Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203057.roa
File:                     AS203057.roa (raw, json)
Hash identifier:          v2S/uc0WTXjNkBTbFcgFUnMUTFxn+pad4FtgGvrqKEU=
Subject key identifier:   B4:BC:D7:94:F5:C6:E5:B4:27:82:21:C8:6E:39:17:A0:A1:95:B7:6D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       400959EF3EC0A350F119B00595F1549F15C59704
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203057.roa
Signing time:             Tue 17 Mar 2026 06:51:00 +0000
ROA not before:           Tue 17 Mar 2026 06:46:00 +0000
ROA not after:            Tue 16 Mar 2027 06:51:00 +0000
asID:                     203057
IP address blocks:        178.83.5.0/24 maxlen: 24
                          178.83.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:09:59:ef:3e:c0:a3:50:f1:19:b0:05:95:f1:54:9f:15:c5:97:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 17 06:46:00 2026 GMT
            Not After : Mar 16 06:51:00 2027 GMT
        Subject: CN=B4BCD794F5C6E5B4278221C86E3917A0A195B76D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5e:73:9d:3d:d1:27:ea:79:ed:c3:76:55:fe:
                    07:e7:2e:72:ed:d4:2f:12:4a:22:57:01:e6:7d:51:
                    27:53:0a:74:14:b4:0d:ce:62:07:33:5d:1a:c1:52:
                    5e:b0:69:a5:85:21:34:7a:0f:b7:af:db:23:fc:6e:
                    ad:0c:24:fc:e4:0e:35:6f:76:41:ce:e2:04:86:eb:
                    72:9d:33:7f:29:06:49:70:4c:a6:34:76:9a:33:86:
                    6f:d3:44:2c:f2:bd:f7:1e:c0:17:ff:b8:14:39:a7:
                    f5:49:48:86:8d:87:65:0b:0a:c4:f5:86:21:67:45:
                    d8:f7:44:7b:d5:61:08:75:19:04:a3:f5:fc:a1:ef:
                    ff:19:fa:91:b7:9d:e8:d8:83:b5:a4:4f:e0:77:d0:
                    fa:61:35:f5:5a:0c:36:df:b6:1e:bc:f3:fb:d6:96:
                    0a:9e:2d:99:c6:b9:ca:3f:5a:f0:3e:b8:0a:95:21:
                    35:b5:2e:ce:73:ce:88:ab:3e:7a:e2:4a:01:6b:9c:
                    63:50:e1:3b:de:5e:c4:53:12:62:35:c5:e7:d5:ec:
                    60:aa:2d:6b:b3:84:aa:b4:b4:93:4a:cf:3e:b2:ab:
                    a7:ac:53:c8:8d:09:2b:4f:f8:9c:7e:8d:89:99:b6:
                    68:2c:55:09:26:09:c2:57:4d:b4:77:f4:11:bd:49:
                    98:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:BC:D7:94:F5:C6:E5:B4:27:82:21:C8:6E:39:17:A0:A1:95:B7:6D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203057.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.5.0/24
                  178.83.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:e5:87:0b:bb:35:22:16:96:82:36:64:5a:63:3c:9a:4c:3d:
         a8:da:fa:ec:91:f6:c9:05:2f:73:66:77:15:f6:1c:99:bc:85:
         76:c1:ab:9a:8f:d6:69:87:bf:f4:d2:02:34:bc:4a:07:59:04:
         7f:66:de:cb:b9:aa:96:d8:aa:26:01:24:6e:07:e0:7c:0a:ec:
         6e:bf:0d:9e:d9:13:cc:d7:ee:91:c2:fb:85:a7:ca:df:b7:bc:
         a9:17:19:e4:e4:4c:18:8e:33:e0:e5:4a:19:61:d8:0a:10:bf:
         8a:eb:78:c7:4c:dc:56:c6:11:10:b4:da:ea:37:5b:85:85:6f:
         6d:57:50:3a:3e:f4:4e:d8:72:a2:59:5b:d8:3b:7f:95:54:3b:
         40:26:53:f0:58:cd:39:8d:4b:e4:83:a8:04:c4:ec:d8:80:68:
         43:ac:fa:db:d3:80:bc:3e:a9:83:ae:fe:31:8a:c9:c2:00:b0:
         f8:9a:fa:f6:51:40:c0:68:66:cd:40:53:a5:be:65:3e:b6:54:
         2c:f7:8b:cc:8e:2c:7d:aa:4a:61:d3:a0:2f:43:bb:9e:2d:1d:
         3a:39:64:b9:25:dc:68:5b:eb:6d:77:d2:37:d6:56:ec:ca:da:
         15:a0:93:bf:e9:c6:a7:e1:91:db:e9:67:33:f0:be:08:4c:a0:
         0a:c5:43:9e
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUQAlZ7z7Ao1DxGbAFlfFUnxXFlwQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTcwNjQ2MDBaFw0yNzAzMTYwNjUxMDBaMDMxMTAvBgNV
BAMTKEI0QkNENzk0RjVDNkU1QjQyNzgyMjFDODZFMzkxN0EwQTE5NUI3NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJXnOdPdEn6nntw3ZV/gfnLnLt
1C8SSiJXAeZ9USdTCnQUtA3OYgczXRrBUl6waaWFITR6D7ev2yP8bq0MJPzkDjVv
dkHO4gSG63KdM38pBklwTKY0dpozhm/TRCzyvfcewBf/uBQ5p/VJSIaNh2ULCsT1
hiFnRdj3RHvVYQh1GQSj9fyh7/8Z+pG3nejYg7WkT+B30PphNfVaDDbfth688/vW
lgqeLZnGuco/WvA+uAqVITW1Ls5zzoirPnriSgFrnGNQ4TveXsRTEmI1xefV7GCq
LWuzhKq0tJNKzz6yq6esU8iNCStP+Jx+jYmZtmgsVQkmCcJXTbR39BG9SZgDAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUtLzXlPXG5bQngiHIbjkXoKGVt20wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAzMDU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAslMF
AwQAslP/MA0GCSqGSIb3DQEBCwUAA4IBAQAY5YcLuzUiFpaCNmRaYzyaTD2o2vrs
kfbJBS9zZncV9hyZvIV2wauaj9Zph7/00gI0vEoHWQR/Zt7LuaqW2KomASRuB+B8
Cuxuvw2e2RPM1+6RwvuFp8rft7ypFxnk5EwYjjPg5UoZYdgKEL+K63jHTNxWxhEQ
tNrqN1uFhW9tV1A6PvRO2HKiWVvYO3+VVDtAJlPwWM05jUvkg6gExOzYgGhDrPrb
04C8PqmDrv4xisnCALD4mvr2UUDAaGbNQFOlvmU+tlQs94vMjix9qkph06AvQ7ue
LR06OWS5JdxoW+ttd9I31lbsytoVoJO/6can4ZHb6Wcz8L4ITKAKxUOe
-----END CERTIFICATE-----