Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20860.roa
File:                     AS20860.roa (raw, json)
Hash identifier:          teZhdzH+IL4W7jnLkUyCNud/oPqloTCVrGg3IblTyZs=
Subject key identifier:   E4:56:74:CA:48:CD:D4:63:1B:26:51:56:C0:90:02:8B:64:D2:AD:EC
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       65ABD297B56F4CEC44E35E1EF121CD5B722531F6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20860.roa
Signing time:             Thu 02 Oct 2025 13:55:08 +0000
ROA not before:           Thu 02 Oct 2025 13:50:08 +0000
ROA not after:            Thu 01 Oct 2026 13:55:08 +0000
asID:                     20860
IP address blocks:        141.98.158.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ab:d2:97:b5:6f:4c:ec:44:e3:5e:1e:f1:21:cd:5b:72:25:31:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct  2 13:50:08 2025 GMT
            Not After : Oct  1 13:55:08 2026 GMT
        Subject: CN=E45674CA48CDD4631B265156C090028B64D2ADEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:80:c4:c7:6d:98:7c:dc:f7:20:2d:f2:89:16:
                    ee:71:d8:99:d2:f9:07:b3:22:b4:d1:94:77:19:f6:
                    81:3c:e5:a9:27:a7:7b:cd:e7:c5:bd:25:9c:7b:02:
                    04:30:29:c9:29:6b:36:b0:ca:10:26:1b:18:bb:85:
                    24:6d:66:a9:c3:3a:09:b3:6e:37:68:a7:12:12:d5:
                    d8:72:d3:a9:5f:b3:a3:ef:ea:04:54:b3:67:0c:1b:
                    9e:d8:16:2e:e2:b0:5c:9a:9a:f8:0f:a5:06:6a:78:
                    12:8c:01:32:54:ed:d6:d2:38:14:e1:7f:95:99:c1:
                    d8:5d:0e:ca:30:1b:dc:b1:c1:e1:4a:fd:a1:82:7d:
                    b1:60:6b:68:3e:9c:99:9e:d7:85:4a:89:64:d5:5b:
                    9c:db:6c:d1:db:04:95:a8:9a:7b:cc:95:f3:46:a0:
                    de:27:26:e0:c4:85:89:f9:ba:03:4f:7a:bc:49:4b:
                    b8:95:85:fd:26:b2:37:61:e2:d9:b0:46:93:ae:a6:
                    54:ec:df:68:4a:dc:f5:67:7a:bb:f7:ab:22:8e:61:
                    8a:2c:1d:03:8a:ba:d0:db:95:d9:ee:7f:2c:86:d7:
                    45:a7:3c:58:0d:10:63:e4:1a:0e:f1:c9:5c:ea:83:
                    79:ec:aa:0e:e3:20:f5:d8:8a:df:ea:8a:67:52:0d:
                    a4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:56:74:CA:48:CD:D4:63:1B:26:51:56:C0:90:02:8B:64:D2:AD:EC
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20860.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:13:df:e3:92:01:61:63:ba:a9:0c:f0:bf:cd:75:be:18:36:
         ef:1c:6e:a7:39:b3:21:90:b4:00:03:2d:a7:b0:7f:cf:36:96:
         46:86:de:79:d4:c0:34:02:b2:0c:a7:79:8c:48:16:54:48:07:
         db:8e:7b:9c:6e:6e:e0:4c:78:67:ad:7a:c6:54:91:34:27:02:
         76:33:54:d6:2d:51:95:b1:87:47:4b:02:02:1b:29:f9:61:d0:
         7e:69:1b:f0:e9:d3:cc:93:83:b4:97:fd:da:8d:7c:41:0c:02:
         6f:f2:b7:c1:5e:5b:f5:0c:03:d6:69:91:e2:80:93:8f:15:3c:
         ca:8d:56:5d:56:24:b9:c8:c8:72:37:62:3b:3d:7e:d2:b4:e5:
         25:8b:f7:d1:38:98:b6:49:6e:66:9d:43:54:71:ef:78:00:63:
         e0:fa:03:4c:ba:8d:df:73:fd:46:b3:b3:5a:b5:a7:b0:89:18:
         94:2c:4e:70:bc:18:cf:e9:3b:bc:01:e2:5d:fb:cf:2e:ac:52:
         83:ed:e4:d8:4c:c0:81:1e:80:b6:59:07:df:d5:af:3b:63:ec:
         ed:09:42:cb:6b:02:04:d8:2e:b8:f4:e9:47:79:7e:98:9c:54:
         b4:49:c7:73:6a:73:07:d1:c0:ed:cd:d8:4e:48:74:13:ca:ef:
         a0:0f:7a:4c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZavSl7VvTOxE414e8SHNW3IlMfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTEwMDIxMzUwMDhaFw0yNjEwMDExMzU1MDhaMDMxMTAvBgNV
BAMTKEU0NTY3NENBNDhDREQ0NjMxQjI2NTE1NkMwOTAwMjhCNjREMkFERUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQgMTHbZh83PcgLfKJFu5x2JnS
+QezIrTRlHcZ9oE85aknp3vN58W9JZx7AgQwKckpazawyhAmGxi7hSRtZqnDOgmz
bjdopxIS1dhy06lfs6Pv6gRUs2cMG57YFi7isFyamvgPpQZqeBKMATJU7dbSOBTh
f5WZwdhdDsowG9yxweFK/aGCfbFga2g+nJme14VKiWTVW5zbbNHbBJWomnvMlfNG
oN4nJuDEhYn5ugNPerxJS7iVhf0msjdh4tmwRpOuplTs32hK3PVnerv3qyKOYYos
HQOKutDbldnufyyG10WnPFgNEGPkGg7xyVzqg3nsqg7jIPXYit/qimdSDaR9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU5FZ0ykjN1GMbJlFWwJACi2TSrewwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA4NjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGNYp4w
DQYJKoZIhvcNAQELBQADggEBAL4T3+OSAWFjuqkM8L/Ndb4YNu8cbqc5syGQtAAD
Laewf882lkaG3nnUwDQCsgyneYxIFlRIB9uOe5xubuBMeGetesZUkTQnAnYzVNYt
UZWxh0dLAgIbKflh0H5pG/Dp08yTg7SX/dqNfEEMAm/yt8FeW/UMA9ZpkeKAk48V
PMqNVl1WJLnIyHI3Yjs9ftK05SWL99E4mLZJbmadQ1Rx73gAY+D6A0y6jd9z/Uaz
s1q1p7CJGJQsTnC8GM/pO7wB4l37zy6sUoPt5NhMwIEegLZZB9/Vrztj7O0JQstr
AgTYLrj06Ud5fpicVLRJx3NqcwfRwO3N2E5IdBPK76APekw=
-----END CERTIFICATE-----