Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          YghPPN6Z+Ikq0qfF4Hix/ip9C9PelYm1dKzmuHRgR7Y=
Subject key identifier:   51:D3:80:D7:6A:80:CA:67:D7:AC:90:38:31:14:54:FE:C0:69:B6:D6
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       128EF57FB8B01C0BE51CCDC57AC0CAB889A80654
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
Signing time:             Thu 09 Oct 2025 13:35:08 +0000
ROA not before:           Thu 09 Oct 2025 13:30:08 +0000
ROA not after:            Thu 08 Oct 2026 13:35:08 +0000
asID:                     20473
IP address blocks:        150.241.208.0/24 maxlen: 24
                          150.241.216.0/21 maxlen: 24
                          150.241.234.0/24 maxlen: 24
                          162.141.12.0/24 maxlen: 24
                          167.148.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:8e:f5:7f:b8:b0:1c:0b:e5:1c:cd:c5:7a:c0:ca:b8:89:a8:06:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct  9 13:30:08 2025 GMT
            Not After : Oct  8 13:35:08 2026 GMT
        Subject: CN=51D380D76A80CA67D7AC9038311454FEC069B6D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9d:1e:63:ee:61:ab:39:e9:b7:4d:36:67:0a:
                    84:9a:16:f4:f6:fe:79:a1:aa:05:3f:24:f4:50:a3:
                    03:7a:4f:1e:76:b5:60:12:73:4e:e4:7c:45:de:93:
                    b3:13:98:88:d8:45:0b:16:6f:ae:7f:18:e2:66:8e:
                    f3:4e:c4:aa:00:76:98:93:11:f1:08:ea:37:32:e6:
                    dd:33:85:b7:92:4e:23:6b:92:ff:2c:73:db:da:35:
                    96:ab:4f:25:d8:0e:af:75:12:6a:99:25:dc:de:a1:
                    b1:45:46:7d:b2:a0:e4:ae:af:d6:e7:b5:77:00:02:
                    cd:a0:6f:14:a1:4b:d1:27:3d:11:05:bc:45:18:25:
                    04:77:90:f0:29:e6:ed:b7:e4:ae:f3:be:18:77:28:
                    84:61:f0:0f:e1:b9:27:4d:bd:cc:e6:61:1a:fb:a1:
                    ea:3d:f7:ec:91:23:95:d6:7a:7b:42:d5:9e:69:22:
                    1e:7d:bc:c8:f1:6b:1f:17:be:c6:e9:3d:b4:05:74:
                    15:e8:1b:9a:c2:f6:9d:fe:2a:cc:9e:6c:bd:e2:8a:
                    db:ac:c4:3b:fa:ca:d8:8e:92:05:a6:1d:2b:87:55:
                    0b:44:d5:20:2d:e3:55:5e:fb:ca:aa:3c:28:1d:c3:
                    bd:73:ae:88:d2:46:0a:0b:8f:1f:e2:a4:c5:3e:3e:
                    dc:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D3:80:D7:6A:80:CA:67:D7:AC:90:38:31:14:54:FE:C0:69:B6:D6
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.208.0/24
                  150.241.216.0/21
                  150.241.234.0/24
                  162.141.12.0/24
                  167.148.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:1c:3d:0d:48:c2:a2:8e:5c:0c:0e:4f:4c:a3:5b:f5:10:07:
         84:f9:30:25:04:37:cf:26:53:c9:58:d9:fe:e8:8d:ec:83:03:
         ff:72:de:29:80:26:d9:06:2e:41:39:40:d1:78:98:1c:ca:77:
         74:a5:88:74:18:f6:f6:77:e9:8c:37:41:f1:87:af:f5:a7:d4:
         bb:9e:40:a1:ee:96:a5:5c:72:3d:ac:a1:72:c2:2d:ed:b0:c1:
         fd:fc:cf:51:4c:f2:bc:9a:c0:43:2c:e0:2c:eb:1a:80:60:cb:
         cd:44:a6:6f:45:81:f8:85:2b:ba:78:a3:5e:a3:1a:f8:80:ae:
         6d:86:f1:61:cb:97:17:09:90:ac:5b:ed:7a:26:86:80:eb:e1:
         1c:f9:74:0a:9d:a6:0c:db:30:e5:cb:ba:3a:95:4b:9c:7d:c6:
         0a:93:9a:23:6c:d0:99:33:4d:16:a7:df:6d:5d:45:53:9d:89:
         17:8b:2b:23:f8:a3:e7:eb:15:95:e7:1a:a4:83:b3:d4:1b:9d:
         22:49:f4:fd:28:57:49:89:2b:74:14:0a:97:c6:32:17:15:f8:
         38:b2:01:8e:c5:75:d6:06:26:c5:9b:3b:9e:95:be:ac:fa:57:
         81:20:ac:38:b8:02:eb:c0:5b:42:c4:6f:00:32:fb:3c:14:6d:
         9e:4b:4d:4f
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUEo71f7iwHAvlHM3FesDKuImoBlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDkxMzMwMDhaFw0yNjEwMDgxMzM1MDhaMDMxMTAvBgNV
BAMTKDUxRDM4MEQ3NkE4MENBNjdEN0FDOTAzODMxMTQ1NEZFQzA2OUI2RDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnnR5j7mGrOem3TTZnCoSaFvT2
/nmhqgU/JPRQowN6Tx52tWASc07kfEXek7MTmIjYRQsWb65/GOJmjvNOxKoAdpiT
EfEI6jcy5t0zhbeSTiNrkv8sc9vaNZarTyXYDq91EmqZJdzeobFFRn2yoOSur9bn
tXcAAs2gbxShS9EnPREFvEUYJQR3kPAp5u235K7zvhh3KIRh8A/huSdNvczmYRr7
oeo99+yRI5XWentC1Z5pIh59vMjxax8XvsbpPbQFdBXoG5rC9p3+KsyebL3iitus
xDv6ytiOkgWmHSuHVQtE1SAt41Ve+8qqPCgdw71zrojSRgoLjx/ipMU+PtydAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUUdOA12qAymfXrJA4MRRU/sBpttYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBACW8dAD
BAOW8dgDBACW8eoDBACijQwDBACnlLEwDQYJKoZIhvcNAQELBQADggEBAEccPQ1I
wqKOXAwOT0yjW/UQB4T5MCUEN88mU8lY2f7ojeyDA/9y3imAJtkGLkE5QNF4mBzK
d3SliHQY9vZ36Yw3QfGHr/Wn1LueQKHulqVccj2soXLCLe2wwf38z1FM8ryawEMs
4CzrGoBgy81Epm9FgfiFK7p4o16jGviArm2G8WHLlxcJkKxb7XomhoDr4Rz5dAqd
pgzbMOXLujqVS5x9xgqTmiNs0JkzTRan321dRVOdiReLKyP4o+frFZXnGqSDs9Qb
nSJJ9P0oV0mJK3QUCpfGMhcV+DiyAY7FddYGJsWbO56Vvqz6V4EgrDi4AuvAW0LE
bwAy+zwUbZ5LTU8=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:42:50 2025 by rpki-client