Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS203446.roa
File:                     AS203446.roa (raw, json)
Hash identifier:          oqoiqzh1+ViDUf4HKID2vR8MgIa8o5lwgPwsNCMr93E=
Subject key identifier:   D9:35:3F:8A:A2:F4:CD:BE:4F:48:DE:F4:56:43:A1:56:07:E2:32:3D
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       163F0C96BF7AB4858E165A359F7ECB81A09E4601
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS203446.roa
Signing time:             Tue 30 Sep 2025 10:03:14 +0000
ROA not before:           Tue 30 Sep 2025 09:58:14 +0000
ROA not after:            Tue 29 Sep 2026 10:03:14 +0000
asID:                     203446
IP address blocks:        82.139.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:3f:0c:96:bf:7a:b4:85:8e:16:5a:35:9f:7e:cb:81:a0:9e:46:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:14 2025 GMT
            Not After : Sep 29 10:03:14 2026 GMT
        Subject: CN=D9353F8AA2F4CDBE4F48DEF45643A15607E2323D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:aa:2f:4d:f9:03:5a:46:94:a4:cd:2c:b8:02:
                    72:fa:b0:9c:0e:9d:d5:09:71:ad:ac:1a:88:bf:a7:
                    3a:5e:c3:c8:63:9d:98:ec:f9:c9:88:a5:88:94:93:
                    70:e4:08:87:0f:4f:bc:c4:5a:4e:7b:5a:86:4a:24:
                    97:1b:21:f8:66:8b:c1:0e:5d:40:a2:0c:51:53:62:
                    81:1c:91:98:8f:3d:3f:b3:0e:14:87:cc:a4:3f:d9:
                    b2:d7:d0:6c:4d:45:d4:61:a7:47:6f:08:e8:12:2a:
                    64:ce:f3:4d:41:ad:b5:a1:78:49:b3:2c:33:48:1e:
                    d5:cd:df:fb:ae:1b:06:52:10:07:6e:bc:e0:f3:40:
                    e7:46:4f:1a:d6:57:83:83:43:93:b5:00:2f:d5:e3:
                    5a:bb:6c:cf:26:23:62:17:2c:58:75:7f:36:75:72:
                    0a:3c:e7:32:ae:56:8c:76:c5:8a:04:b9:47:c6:d7:
                    98:10:09:2f:e2:b4:ea:4c:be:30:97:01:78:95:17:
                    24:5d:79:80:03:3e:a6:c0:f2:e0:28:05:c6:f8:90:
                    b7:96:e2:a6:9a:5d:cf:7c:b7:c7:5b:16:3e:78:3b:
                    63:bd:10:8e:a7:7a:94:68:a1:91:b0:bd:f4:04:c1:
                    b3:bb:cf:39:5d:73:fb:52:ff:2c:9e:d8:03:ce:cc:
                    51:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:35:3F:8A:A2:F4:CD:BE:4F:48:DE:F4:56:43:A1:56:07:E2:32:3D
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS203446.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:7f:7a:36:5e:f6:a9:8d:43:f9:1f:62:fb:fd:1a:4f:14:a2:
         da:88:0f:b4:e4:66:5f:eb:26:b9:44:fd:cf:78:db:b0:10:b3:
         f7:35:7b:31:97:91:91:b8:b4:f9:bd:52:c0:ee:10:1c:29:25:
         ce:56:39:cd:54:8f:53:4e:90:3d:c0:45:9e:83:b1:3f:90:c6:
         95:88:ab:64:0b:f4:02:65:24:a5:7b:99:d3:b1:e7:2b:cd:c1:
         6a:c9:23:4f:f1:0a:d1:05:9d:43:bb:32:dc:a0:51:db:42:84:
         29:32:d2:fc:12:16:03:8d:6b:09:0c:34:ea:7d:0f:36:de:c5:
         c0:51:e4:a2:fb:c8:f6:c2:f0:4a:ae:a0:13:41:10:e4:3e:84:
         a5:c1:a1:10:92:1e:4e:9d:61:e4:26:a0:b1:06:85:5f:59:2e:
         03:5a:7c:48:a6:cd:1f:93:45:07:aa:11:a8:cb:23:80:de:64:
         46:67:db:57:5b:e5:a2:10:70:d4:3c:f6:e6:c0:99:84:d7:05:
         9b:1e:63:e4:f8:8a:16:8d:db:eb:a2:a1:a3:71:ff:84:c4:7b:
         04:30:a8:28:e2:e5:39:5c:f7:9c:55:1b:e5:f2:20:69:99:c1:
         5b:79:31:41:e8:5b:30:86:3a:3d:f4:f7:12:49:d5:f2:22:80:
         00:ed:7c:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFj8Mlr96tIWOFlo1n37LgaCeRgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTRaFw0yNjA5MjkxMDAzMTRaMDMxMTAvBgNV
BAMTKEQ5MzUzRjhBQTJGNENEQkU0RjQ4REVGNDU2NDNBMTU2MDdFMjMyM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4qi9N+QNaRpSkzSy4AnL6sJwO
ndUJca2sGoi/pzpew8hjnZjs+cmIpYiUk3DkCIcPT7zEWk57WoZKJJcbIfhmi8EO
XUCiDFFTYoEckZiPPT+zDhSHzKQ/2bLX0GxNRdRhp0dvCOgSKmTO801BrbWheEmz
LDNIHtXN3/uuGwZSEAduvODzQOdGTxrWV4ODQ5O1AC/V41q7bM8mI2IXLFh1fzZ1
cgo85zKuVox2xYoEuUfG15gQCS/itOpMvjCXAXiVFyRdeYADPqbA8uAoBcb4kLeW
4qaaXc98t8dbFj54O2O9EI6nepRooZGwvfQEwbO7zzldc/tS/yye2APOzFEbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2TU/iqL0zb5PSN70VkOhVgfiMj0wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjAzNDQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovv
MA0GCSqGSIb3DQEBCwUAA4IBAQCof3o2XvapjUP5H2L7/RpPFKLaiA+05GZf6ya5
RP3PeNuwELP3NXsxl5GRuLT5vVLA7hAcKSXOVjnNVI9TTpA9wEWeg7E/kMaViKtk
C/QCZSSle5nTsecrzcFqySNP8QrRBZ1DuzLcoFHbQoQpMtL8EhYDjWsJDDTqfQ82
3sXAUeSi+8j2wvBKrqATQRDkPoSlwaEQkh5OnWHkJqCxBoVfWS4DWnxIps0fk0UH
qhGoyyOA3mRGZ9tXW+WiEHDUPPbmwJmE1wWbHmPk+IoWjdvroqGjcf+ExHsEMKgo
4uU5XPecVRvl8iBpmcFbeTFB6Fswhjo99PcSSdXyIoAA7Xzu
-----END CERTIFICATE-----