Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS202791.roa
File:                     AS202791.roa (raw, json)
Hash identifier:          kdrwKjm37P3oLiNRKlg9Z7c+lxWNOWLv6laPGMsblG0=
Subject key identifier:   D5:3A:3E:5E:3B:C5:5F:7E:2D:27:5E:20:AD:6E:77:B8:AE:18:61:EB
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       146AEEB2D18832A3882ACEBB56BFD7E9270ABAD4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS202791.roa
Signing time:             Fri 05 Jun 2026 05:27:03 +0000
ROA not before:           Fri 05 Jun 2026 05:22:03 +0000
ROA not after:            Fri 04 Jun 2027 05:27:03 +0000
asID:                     202791
IP address blocks:        143.14.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:6a:ee:b2:d1:88:32:a3:88:2a:ce:bb:56:bf:d7:e9:27:0a:ba:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  5 05:22:03 2026 GMT
            Not After : Jun  4 05:27:03 2027 GMT
        Subject: CN=D53A3E5E3BC55F7E2D275E20AD6E77B8AE1861EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:05:fb:6b:83:6e:63:89:83:89:1a:30:bd:be:
                    7c:db:23:a1:28:c2:19:75:bf:d2:45:54:24:c2:3c:
                    40:2b:6b:8b:13:86:e4:73:10:68:d0:49:81:4b:2a:
                    2d:4f:1c:dc:88:f6:9d:c0:7d:c7:6e:f9:6b:45:99:
                    ce:a2:72:ba:35:02:49:d9:b0:7d:73:2f:a7:f2:82:
                    99:4b:14:1a:42:a1:97:2d:11:49:95:b2:c8:44:40:
                    53:0a:33:e1:ff:53:13:e8:1d:6f:af:57:58:81:a7:
                    8b:1c:3d:88:d0:7c:8a:42:0d:e6:75:86:b0:f3:b1:
                    05:4b:6b:39:8d:4a:70:68:b7:74:3a:08:ca:60:2e:
                    bf:77:20:9e:73:6c:c3:dc:ca:cb:88:e6:6a:b7:01:
                    8d:cd:82:72:9e:51:35:83:e9:42:bc:15:4f:38:23:
                    10:a4:f4:bf:75:81:72:cf:cd:04:ad:e0:be:6b:34:
                    12:71:68:f5:ed:dd:b7:0e:f7:1e:27:00:1a:d1:99:
                    e0:4e:26:d6:c6:cc:9b:40:16:e2:0c:18:f1:fa:c5:
                    71:a5:69:68:d0:23:62:f9:a2:82:d4:04:3e:e5:9a:
                    3d:66:24:63:57:c9:32:06:61:0d:f1:a1:25:5f:84:
                    df:38:5d:66:42:93:9a:a1:56:f0:a0:93:2f:72:5a:
                    59:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:3A:3E:5E:3B:C5:5F:7E:2D:27:5E:20:AD:6E:77:B8:AE:18:61:EB
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS202791.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:f9:24:ae:69:8e:f5:32:e7:6d:61:62:79:7f:05:e4:59:ee:
         0c:32:0a:80:8c:8f:dc:42:fb:4f:b3:3c:dd:e0:41:cf:e6:3e:
         10:53:ef:f7:55:dd:b7:6f:bc:cd:cf:a7:3d:25:07:4d:85:55:
         02:ff:bf:f4:a2:61:a2:e4:e4:21:c4:91:bb:cc:f0:ae:62:fc:
         cc:e8:cf:53:7c:a0:88:87:05:92:8c:49:d7:58:c9:79:51:01:
         73:96:e8:47:97:25:5d:85:bc:06:df:34:fc:cb:87:62:89:f6:
         3e:f6:38:55:4e:0c:1a:a1:be:6f:ea:f3:23:42:30:54:32:3a:
         64:55:68:fe:8f:8c:81:a2:cb:33:5b:fd:40:e7:9c:b3:bd:2d:
         05:33:50:5a:86:4b:1f:0f:85:2f:d2:9c:35:e9:4d:98:1e:ec:
         69:e8:d2:cd:32:89:e8:3f:6f:f8:8e:d1:22:0e:61:40:3b:37:
         63:e2:6b:25:a0:93:50:c0:e2:e7:b1:24:14:55:66:54:67:93:
         c0:13:18:83:2c:4f:8d:11:77:40:ba:de:14:9a:81:58:b0:6c:
         87:2d:b4:c6:2a:a8:4a:90:75:2d:53:cd:f3:53:2d:48:79:01:
         6d:e5:65:ee:32:ff:d5:22:f0:03:29:cf:55:a7:af:10:32:63:
         e5:cd:c6:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFGrustGIMqOIKs67Vr/X6ScKutQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDUwNTIyMDNaFw0yNzA2MDQwNTI3MDNaMDMxMTAvBgNV
BAMTKEQ1M0EzRTVFM0JDNTVGN0UyRDI3NUUyMEFENkU3N0I4QUUxODYxRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Bftrg25jiYOJGjC9vnzbI6Eo
whl1v9JFVCTCPEAra4sThuRzEGjQSYFLKi1PHNyI9p3Afcdu+WtFmc6icro1AknZ
sH1zL6fygplLFBpCoZctEUmVsshEQFMKM+H/UxPoHW+vV1iBp4scPYjQfIpCDeZ1
hrDzsQVLazmNSnBot3Q6CMpgLr93IJ5zbMPcysuI5mq3AY3NgnKeUTWD6UK8FU84
IxCk9L91gXLPzQSt4L5rNBJxaPXt3bcO9x4nABrRmeBOJtbGzJtAFuIMGPH6xXGl
aWjQI2L5ooLUBD7lmj1mJGNXyTIGYQ3xoSVfhN84XWZCk5qhVvCgky9yWlmBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1To+XjvFX34tJ14grW53uK4YYeswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAyNzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw7C
MA0GCSqGSIb3DQEBCwUAA4IBAQBd+SSuaY71MudtYWJ5fwXkWe4MMgqAjI/cQvtP
szzd4EHP5j4QU+/3Vd23b7zNz6c9JQdNhVUC/7/0omGi5OQhxJG7zPCuYvzM6M9T
fKCIhwWSjEnXWMl5UQFzluhHlyVdhbwG3zT8y4diifY+9jhVTgwaob5v6vMjQjBU
MjpkVWj+j4yBosszW/1A55yzvS0FM1BahksfD4Uv0pw16U2YHuxp6NLNMonoP2/4
jtEiDmFAOzdj4msloJNQwOLnsSQUVWZUZ5PAExiDLE+NEXdAut4UmoFYsGyHLbTG
KqhKkHUtU83zUy1IeQFt5WXuMv/VIvADKc9Vp68QMmPlzcYK
-----END CERTIFICATE-----