Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203054.roa
File:                     AS203054.roa (raw, json)
Hash identifier:          uR1m+Xq3rOerLlMQOP2V9u/UAIy3Qat1ivA3NzAFOUc=
Subject key identifier:   56:53:A5:4F:C8:06:B8:14:35:BA:CE:0C:CC:52:D6:DB:72:2D:50:BC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       442175444B3050CCF1864DD2AF015C1418979A9F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203054.roa
Signing time:             Tue 24 Feb 2026 18:08:08 +0000
ROA not before:           Tue 24 Feb 2026 18:03:08 +0000
ROA not after:            Tue 23 Feb 2027 18:08:08 +0000
asID:                     203054
IP address blocks:        150.241.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:21:75:44:4b:30:50:cc:f1:86:4d:d2:af:01:5c:14:18:97:9a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 24 18:03:08 2026 GMT
            Not After : Feb 23 18:08:08 2027 GMT
        Subject: CN=5653A54FC806B81435BACE0CCC52D6DB722D50BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:12:bd:27:32:e0:99:e5:94:3e:f8:29:99:9b:
                    a3:c9:15:b9:85:22:7f:ab:97:1c:58:c3:87:08:f8:
                    fd:cd:2e:70:30:ca:a2:43:38:6d:f7:1e:a4:db:ef:
                    88:c1:62:93:b0:b9:24:82:65:66:59:42:3a:0f:fb:
                    c9:cc:ff:1a:01:8a:6e:ce:9a:8e:7a:e9:06:bb:5d:
                    37:ec:50:22:b3:53:a1:a9:07:fc:fb:9d:eb:8e:13:
                    41:b7:9f:6c:59:5a:f6:16:35:ba:00:e6:40:d4:a9:
                    b3:26:c5:3d:de:fa:8d:e1:fa:5a:87:14:ce:a8:3c:
                    60:f0:5f:d8:e0:be:41:56:27:66:8a:34:7c:44:8c:
                    10:7b:41:72:88:94:af:45:ee:a3:78:12:5b:61:b3:
                    54:6f:1f:be:27:c8:9c:06:94:e0:dc:ff:1b:ec:24:
                    1d:8b:f3:b8:e0:1f:87:af:21:6a:5a:57:a7:62:90:
                    4f:a1:0c:b1:3f:42:53:4e:6c:10:a8:28:67:48:18:
                    ce:01:25:84:21:a8:9b:d6:2e:ac:09:67:a7:a5:60:
                    90:b1:2c:9a:d3:02:dc:24:59:91:a4:21:c7:93:d9:
                    b9:64:f7:20:9c:a3:2b:08:06:fc:86:5f:54:e2:cd:
                    18:71:ca:88:85:c2:7e:ff:1c:1d:c6:f6:32:e0:1a:
                    0b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:53:A5:4F:C8:06:B8:14:35:BA:CE:0C:CC:52:D6:DB:72:2D:50:BC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203054.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:ba:00:7b:28:31:ed:88:74:db:b3:ef:3d:cb:61:a3:1f:12:
         f7:70:5b:06:af:18:24:fa:c7:76:17:45:63:90:2d:7b:14:a6:
         e1:92:02:5f:82:b2:2c:f4:3a:e7:55:b4:96:90:1c:06:44:d0:
         d7:98:e4:49:6c:41:d8:a3:c3:5e:56:9f:bb:a8:2d:50:00:39:
         ba:32:7d:89:2c:a8:e0:d7:aa:13:c5:9e:13:c3:dd:43:cc:b5:
         74:0e:c5:ce:d5:b7:ba:db:2e:2f:5f:1e:a2:dc:e8:12:89:89:
         5f:66:a4:5e:87:09:ce:91:cf:46:34:82:94:29:64:0d:d8:d5:
         bc:e7:0f:38:50:11:2a:9a:dc:9d:21:d4:c8:e9:9f:8b:dc:8d:
         b9:0a:ab:79:11:b9:1d:ef:49:ff:e2:f4:37:72:8b:a1:a9:01:
         83:07:43:59:cb:fb:1e:1b:fb:b2:2f:ee:23:76:64:4d:11:e5:
         b0:7e:9c:46:b6:c1:a3:c7:df:96:82:d0:bc:2f:b8:7e:5a:5b:
         7d:bf:e0:68:43:c3:b7:d1:73:de:8f:d4:6b:db:98:19:84:f4:
         d6:7a:e0:51:86:01:c8:e8:f4:a4:c2:4c:bc:f7:f7:3a:70:a6:
         33:ee:96:39:c6:d1:d6:3a:5f:80:75:76:38:cb:70:ea:f7:1c:
         83:85:c9:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURCF1REswUMzxhk3SrwFcFBiXmp8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMjQxODAzMDhaFw0yNzAyMjMxODA4MDhaMDMxMTAvBgNV
BAMTKDU2NTNBNTRGQzgwNkI4MTQzNUJBQ0UwQ0NDNTJENkRCNzIyRDUwQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOEr0nMuCZ5ZQ++CmZm6PJFbmF
In+rlxxYw4cI+P3NLnAwyqJDOG33HqTb74jBYpOwuSSCZWZZQjoP+8nM/xoBim7O
mo566Qa7XTfsUCKzU6GpB/z7neuOE0G3n2xZWvYWNboA5kDUqbMmxT3e+o3h+lqH
FM6oPGDwX9jgvkFWJ2aKNHxEjBB7QXKIlK9F7qN4Elths1RvH74nyJwGlODc/xvs
JB2L87jgH4evIWpaV6dikE+hDLE/QlNObBCoKGdIGM4BJYQhqJvWLqwJZ6elYJCx
LJrTAtwkWZGkIceT2blk9yCcoysIBvyGX1TizRhxyoiFwn7/HB3G9jLgGgspAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUVlOlT8gGuBQ1us4MzFLW23ItULwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMDU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvGP
MA0GCSqGSIb3DQEBCwUAA4IBAQCWugB7KDHtiHTbs+89y2GjHxL3cFsGrxgk+sd2
F0VjkC17FKbhkgJfgrIs9DrnVbSWkBwGRNDXmORJbEHYo8NeVp+7qC1QADm6Mn2J
LKjg16oTxZ4Tw91DzLV0DsXO1be62y4vXx6i3OgSiYlfZqRehwnOkc9GNIKUKWQN
2NW85w84UBEqmtydIdTI6Z+L3I25Cqt5Ebkd70n/4vQ3couhqQGDB0NZy/seG/uy
L+4jdmRNEeWwfpxGtsGjx9+WgtC8L7h+Wlt9v+BoQ8O30XPej9Rr25gZhPTWeuBR
hgHI6PSkwky89/c6cKYz7pY5xtHWOl+AdXY4y3Dq9xyDhcki
-----END CERTIFICATE-----