Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS203771.roa
File:                     AS203771.roa (raw, json)
Hash identifier:          +cuISA5Jq9rG5Fl1yy7tUiescxt596Q/SRCY7OhrbA8=
Subject key identifier:   32:E3:3E:20:E6:51:37:87:48:30:97:EE:76:D3:A0:AC:0D:FC:5B:49
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       31EA8F9DA9A360233E1C10BE7F6E16AAD6F0F9D2
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS203771.roa
Signing time:             Tue 21 Apr 2026 05:36:48 +0000
ROA not before:           Tue 21 Apr 2026 05:31:48 +0000
ROA not after:            Tue 20 Apr 2027 05:36:48 +0000
asID:                     203771
IP address blocks:        92.112.71.0/24 maxlen: 24
                          95.135.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ea:8f:9d:a9:a3:60:23:3e:1c:10:be:7f:6e:16:aa:d6:f0:f9:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 21 05:31:48 2026 GMT
            Not After : Apr 20 05:36:48 2027 GMT
        Subject: CN=32E33E20E6513787483097EE76D3A0AC0DFC5B49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e6:70:f7:45:f2:68:43:95:3b:80:d7:d7:33:
                    e0:99:89:20:a4:85:74:0c:cf:1b:9e:09:d7:e8:8c:
                    00:0d:17:20:80:6b:6e:25:3f:ee:88:1e:3b:76:4d:
                    18:86:e8:2d:19:95:15:ef:58:3d:61:71:2f:a5:c9:
                    a3:47:29:d7:83:09:a6:a2:17:36:0d:a7:67:83:f9:
                    d2:42:2b:9f:1e:cc:d0:1a:2f:3a:95:9a:a8:e4:76:
                    58:b9:28:ee:47:13:31:1f:c9:c7:ae:68:84:3a:8d:
                    04:84:26:c0:d6:8d:bd:59:e0:a4:16:5d:26:97:29:
                    9c:12:c5:dd:44:d1:13:36:57:b7:f9:b5:3f:c1:e1:
                    c6:a8:c3:55:dc:10:44:8d:25:45:3e:61:5d:a1:1b:
                    b3:f9:a2:f5:3e:a8:e2:0e:f9:d6:7d:85:28:f2:ad:
                    0f:7d:62:80:f0:dc:c8:3b:ac:54:93:4d:b6:72:f3:
                    b2:63:48:7d:cd:66:fe:a8:61:d7:85:96:15:84:6a:
                    b0:24:d9:1f:29:9f:d8:53:0d:f5:62:24:98:82:1d:
                    a7:65:18:db:a6:90:32:9b:97:a8:9c:06:38:99:f2:
                    3d:5a:0b:16:d8:d8:c7:56:00:93:03:c7:46:b3:ab:
                    74:a9:e4:8b:38:3a:1b:9d:05:06:a3:6f:b8:aa:47:
                    f9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:E3:3E:20:E6:51:37:87:48:30:97:EE:76:D3:A0:AC:0D:FC:5B:49
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS203771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.71.0/24
                  95.135.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:82:a9:58:6a:60:e8:c1:9c:ad:bf:8b:86:6d:cc:69:cd:e9:
         e6:6b:8e:2c:97:f3:6e:f5:dd:6e:64:fb:95:4e:9a:9a:74:a7:
         9f:2c:d8:e5:da:85:11:02:2f:e1:68:92:99:48:d4:b9:25:f7:
         15:f0:2d:ea:9f:12:a5:df:ec:96:e7:44:9c:2d:2a:ff:27:f5:
         91:39:35:6d:db:d1:64:6d:f2:87:9a:3a:b9:6c:10:b4:1a:8a:
         92:4a:a3:83:74:48:a1:99:98:ca:92:e7:cf:99:6f:f2:9f:1f:
         77:c9:60:8d:52:ed:2d:49:af:91:b2:d7:f3:bb:80:39:8c:09:
         a9:f8:73:d8:e9:e8:44:61:44:a1:da:4d:d3:a6:8a:fb:35:c9:
         c8:ff:d0:6e:45:20:d8:5f:cd:19:d8:1a:a2:e3:f4:03:71:e9:
         53:74:7a:a1:5a:f2:76:07:e7:45:f2:18:01:f9:29:f8:13:bc:
         a6:de:2a:c5:f1:67:61:ca:52:5e:2d:99:38:89:b2:d7:4e:73:
         d9:51:6b:9d:cb:4a:30:d8:75:71:85:1a:ed:81:8a:aa:74:28:
         d0:93:18:0a:68:38:b0:c9:be:3c:26:17:14:b8:78:41:5e:86:
         bc:c1:79:3a:0e:96:03:bc:de:69:d0:2b:ba:b5:0f:f4:76:e0:
         86:5d:ea:11
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUMeqPnamjYCM+HBC+f24Wqtbw+dIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MjEwNTMxNDhaFw0yNzA0MjAwNTM2NDhaMDMxMTAvBgNV
BAMTKDMyRTMzRTIwRTY1MTM3ODc0ODMwOTdFRTc2RDNBMEFDMERGQzVCNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL5nD3RfJoQ5U7gNfXM+CZiSCk
hXQMzxueCdfojAANFyCAa24lP+6IHjt2TRiG6C0ZlRXvWD1hcS+lyaNHKdeDCaai
FzYNp2eD+dJCK58ezNAaLzqVmqjkdli5KO5HEzEfyceuaIQ6jQSEJsDWjb1Z4KQW
XSaXKZwSxd1E0RM2V7f5tT/B4caow1XcEESNJUU+YV2hG7P5ovU+qOIO+dZ9hSjy
rQ99YoDw3Mg7rFSTTbZy87JjSH3NZv6oYdeFlhWEarAk2R8pn9hTDfViJJiCHadl
GNumkDKbl6icBjiZ8j1aCxbY2MdWAJMDx0azq3Sp5Is4OhudBQajb7iqR/nfAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUMuM+IOZRN4dIMJfudtOgrA38W0kwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAzNzcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXHBH
AwQAX4fkMA0GCSqGSIb3DQEBCwUAA4IBAQB/gqlYamDowZytv4uGbcxpzenma44s
l/Nu9d1uZPuVTpqadKefLNjl2oURAi/haJKZSNS5JfcV8C3qnxKl3+yW50ScLSr/
J/WROTVt29FkbfKHmjq5bBC0GoqSSqODdEihmZjKkufPmW/ynx93yWCNUu0tSa+R
stfzu4A5jAmp+HPY6ehEYUSh2k3Tpor7NcnI/9BuRSDYX80Z2Bqi4/QDcelTdHqh
WvJ2B+dF8hgB+Sn4E7ym3irF8WdhylJeLZk4ibLXTnPZUWudy0ow2HVxhRrtgYqq
dCjQkxgKaDiwyb48JhcUuHhBXoa8wXk6DpYDvN5p0Cu6tQ/0duCGXeoR
-----END CERTIFICATE-----