Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa
File:                     AS20454.roa (raw, json)
Hash identifier:          vtlJbt2wRzv97aZ7xUhaU6O7Enmm3N+a7nujtWwEy5E=
Subject key identifier:   D3:E8:23:72:AB:46:6F:00:FB:B9:B1:49:65:E9:29:EC:71:59:A0:B3
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5CFB2FD02A88F0E50E3A72DD3A8CA6F41E216FC4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa
Signing time:             Wed 11 Mar 2026 12:32:52 +0000
ROA not before:           Wed 11 Mar 2026 12:27:52 +0000
ROA not after:            Wed 10 Mar 2027 12:32:52 +0000
asID:                     20454
IP address blocks:        96.62.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:fb:2f:d0:2a:88:f0:e5:0e:3a:72:dd:3a:8c:a6:f4:1e:21:6f:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 11 12:27:52 2026 GMT
            Not After : Mar 10 12:32:52 2027 GMT
        Subject: CN=D3E82372AB466F00FBB9B14965E929EC7159A0B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c5:b8:94:08:6d:30:97:2a:58:df:f8:fb:72:
                    e1:42:46:17:96:e5:36:2b:5b:de:fa:9a:06:22:dc:
                    85:8c:e9:12:64:01:e1:24:df:f8:62:20:f4:cc:30:
                    f1:97:ec:a0:02:c4:be:b7:bf:b7:2e:1c:a1:d4:55:
                    66:e1:7e:8c:64:25:18:a4:7b:1a:4e:89:b4:e1:e8:
                    ee:71:3a:8a:6a:31:12:0a:fe:d5:7c:20:fe:95:3b:
                    af:a5:f0:b0:75:57:c6:2e:89:a5:1c:b5:65:67:d1:
                    83:c6:66:c9:ce:ed:c3:d3:fa:d3:60:c7:f5:80:da:
                    85:28:04:5c:51:68:cc:1a:da:07:7e:8f:ce:a6:35:
                    62:23:d4:ed:2a:bd:f3:01:a4:16:39:87:de:56:4e:
                    a7:70:8e:fd:3a:8c:91:9e:17:a3:f7:75:2f:28:27:
                    c2:8c:70:75:02:ca:80:28:54:a8:13:cb:be:15:96:
                    6d:28:f7:62:69:a2:41:f1:76:2a:ed:1a:51:17:4d:
                    c1:a6:e9:31:b2:20:32:f5:b2:e3:95:83:0d:bd:51:
                    9a:77:cf:f2:14:31:3e:44:6b:8c:78:68:b9:b2:9e:
                    ef:7b:4d:76:f0:e4:60:73:64:9a:e5:3e:72:c7:de:
                    0e:8b:b4:29:ec:12:66:1f:a6:b4:e7:8f:f7:7d:70:
                    72:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:E8:23:72:AB:46:6F:00:FB:B9:B1:49:65:E9:29:EC:71:59:A0:B3
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:56:9e:ef:a3:77:f0:9f:8c:54:75:c6:08:98:c6:09:94:07:
         ec:8f:6c:7a:da:12:e9:a1:c0:75:1d:86:ce:08:f1:1a:b1:f0:
         26:d7:62:b6:db:8f:1b:e9:74:10:dd:84:82:69:7b:81:18:5e:
         78:ac:12:c2:71:c3:aa:85:17:66:60:27:d5:50:40:f3:82:16:
         57:58:07:48:66:91:3e:c9:02:0f:e7:5e:70:ea:f5:6e:b6:56:
         da:d0:b1:8d:6d:b9:ba:d6:ea:67:2d:3f:7e:c2:90:90:04:2c:
         d9:5b:bd:e2:97:6a:22:4a:e1:a6:26:73:b4:91:83:3e:a3:73:
         64:1a:12:bd:72:73:b6:72:9b:70:ac:d7:ab:fc:88:d8:cd:24:
         57:83:e1:b5:ed:7d:ca:90:ea:2f:e5:07:01:75:be:a2:70:8a:
         04:30:eb:97:80:3b:a1:c5:01:fc:e5:58:3d:51:53:ba:82:21:
         a8:60:da:a8:e9:47:78:e9:93:bb:e4:58:c6:55:f9:90:b3:d9:
         15:e0:61:66:ba:97:5f:1f:d4:0a:ec:76:ba:08:8d:76:2b:6f:
         fc:ec:71:4d:24:76:18:4c:0a:69:ed:87:8e:74:78:86:70:c9:
         d5:2f:43:49:5c:51:6b:00:49:28:e4:93:13:aa:49:8f:bb:31:
         70:2a:5b:54
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXPsv0CqI8OUOOnLdOoym9B4hb8QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTExMjI3NTJaFw0yNzAzMTAxMjMyNTJaMDMxMTAvBgNV
BAMTKEQzRTgyMzcyQUI0NjZGMDBGQkI5QjE0OTY1RTkyOUVDNzE1OUEwQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2xbiUCG0wlypY3/j7cuFCRheW
5TYrW976mgYi3IWM6RJkAeEk3/hiIPTMMPGX7KACxL63v7cuHKHUVWbhfoxkJRik
expOibTh6O5xOopqMRIK/tV8IP6VO6+l8LB1V8YuiaUctWVn0YPGZsnO7cPT+tNg
x/WA2oUoBFxRaMwa2gd+j86mNWIj1O0qvfMBpBY5h95WTqdwjv06jJGeF6P3dS8o
J8KMcHUCyoAoVKgTy74Vlm0o92JpokHxdirtGlEXTcGm6TGyIDL1suOVgw29UZp3
z/IUMT5Ea4x4aLmynu97TXbw5GBzZJrlPnLH3g6LtCnsEmYfprTnj/d9cHL1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU0+gjcqtGbwD7ubFJZekp7HFZoLMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0NTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABgPmcw
DQYJKoZIhvcNAQELBQADggEBAABWnu+jd/CfjFR1xgiYxgmUB+yPbHraEumhwHUd
hs4I8Rqx8CbXYrbbjxvpdBDdhIJpe4EYXnisEsJxw6qFF2ZgJ9VQQPOCFldYB0hm
kT7JAg/nXnDq9W62VtrQsY1tubrW6mctP37CkJAELNlbveKXaiJK4aYmc7SRgz6j
c2QaEr1yc7Zym3Cs16v8iNjNJFeD4bXtfcqQ6i/lBwF1vqJwigQw65eAO6HFAfzl
WD1RU7qCIahg2qjpR3jpk7vkWMZV+ZCz2RXgYWa6l18f1ArsdroIjXYrb/zscU0k
dhhMCmnth450eIZwydUvQ0lcUWsASSjkkxOqSY+7MXAqW1Q=
-----END CERTIFICATE-----