Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          rzcET0h+kNQa7qmhb7DapKeM+65fyXnHGPTmAFcCSD0=
Subject key identifier:   35:1C:BC:4E:74:AA:7D:A4:22:1E:09:94:AE:9C:F6:5B:1A:CA:4B:37
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6F52FF7A322389779BDABCEE49FB2FD58E4B22CB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20326.roa
Signing time:             Wed 18 Mar 2026 13:59:36 +0000
ROA not before:           Wed 18 Mar 2026 13:54:36 +0000
ROA not after:            Wed 17 Mar 2027 13:59:36 +0000
asID:                     20326
IP address blocks:        143.20.238.0/24 maxlen: 24
                          143.20.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:58:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:52:ff:7a:32:23:89:77:9b:da:bc:ee:49:fb:2f:d5:8e:4b:22:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Mar 18 13:54:36 2026 GMT
            Not After : Mar 17 13:59:36 2027 GMT
        Subject: CN=351CBC4E74AA7DA4221E0994AE9CF65B1ACA4B37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:26:57:fe:b5:18:fd:00:5f:ee:93:56:a7:23:
                    52:d6:9c:8b:dd:ae:c5:18:c5:ce:9f:7d:3a:a4:80:
                    d0:ec:c1:b8:2d:cc:8f:1d:8b:8c:06:c9:ac:51:ee:
                    3e:fc:6d:43:03:ec:a4:b8:ad:45:06:0f:dd:b0:6b:
                    1b:cd:40:0a:9a:cc:4e:1e:69:79:db:22:0e:0e:3c:
                    f8:ff:3d:bc:87:d4:83:08:7f:35:db:a1:a0:09:c4:
                    0a:49:6b:cc:9e:d4:92:a9:fd:1d:9c:dc:e8:9c:85:
                    a8:0d:d7:e2:1c:30:36:20:3e:52:67:d9:51:5f:02:
                    54:77:34:2b:db:d7:93:21:9b:d4:e9:c6:3a:f3:ce:
                    3c:29:d2:fa:51:96:51:43:fb:ac:9a:90:ed:fa:14:
                    84:20:74:b0:7f:f2:b0:5b:dc:c1:80:0b:49:ad:d0:
                    f8:fe:7b:bc:52:a1:63:bb:9d:2b:96:47:b8:77:1a:
                    a1:99:fa:fd:ec:62:d8:ab:03:e4:ed:ab:51:cd:c8:
                    cb:4b:40:12:e6:51:f1:3c:a6:7c:94:b4:1e:c8:28:
                    46:7f:25:55:4e:bc:f4:e2:f0:65:0d:66:48:76:31:
                    00:58:18:8a:5d:fd:c0:f3:a9:69:55:e2:2f:76:ea:
                    ad:61:16:71:35:86:b7:d1:d9:d5:16:a6:2a:51:a2:
                    e5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:1C:BC:4E:74:AA:7D:A4:22:1E:09:94:AE:9C:F6:5B:1A:CA:4B:37
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.238.0/24
                  143.20.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:12:bd:7a:4f:92:a3:48:1d:a8:cf:5e:ec:b8:3a:08:16:b8:
         c1:56:f7:d9:7c:f4:7c:4e:46:70:1d:b9:56:7c:70:a6:3e:5d:
         9c:40:db:e1:23:f6:66:60:d5:48:c9:90:48:3a:40:7e:42:e2:
         01:26:84:6d:94:a3:e7:93:a6:f0:8d:67:3d:b5:40:14:f4:91:
         87:bb:b4:50:66:1f:65:15:b3:f5:3e:a7:55:99:17:07:1a:fd:
         2e:61:da:ab:07:9d:58:37:54:a4:a9:a3:be:af:0d:57:94:76:
         04:cc:cb:7e:47:ad:ed:e2:8f:ba:91:4c:b0:23:bc:5c:e3:73:
         cb:9c:96:ac:47:d1:e4:9e:cb:b2:89:e5:82:cc:8c:ae:5c:dc:
         83:f2:3c:d2:09:6b:7d:83:f7:93:b3:ce:0f:61:67:1e:44:75:
         7d:75:79:9f:7f:73:a6:48:01:b4:1b:e9:b3:f2:13:89:07:21:
         49:75:e2:ce:51:51:6c:63:18:25:3f:ef:06:48:c4:1f:b0:ef:
         7d:c0:35:6f:33:b8:51:6c:7c:69:ad:43:73:24:c0:f2:9a:86:
         cd:be:95:49:af:e8:e8:c9:63:9c:e6:f1:13:34:7d:c0:ed:53:
         1b:50:1b:68:b4:ba:51:f5:88:73:44:d9:9e:80:2c:1b:f2:95:
         1a:4f:77:70
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUb1L/ejIjiXeb2rzuSfsv1Y5LIsswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMTgxMzU0MzZaFw0yNzAzMTcxMzU5MzZaMDMxMTAvBgNV
BAMTKDM1MUNCQzRFNzRBQTdEQTQyMjFFMDk5NEFFOUNGNjVCMUFDQTRCMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzJlf+tRj9AF/uk1anI1LWnIvd
rsUYxc6ffTqkgNDswbgtzI8di4wGyaxR7j78bUMD7KS4rUUGD92waxvNQAqazE4e
aXnbIg4OPPj/PbyH1IMIfzXboaAJxApJa8ye1JKp/R2c3OichagN1+IcMDYgPlJn
2VFfAlR3NCvb15Mhm9Tpxjrzzjwp0vpRllFD+6yakO36FIQgdLB/8rBb3MGAC0mt
0Pj+e7xSoWO7nSuWR7h3GqGZ+v3sYtirA+Ttq1HNyMtLQBLmUfE8pnyUtB7IKEZ/
JVVOvPTi8GUNZkh2MQBYGIpd/cDzqWlV4i926q1hFnE1hrfR2dUWpipRouUjAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUNRy8TnSqfaQiHgmUrpz2WxrKSzcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFO4D
BAKPFPAwDQYJKoZIhvcNAQELBQADggEBAKASvXpPkqNIHajPXuy4OggWuMFW99l8
9HxORnAduVZ8cKY+XZxA2+Ej9mZg1UjJkEg6QH5C4gEmhG2Uo+eTpvCNZz21QBT0
kYe7tFBmH2UVs/U+p1WZFwca/S5h2qsHnVg3VKSpo76vDVeUdgTMy35Hre3ij7qR
TLAjvFzjc8uclqxH0eSey7KJ5YLMjK5c3IPyPNIJa32D95Ozzg9hZx5EdX11eZ9/
c6ZIAbQb6bPyE4kHIUl14s5RUWxjGCU/7wZIxB+w733ANW8zuFFsfGmtQ3MkwPKa
hs2+lUmv6OjJY5zm8RM0fcDtUxtQG2i0ulH1iHNE2Z6ALBvylRpPd3A=
-----END CERTIFICATE-----