Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS203090.roa
File:                     AS203090.roa (raw, json)
Hash identifier:          AtZQiXBdWfevJeS9ni8F5oxZwYfsEjJFqy+rO2NW5P0=
Subject key identifier:   F7:B6:A2:52:60:4D:13:C6:54:96:4A:B4:0B:57:AD:4D:BB:BD:EF:BC
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       26D28C22230734F6B9534B1D6F4CFCD355C28735
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS203090.roa
Signing time:             Wed 18 Mar 2026 06:37:31 +0000
ROA not before:           Wed 18 Mar 2026 06:32:31 +0000
ROA not after:            Wed 17 Mar 2027 06:37:31 +0000
asID:                     203090
IP address blocks:        212.60.151.0/24 maxlen: 24
                          212.60.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 01:30:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:d2:8c:22:23:07:34:f6:b9:53:4b:1d:6f:4c:fc:d3:55:c2:87:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Mar 18 06:32:31 2026 GMT
            Not After : Mar 17 06:37:31 2027 GMT
        Subject: CN=F7B6A252604D13C654964AB40B57AD4DBBBDEFBC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:cb:82:b2:68:87:47:60:17:a3:21:34:88:44:
                    09:4c:68:9a:53:d5:3c:a4:4b:bc:cd:48:01:cd:60:
                    2f:1a:2b:f5:83:71:aa:1c:d0:ec:2e:53:e7:1e:e2:
                    d7:1f:a3:90:65:cb:86:e6:33:bf:e1:08:a7:67:6b:
                    5a:8e:75:fc:45:60:6e:b5:f5:12:39:b2:ab:a5:9f:
                    e8:ab:74:52:6d:23:da:f4:3a:6b:89:76:55:eb:c5:
                    1d:36:d7:3e:77:b5:d6:f7:22:15:eb:44:8b:dc:43:
                    f7:00:a6:2d:2f:d0:73:b5:11:57:73:42:a6:20:8e:
                    e3:c8:f0:11:c8:9d:e1:3f:2e:4f:d4:44:00:c2:9d:
                    18:a8:c7:af:47:86:bd:ef:e8:c9:4e:2e:cf:a3:6e:
                    55:d6:6b:7d:6c:16:8a:bb:4c:ac:83:75:46:72:68:
                    82:65:ca:36:32:77:f8:bc:28:4c:c1:a9:75:77:00:
                    8c:29:a3:21:c6:21:c3:44:d6:f2:92:fa:be:d0:e1:
                    7e:4d:5f:d1:2c:b5:e5:ed:46:71:2e:e2:47:a6:e7:
                    bf:66:b7:e1:79:6a:8c:89:27:46:f2:5a:41:cb:c2:
                    15:0e:ac:23:cc:0e:ce:5b:93:13:ba:e0:b6:7b:81:
                    08:ab:19:dd:be:ae:c4:bf:23:fb:cc:09:fc:a2:33:
                    71:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B6:A2:52:60:4D:13:C6:54:96:4A:B4:0B:57:AD:4D:BB:BD:EF:BC
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS203090.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.151.0/24
                  212.60.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:f1:f4:b0:7f:de:ed:a7:77:2b:50:9c:a6:36:ea:d3:6e:fb:
         1d:d8:a0:a0:45:e3:f5:e0:4e:b5:3e:7f:01:7d:e5:82:03:4b:
         2b:99:56:b9:ad:2f:b0:0c:8b:69:a4:ff:54:2d:4b:38:fc:b3:
         c5:cb:69:5b:b1:b0:5e:0e:cf:e5:a8:cc:d8:2b:34:a5:94:b8:
         31:51:65:3b:70:ad:8f:3c:96:b7:cd:91:37:33:d1:e9:8f:af:
         b0:12:fb:f7:9a:f7:e6:44:3c:e5:48:6d:2f:af:39:53:5d:b8:
         ca:7b:3e:a8:ef:97:7b:e3:17:08:0d:e2:df:61:08:5e:69:95:
         d1:87:71:f5:6a:2b:25:f9:04:10:54:18:b9:04:ab:ef:a4:97:
         ff:26:e8:38:cf:18:36:b3:d1:96:d8:03:e6:ec:61:0e:54:6b:
         11:f5:b2:ed:70:14:3e:b9:1b:3f:84:18:f4:a7:0b:c3:8e:dc:
         64:6f:a8:a8:a6:d7:ac:ba:33:98:27:94:c2:4b:7c:21:1a:03:
         1f:18:2d:56:36:14:fe:a5:ef:d6:40:77:3b:cb:f0:60:70:8c:
         f2:9e:bb:32:8a:9c:d3:69:9c:b2:af:2d:56:27:7c:fa:c5:22:
         6a:96:77:ab:74:4c:73:16:84:ae:8a:eb:c8:8d:94:f4:ad:c1:
         e2:88:5e:50
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUJtKMIiMHNPa5U0sdb0z801XChzUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAzMTgwNjMyMzFaFw0yNzAzMTcwNjM3MzFaMDMxMTAvBgNV
BAMTKEY3QjZBMjUyNjA0RDEzQzY1NDk2NEFCNDBCNTdBRDREQkJCREVGQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcy4KyaIdHYBejITSIRAlMaJpT
1TykS7zNSAHNYC8aK/WDcaoc0OwuU+ce4tcfo5Bly4bmM7/hCKdna1qOdfxFYG61
9RI5squln+irdFJtI9r0OmuJdlXrxR021z53tdb3IhXrRIvcQ/cApi0v0HO1EVdz
QqYgjuPI8BHIneE/Lk/URADCnRiox69Hhr3v6MlOLs+jblXWa31sFoq7TKyDdUZy
aIJlyjYyd/i8KEzBqXV3AIwpoyHGIcNE1vKS+r7Q4X5NX9EsteXtRnEu4kem579m
t+F5aoyJJ0byWkHLwhUOrCPMDs5bkxO64LZ7gQirGd2+rsS/I/vMCfyiM3FVAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU97aiUmBNE8ZUlkq0C1etTbu977wwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjAzMDkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1DyX
AwQA1DyZMA0GCSqGSIb3DQEBCwUAA4IBAQBd8fSwf97tp3crUJymNurTbvsd2KCg
ReP14E61Pn8BfeWCA0srmVa5rS+wDItppP9ULUs4/LPFy2lbsbBeDs/lqMzYKzSl
lLgxUWU7cK2PPJa3zZE3M9Hpj6+wEvv3mvfmRDzlSG0vrzlTXbjKez6o75d74xcI
DeLfYQheaZXRh3H1aisl+QQQVBi5BKvvpJf/Jug4zxg2s9GW2APm7GEOVGsR9bLt
cBQ+uRs/hBj0pwvDjtxkb6ioptesujOYJ5TCS3whGgMfGC1WNhT+pe/WQHc7y/Bg
cIzynrsyipzTaZyyry1WJ3z6xSJqlnerdExzFoSuiuvIjZT0rcHiiF5Q
-----END CERTIFICATE-----