Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201539.roa
File:                     AS201539.roa (raw, json)
Hash identifier:          MJ289nA6Tn/Bs9V410+XS6tZtdfkI2+0Vm8GJBK7hRA=
Subject key identifier:   39:90:8F:A2:78:5D:14:2B:A4:12:B4:84:83:E6:B7:9A:03:82:21:6C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7571F1AAF3ACA5FEE5EBC001BAB9566CDDE4D820
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201539.roa
Signing time:             Sun 08 Feb 2026 10:08:03 +0000
ROA not before:           Sun 08 Feb 2026 10:03:03 +0000
ROA not after:            Sun 07 Feb 2027 10:08:03 +0000
asID:                     201539
IP address blocks:        143.14.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:71:f1:aa:f3:ac:a5:fe:e5:eb:c0:01:ba:b9:56:6c:dd:e4:d8:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  8 10:03:03 2026 GMT
            Not After : Feb  7 10:08:03 2027 GMT
        Subject: CN=39908FA2785D142BA412B48483E6B79A0382216C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:98:a9:d2:36:a8:fb:de:95:f8:70:21:58:ea:
                    6b:32:75:41:72:4e:31:e1:cd:66:66:71:1a:66:d3:
                    98:6f:2e:60:4f:48:6e:aa:96:96:68:35:9c:4a:6b:
                    a1:96:46:db:6a:21:e4:5e:e0:d7:92:f4:65:cf:72:
                    6e:68:78:c1:f0:de:3b:4f:58:04:ea:d0:d9:f2:a8:
                    f4:88:85:fc:da:fa:2e:fc:97:fb:99:75:96:63:bd:
                    6c:da:d5:d3:3a:94:b0:b4:ae:8e:48:d3:27:55:65:
                    69:b4:66:15:35:fe:ba:a3:9a:98:9c:95:bd:ba:3e:
                    3b:26:73:47:7c:d0:4d:a6:d0:a6:08:9f:16:28:ab:
                    e8:bd:1e:2e:1b:fb:b3:73:f4:20:3d:33:77:68:9a:
                    98:15:75:e8:6c:6a:d2:14:9b:1a:40:89:2f:33:aa:
                    ee:a5:32:df:3f:25:6a:a7:4f:c1:9f:a4:91:66:12:
                    7b:08:e3:a9:8d:45:55:f3:6b:a5:dc:a6:f9:c6:8d:
                    c0:ef:17:a0:ee:fb:90:90:3e:c5:dd:d5:4a:b4:6f:
                    81:c2:e9:d3:2a:68:3e:25:bb:33:12:ae:a1:9d:97:
                    ac:02:0c:e6:40:36:05:72:05:05:7d:c5:b7:3e:10:
                    67:f9:1c:04:79:94:ff:d5:54:3f:99:7a:01:b8:57:
                    b4:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:90:8F:A2:78:5D:14:2B:A4:12:B4:84:83:E6:B7:9A:03:82:21:6C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:2d:ca:8f:ed:01:74:01:64:8a:4a:a5:0d:ce:9b:d2:24:43:
         ba:4e:28:c8:fc:25:fc:eb:4f:7a:80:f9:c7:d2:62:fd:2d:2b:
         2a:1b:34:9c:43:e5:03:9f:f1:4d:59:ba:17:90:f3:ae:87:85:
         12:06:42:a2:d3:af:e4:ce:9d:db:91:ab:ce:31:2c:a4:d2:73:
         20:4b:a6:71:2f:38:3f:d8:57:50:71:29:9c:d2:70:d4:63:7c:
         e9:43:78:8f:a8:ff:2a:fc:97:99:89:a4:5d:25:4e:7e:6d:97:
         cd:9f:1c:d3:9c:36:ca:e1:c1:a5:7d:db:e0:dd:ad:32:6e:c6:
         c7:b4:88:87:9e:52:1e:aa:03:6f:aa:97:df:f7:45:7a:32:1b:
         f4:dc:59:f3:44:32:3a:42:07:64:6e:68:e8:a1:55:e1:9f:1b:
         97:bd:65:2f:0b:00:f7:46:cc:73:0c:f4:4b:55:17:f4:e8:3c:
         d5:61:7f:18:98:29:22:49:f6:cf:f7:78:a2:c7:98:75:16:d7:
         db:f7:86:08:5b:5c:77:c0:fe:f3:cd:cd:a1:98:1a:c3:2d:48:
         fc:58:73:1c:0e:d4:cb:7b:e2:c8:8d:7f:4b:44:18:48:70:45:
         24:a5:25:c2:3b:d0:49:57:f0:de:20:d7:da:14:29:b2:a6:95:
         f6:c2:a2:9d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdXHxqvOspf7l68ABurlWbN3k2CAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDgxMDAzMDNaFw0yNzAyMDcxMDA4MDNaMDMxMTAvBgNV
BAMTKDM5OTA4RkEyNzg1RDE0MkJBNDEyQjQ4NDgzRTZCNzlBMDM4MjIxNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWmKnSNqj73pX4cCFY6msydUFy
TjHhzWZmcRpm05hvLmBPSG6qlpZoNZxKa6GWRttqIeRe4NeS9GXPcm5oeMHw3jtP
WATq0NnyqPSIhfza+i78l/uZdZZjvWza1dM6lLC0ro5I0ydVZWm0ZhU1/rqjmpic
lb26Pjsmc0d80E2m0KYInxYoq+i9Hi4b+7Nz9CA9M3dompgVdehsatIUmxpAiS8z
qu6lMt8/JWqnT8GfpJFmEnsI46mNRVXza6XcpvnGjcDvF6Du+5CQPsXd1Uq0b4HC
6dMqaD4luzMSrqGdl6wCDOZANgVyBQV9xbc+EGf5HAR5lP/VVD+ZegG4V7RRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOZCPonhdFCukErSEg+a3mgOCIWwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAxNTM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw4N
MA0GCSqGSIb3DQEBCwUAA4IBAQB8LcqP7QF0AWSKSqUNzpvSJEO6TijI/CX86096
gPnH0mL9LSsqGzScQ+UDn/FNWboXkPOuh4USBkKi06/kzp3bkavOMSyk0nMgS6Zx
Lzg/2FdQcSmc0nDUY3zpQ3iPqP8q/JeZiaRdJU5+bZfNnxzTnDbK4cGlfdvg3a0y
bsbHtIiHnlIeqgNvqpff90V6Mhv03FnzRDI6QgdkbmjooVXhnxuXvWUvCwD3Rsxz
DPRLVRf06DzVYX8YmCkiSfbP93iix5h1Ftfb94YIW1x3wP7zzc2hmBrDLUj8WHMc
DtTLe+LIjX9LRBhIcEUkpSXCO9BJV/DeINfaFCmyppX2wqKd
-----END CERTIFICATE-----