Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205896.roa
File:                     AS205896.roa (raw, json)
Hash identifier:          BkxgPfL291sPOpVRfbQALERCqfX3qcUaRMbGhAnFpVE=
Subject key identifier:   52:AE:B4:6C:F8:1E:41:E5:64:6B:B5:AA:8B:86:10:9D:F7:18:86:53
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       03AC37DD78638AC4DBC793899F4FF051BEBB6D52
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205896.roa
Signing time:             Sun 08 Mar 2026 00:04:15 +0000
ROA not before:           Sat 07 Mar 2026 23:59:15 +0000
ROA not after:            Sun 07 Mar 2027 00:04:15 +0000
asID:                     205896
IP address blocks:        143.14.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:ac:37:dd:78:63:8a:c4:db:c7:93:89:9f:4f:f0:51:be:bb:6d:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar  7 23:59:15 2026 GMT
            Not After : Mar  7 00:04:15 2027 GMT
        Subject: CN=52AEB46CF81E41E5646BB5AA8B86109DF7188653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:7b:0f:de:97:e2:97:bb:9e:8a:95:f7:fe:98:
                    fa:69:5e:fa:78:c8:0f:f8:21:89:8e:73:5b:ef:cf:
                    2e:e2:db:83:0c:7d:4e:9d:d3:a3:27:f2:a0:56:cf:
                    ae:55:04:2d:30:a6:e7:e9:19:5a:7d:e6:19:d2:f3:
                    a8:b3:39:2c:a9:65:a1:ff:db:b9:44:72:5b:6b:ff:
                    7a:c9:8c:b7:2c:0b:9d:13:5a:f5:f6:a7:7d:97:1b:
                    d4:69:a7:82:66:ba:d5:dc:cf:fc:18:df:f9:81:4b:
                    12:bc:87:86:fd:51:da:c5:05:82:f7:0b:5e:a0:22:
                    f7:6d:39:2d:f0:7e:95:85:5a:d4:36:af:c3:11:12:
                    4c:4b:c3:c1:56:47:f3:da:ec:71:f4:10:14:73:68:
                    3d:65:69:5c:19:c0:ae:57:63:e5:2e:66:d3:f4:24:
                    12:fb:68:d7:e8:c4:ee:86:ba:1a:d9:7d:fb:4b:b9:
                    a6:55:68:b1:32:e2:aa:24:9d:06:ec:ff:1c:37:14:
                    f2:76:d8:39:50:02:a4:b1:c8:67:8f:4e:ff:9e:f4:
                    51:8a:05:3f:bd:88:15:b9:91:a1:67:cc:3f:2e:a3:
                    6e:ce:1c:1e:c9:37:33:c1:f8:5d:c5:45:52:2a:ee:
                    e6:6d:e7:e9:fc:89:25:60:61:86:b7:c4:23:03:fc:
                    eb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:AE:B4:6C:F8:1E:41:E5:64:6B:B5:AA:8B:86:10:9D:F7:18:86:53
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205896.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:bd:9b:44:06:37:57:24:6d:89:df:6e:fb:8b:88:bc:a4:52:
         e1:3d:d1:3b:15:d4:65:28:b9:ba:b0:41:54:cd:24:f8:05:f6:
         8f:d5:2e:4e:38:51:8b:70:a3:24:7c:a1:d8:c4:75:21:76:93:
         cd:8a:2a:82:7c:d5:46:6c:58:95:44:21:f6:78:4a:bf:97:af:
         62:f1:ca:24:ba:42:64:9a:03:ea:ea:e4:cb:3c:04:41:23:23:
         cb:61:72:76:f4:23:8c:5b:da:4f:23:0e:46:f7:21:e3:cb:2c:
         d2:df:f8:28:20:16:9b:96:18:3e:e5:3b:3e:6e:ee:22:4b:f4:
         2e:44:ed:9b:68:55:a1:f3:20:d4:28:ad:d0:36:b8:2f:80:98:
         d7:d6:a2:6b:d9:51:50:f6:70:17:e6:a7:2c:10:6b:d9:d4:90:
         5c:a9:a7:95:0c:ac:f2:49:18:9a:12:c3:f2:5b:40:9c:a8:38:
         ec:4e:0e:c5:16:8b:73:cc:8b:61:c2:2f:bb:10:56:ed:73:df:
         c2:ea:e0:5c:2b:da:f5:b4:94:f4:5f:43:7f:98:52:d5:cb:7d:
         1b:d0:2f:a1:7b:f3:9a:ec:e9:63:0e:a4:61:42:5c:a8:1e:a7:
         43:dd:07:af:94:38:dc:a8:56:02:94:6c:97:6d:59:a8:1e:40:
         4c:17:5f:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUA6w33XhjisTbx5OJn0/wUb67bVIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMDcyMzU5MTVaFw0yNzAzMDcwMDA0MTVaMDMxMTAvBgNV
BAMTKDUyQUVCNDZDRjgxRTQxRTU2NDZCQjVBQThCODYxMDlERjcxODg2NTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnew/el+KXu56Klff+mPppXvp4
yA/4IYmOc1vvzy7i24MMfU6d06Mn8qBWz65VBC0wpufpGVp95hnS86izOSypZaH/
27lEcltr/3rJjLcsC50TWvX2p32XG9Rpp4JmutXcz/wY3/mBSxK8h4b9UdrFBYL3
C16gIvdtOS3wfpWFWtQ2r8MREkxLw8FWR/Pa7HH0EBRzaD1laVwZwK5XY+UuZtP0
JBL7aNfoxO6GuhrZfftLuaZVaLEy4qoknQbs/xw3FPJ22DlQAqSxyGePTv+e9FGK
BT+9iBW5kaFnzD8uo27OHB7JNzPB+F3FRVIq7uZt5+n8iSVgYYa3xCMD/OvDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUq60bPgeQeVka7Wqi4YQnfcYhlMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA1ODk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw4U
MA0GCSqGSIb3DQEBCwUAA4IBAQCJvZtEBjdXJG2J3277i4i8pFLhPdE7FdRlKLm6
sEFUzST4BfaP1S5OOFGLcKMkfKHYxHUhdpPNiiqCfNVGbFiVRCH2eEq/l69i8cok
ukJkmgPq6uTLPARBIyPLYXJ29COMW9pPIw5G9yHjyyzS3/goIBablhg+5Ts+bu4i
S/QuRO2baFWh8yDUKK3QNrgvgJjX1qJr2VFQ9nAX5qcsEGvZ1JBcqaeVDKzySRia
EsPyW0CcqDjsTg7FFotzzIthwi+7EFbtc9/C6uBcK9r1tJT0X0N/mFLVy30b0C+h
e/Oa7OljDqRhQlyoHqdD3QevlDjcqFYClGyXbVmoHkBMF1/X
-----END CERTIFICATE-----