce:23:31:e2:2c:a6:bf:9f:e8:06:63:73:65:46:6b:
         12:7b:50:a2:56:12:b0:cc:69:a5:18:3d:58:c9:18:e8:2c:1c:
         6b:e0:2c:f0:7c:44:8d:3d:61:bc:ad:69:d4:01:fd:53:9c:7e:
         d9:99:78:cb:b2:01:9b:a3:78:d9:85:d1:94:74:aa:ba:07:d8:
         a2:00:e8:ce
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUHSN8jAQ6S1Yb+tZrv601oOpwaPAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MzAyMTU2NTdaFw0yNjA0MjkyMjAxNTdaMDMxMTAvBgNV
BAMTKDkzMzdGQkQ2QUM0Mjk1OEI4N0ZFOTlFQUUyQ0JBREIzOUU4MzRDMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVp/QbM8IEZlQoU+BPiAkUdjm2
aYLYh2YGRSYA+LWh8mNjf/LvOK+D3atkmn7wKfS8lGJ7RCzXAk0jaPy/SRL+4Foq
RELhaXsLMlb+D9z/H/zEqfxOUXMEjQAbMCCratiH1+78Zn+yVBPAjxBqfIn7VijW
kGRiSoQP4xPbFwSX/6Vn8ecu78WDXNBivrhIwFwnrFWz13YFsvSmAxsmtyveYC65
9slXZcCo6LFNHt7rYa0MSoH7LjJQSQsSexu5v4kVbwZpF/bATVN5Dk6wbOhjhdnJ
e0M2oU2QoICywUVL2liBp/64+VBowqKdeJmnd+ST0QhXftoZYG0q3aOjDj6NAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUkzf71qxClYuH/pnq4suts56DTAkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBANgPsgD
BAObdSAwDQYJKoZIhvcNAQELBQADggEBAAOrRJZFoRMZVbJiZ2uUXeHwJr5eXkte
HKuNKjcGmbie9LjFDBaVjZSrmjbvJ5dZXEkm2EEp3uU/tCkIEhH4RSEPdLQzkv1G
LV9kSqxJL1im/USYLPHvpbUaIdVaZ01TOjaLYZSR2sMFUCB9w9dZFVFi2Sk2lvRD
UYYdt/3/RB4oY0OnS35L/bwb40XjumFz4jQBmbVszhKOi0Tpxq4pocJ37g9Cw49W
s8HPTQL05DA6A4F+PJ1x8M4jMeIspr+f6AZjc2VGaxJ7UKJWErDMaaUYPVjJGOgs
HGvgLPB8RI09YbytadQB/VOcftmZeMuyAZujeNmF0ZR0qroH2KIA6M4=
-----END CERTIFICATE-----