Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201539.roa
File:                     AS201539.roa (raw, json)
Hash identifier:          sP7PQkRo02rl1HSF1oDvF4+FXNJLA4Ao2MPyEJOAthk=
Subject key identifier:   C5:26:D5:3F:7E:E8:83:15:2B:21:3D:A7:D9:C4:E5:7B:EC:49:EC:5C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       661E7DFC04FF4AA8E6B05D115D9D950EFF0D99FB
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201539.roa
Signing time:             Fri 10 Apr 2026 07:30:42 +0000
ROA not before:           Fri 10 Apr 2026 07:25:42 +0000
ROA not after:            Fri 09 Apr 2027 07:30:42 +0000
asID:                     201539
IP address blocks:        143.14.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:1e:7d:fc:04:ff:4a:a8:e6:b0:5d:11:5d:9d:95:0e:ff:0d:99:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 10 07:25:42 2026 GMT
            Not After : Apr  9 07:30:42 2027 GMT
        Subject: CN=C526D53F7EE883152B213DA7D9C4E57BEC49EC5C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:57:04:e6:c7:1e:43:c6:17:39:b3:90:55:74:
                    1a:d2:88:2d:98:81:1d:13:56:1f:6c:66:6b:8d:bc:
                    be:3f:e6:b6:7a:42:1d:32:85:29:0e:10:1a:1d:a8:
                    95:92:c6:2f:f1:6c:6f:14:a4:be:c3:90:3e:a5:26:
                    a5:28:2f:a3:60:91:35:2b:cf:32:8b:e3:53:af:5c:
                    ff:4f:00:25:41:04:42:82:c9:72:50:32:92:ad:51:
                    e2:52:db:94:84:93:f0:54:ad:8c:2a:a7:c2:69:28:
                    d6:cf:10:c0:e0:eb:6e:fd:99:47:98:5c:0f:ef:6d:
                    1e:60:8e:86:de:a7:f4:12:f8:50:74:19:ac:82:16:
                    e5:d4:ae:a4:e2:75:fe:8b:f9:00:22:7f:c3:30:6c:
                    8f:60:32:ac:b5:0a:ff:e5:12:20:c6:9c:81:8f:07:
                    9a:d8:fe:9e:62:9e:a7:e5:ff:63:73:da:b8:71:56:
                    cd:4a:d8:73:e6:34:d2:a7:5d:da:62:12:3c:2b:a2:
                    99:cc:35:10:05:1a:c3:9b:aa:0e:05:c6:f0:2f:7a:
                    e5:15:64:84:e4:71:e2:44:58:ef:5f:f8:d8:1f:66:
                    b7:40:37:ed:18:62:bf:b5:f1:18:66:73:be:9b:63:
                    3d:e3:01:ef:13:8b:94:ea:cc:21:2b:78:f8:40:fc:
                    ec:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:26:D5:3F:7E:E8:83:15:2B:21:3D:A7:D9:C4:E5:7B:EC:49:EC:5C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:74:a6:fa:e5:ac:d7:50:46:40:ca:e6:2a:f6:b9:c1:6c:9b:
         b2:5d:87:2e:73:10:e8:4c:86:10:4a:9b:3e:94:d0:b3:81:12:
         a8:6c:1d:5a:1c:56:d2:4f:bc:25:dd:df:32:a5:1e:0f:f6:58:
         4b:b6:22:a5:08:88:52:06:87:33:1d:c4:e7:a3:ec:ea:58:3d:
         e6:f4:0d:79:79:fd:ac:aa:ba:0a:92:f6:ce:3a:d6:36:94:7a:
         c0:f9:db:fd:24:14:fb:91:96:06:72:6c:50:6e:37:55:9c:eb:
         1f:20:89:24:6e:45:a7:cb:b9:7c:c0:8d:bb:69:ed:fb:ee:7a:
         21:93:3d:4c:2b:7c:45:56:f1:fa:1f:1f:f0:2e:fc:12:61:84:
         98:27:34:65:70:a2:70:43:9d:b5:2e:30:f4:81:78:56:e1:96:
         83:30:c4:c5:11:0b:86:26:6b:29:af:1e:b8:4f:4c:4f:e7:46:
         92:ff:a4:91:6b:c5:d9:7b:c4:4f:68:b2:ed:5f:dc:dc:76:dd:
         b8:9c:a8:0c:09:f6:f7:a2:29:81:31:9d:48:57:7b:27:ec:d4:
         a5:5f:9d:a1:38:b7:63:be:28:1a:60:03:c8:17:97:18:43:62:
         65:7d:8f:2d:c2:74:bd:59:d5:15:d9:1c:dc:b3:4b:e0:1b:30:
         0d:b7:33:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZh59/AT/SqjmsF0RXZ2VDv8NmfswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MTAwNzI1NDJaFw0yNzA0MDkwNzMwNDJaMDMxMTAvBgNV
BAMTKEM1MjZENTNGN0VFODgzMTUyQjIxM0RBN0Q5QzRFNTdCRUM0OUVDNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiVwTmxx5Dxhc5s5BVdBrSiC2Y
gR0TVh9sZmuNvL4/5rZ6Qh0yhSkOEBodqJWSxi/xbG8UpL7DkD6lJqUoL6NgkTUr
zzKL41OvXP9PACVBBEKCyXJQMpKtUeJS25SEk/BUrYwqp8JpKNbPEMDg6279mUeY
XA/vbR5gjobep/QS+FB0GayCFuXUrqTidf6L+QAif8MwbI9gMqy1Cv/lEiDGnIGP
B5rY/p5inqfl/2Nz2rhxVs1K2HPmNNKnXdpiEjwropnMNRAFGsObqg4FxvAveuUV
ZITkceJEWO9f+NgfZrdAN+0YYr+18Rhmc76bYz3jAe8Ti5TqzCErePhA/OyxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxSbVP37ogxUrIT2n2cTle+xJ7FwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAxNTM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw4N
MA0GCSqGSIb3DQEBCwUAA4IBAQCgdKb65azXUEZAyuYq9rnBbJuyXYcucxDoTIYQ
Sps+lNCzgRKobB1aHFbST7wl3d8ypR4P9lhLtiKlCIhSBoczHcTno+zqWD3m9A15
ef2sqroKkvbOOtY2lHrA+dv9JBT7kZYGcmxQbjdVnOsfIIkkbkWny7l8wI27ae37
7nohkz1MK3xFVvH6Hx/wLvwSYYSYJzRlcKJwQ521LjD0gXhW4ZaDMMTFEQuGJmsp
rx64T0xP50aS/6SRa8XZe8RPaLLtX9zcdt24nKgMCfb3oimBMZ1IV3sn7NSlX52h
OLdjvigaYAPIF5cYQ2JlfY8twnS9WdUV2Rzcs0vgGzANtzM2
-----END CERTIFICATE-----