Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203446.roa
File:                     AS203446.roa (raw, json)
Hash identifier:          06VkTD1Y2eBeXx7sIB2fBBGj/V1g5IRH5t/kzDmEPy4=
Subject key identifier:   AD:CD:C6:C8:94:D8:9E:BB:E1:CE:0F:47:94:58:1C:ED:9A:0F:29:BD
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       36848074430EA5EE80D92D6BCB581289C227A220
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203446.roa
Signing time:             Wed 22 Apr 2026 10:59:20 +0000
ROA not before:           Wed 22 Apr 2026 10:54:20 +0000
ROA not after:            Wed 21 Apr 2027 10:59:20 +0000
asID:                     203446
IP address blocks:        140.150.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:84:80:74:43:0e:a5:ee:80:d9:2d:6b:cb:58:12:89:c2:27:a2:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 22 10:54:20 2026 GMT
            Not After : Apr 21 10:59:20 2027 GMT
        Subject: CN=ADCDC6C894D89EBBE1CE0F4794581CED9A0F29BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ab:a9:0b:6b:3b:1c:97:24:3b:3f:98:63:4d:
                    2d:9c:d5:c7:a6:b3:fa:e8:75:b9:ce:07:3f:78:8c:
                    06:01:9d:ef:7a:9a:5e:ca:52:e3:61:a5:9d:b3:c9:
                    2c:99:30:5c:2d:04:e9:cd:8a:80:4a:15:65:91:28:
                    1c:8f:58:63:ee:f1:0a:e5:37:7c:42:d3:14:83:d0:
                    b9:71:f8:fb:ad:56:b1:53:65:6b:03:95:af:20:2b:
                    fd:d4:55:38:a4:82:d0:e3:5a:26:6f:d3:a2:53:d8:
                    df:73:ee:e6:33:f3:70:15:ee:08:24:55:e1:02:59:
                    71:1c:05:6d:1a:dd:f6:90:6f:98:b9:cc:6f:a1:25:
                    48:f6:95:28:9d:d4:0e:38:a4:bd:d3:d0:4c:2a:31:
                    cf:96:57:30:0d:1e:08:8a:b6:5c:3b:72:3b:3d:54:
                    08:82:31:42:9a:ae:2c:c8:23:ee:23:f1:2e:c2:91:
                    e2:c9:b9:52:a6:e8:aa:e7:b8:6d:56:d8:df:c6:93:
                    e3:a1:26:f3:eb:aa:5a:8a:ce:08:db:0c:63:b4:97:
                    27:30:ae:bb:b2:13:53:36:c2:13:bc:0b:3c:ba:d6:
                    53:03:62:ef:8c:1d:6a:28:a7:e5:db:0f:51:6a:b7:
                    7b:d1:ad:93:84:7e:78:9d:ca:f8:cb:29:d5:54:66:
                    76:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:CD:C6:C8:94:D8:9E:BB:E1:CE:0F:47:94:58:1C:ED:9A:0F:29:BD
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203446.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d3:f6:5f:2f:d2:2d:27:47:cf:2b:e3:41:9f:31:f1:dd:13:
         40:1c:06:bb:02:0c:b5:72:4d:12:be:f3:2a:a1:12:89:f2:3e:
         16:7e:54:92:ed:38:94:f5:99:4e:87:dc:b6:ab:8d:bf:43:ff:
         dc:6d:02:4a:f9:72:d5:66:80:48:43:00:eb:db:9d:d9:55:30:
         32:80:cc:37:1f:43:99:56:83:0a:9f:bb:00:c1:cf:38:b5:81:
         c7:d7:20:71:8f:e4:54:cb:10:24:ad:58:55:bc:c2:49:83:21:
         ca:83:b0:4a:29:6e:1b:a5:7f:6b:a0:1f:ba:85:28:d3:3d:4f:
         26:1b:48:06:15:4d:e5:2e:97:69:62:eb:3d:5b:93:c0:9d:e0:
         9c:f3:b5:26:b0:05:71:1b:fd:b2:71:b3:5f:6f:50:a8:ee:c9:
         4d:ec:d5:5f:eb:d0:7d:e4:11:a9:f6:79:87:fb:a6:0a:c7:d9:
         68:2f:6e:e4:77:c1:67:92:7c:cd:c8:6e:6c:9d:7e:74:5e:c0:
         3f:73:ef:f7:95:51:9e:f6:b0:29:38:5c:c1:f0:ef:49:3c:80:
         88:03:10:2a:3d:af:4e:04:e8:b0:c9:10:ab:4e:52:74:7b:4f:
         81:ea:8f:32:13:d7:c4:97:aa:dd:56:1d:ab:b2:f8:d3:72:3d:
         74:12:2a:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNoSAdEMOpe6A2S1ry1gSicInoiAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MjIxMDU0MjBaFw0yNzA0MjExMDU5MjBaMDMxMTAvBgNV
BAMTKEFEQ0RDNkM4OTREODlFQkJFMUNFMEY0Nzk0NTgxQ0VEOUEwRjI5QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDq6kLazsclyQ7P5hjTS2c1cem
s/rodbnOBz94jAYBne96ml7KUuNhpZ2zySyZMFwtBOnNioBKFWWRKByPWGPu8Qrl
N3xC0xSD0Llx+PutVrFTZWsDla8gK/3UVTikgtDjWiZv06JT2N9z7uYz83AV7ggk
VeECWXEcBW0a3faQb5i5zG+hJUj2lSid1A44pL3T0EwqMc+WVzANHgiKtlw7cjs9
VAiCMUKarizII+4j8S7CkeLJuVKm6KrnuG1W2N/Gk+OhJvPrqlqKzgjbDGO0lycw
rruyE1M2whO8Czy61lMDYu+MHWoop+XbD1Fqt3vRrZOEfnidyvjLKdVUZnbLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUrc3GyJTYnrvhzg9HlFgc7ZoPKb0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzNDQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjJbg
MA0GCSqGSIb3DQEBCwUAA4IBAQA40/ZfL9ItJ0fPK+NBnzHx3RNAHAa7Agy1ck0S
vvMqoRKJ8j4WflSS7TiU9ZlOh9y2q42/Q//cbQJK+XLVZoBIQwDr253ZVTAygMw3
H0OZVoMKn7sAwc84tYHH1yBxj+RUyxAkrVhVvMJJgyHKg7BKKW4bpX9roB+6hSjT
PU8mG0gGFU3lLpdpYus9W5PAneCc87UmsAVxG/2ycbNfb1Co7slN7NVf69B95BGp
9nmH+6YKx9loL27kd8FnknzNyG5snX50XsA/c+/3lVGe9rApOFzB8O9JPICIAxAq
Pa9OBOiwyRCrTlJ0e0+B6o8yE9fEl6rdVh2rsvjTcj10Eiqv
-----END CERTIFICATE-----