Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203075.roa
File:                     AS203075.roa (raw, json)
Hash identifier:          fkgI2cC2KEfux8CVSQHNFNCaycteQSJbZRMuhnYGMTw=
Subject key identifier:   A8:49:3C:E9:8B:1D:F6:C8:55:15:9E:1D:7C:5C:B8:35:68:F3:D9:1A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7B3DFD5295B3553209C73CE443D5236ED229643F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203075.roa
Signing time:             Fri 06 Feb 2026 04:11:55 +0000
ROA not before:           Fri 06 Feb 2026 04:06:55 +0000
ROA not after:            Fri 05 Feb 2027 04:11:55 +0000
asID:                     203075
IP address blocks:        168.222.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:3d:fd:52:95:b3:55:32:09:c7:3c:e4:43:d5:23:6e:d2:29:64:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  6 04:06:55 2026 GMT
            Not After : Feb  5 04:11:55 2027 GMT
        Subject: CN=A8493CE98B1DF6C855159E1D7C5CB83568F3D91A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5d:84:d6:f5:71:76:1a:36:54:f0:cf:b1:73:
                    9e:19:eb:81:f9:86:af:c7:64:56:02:13:fe:4b:0b:
                    35:cc:01:85:c5:be:36:af:fc:84:57:00:c6:86:f9:
                    8a:1a:23:f5:f8:bf:b4:e2:78:60:1e:28:98:e4:4d:
                    4d:b8:1f:4e:17:5d:d2:87:70:f1:ee:64:ac:0c:3b:
                    c8:59:05:d1:86:a8:a5:4b:2d:99:3f:f1:74:ed:7d:
                    14:e9:8c:07:9c:99:f7:da:c7:cc:d9:9b:e5:fa:32:
                    30:18:b8:53:11:df:c2:1b:79:ad:c5:c9:e8:ad:5d:
                    03:0b:41:e3:ed:a8:01:cc:80:03:35:62:4b:bb:be:
                    94:84:f8:63:0d:62:ce:77:37:c2:17:57:a0:e1:3f:
                    4e:bf:0c:05:56:37:fe:67:ac:d9:65:e8:cf:31:77:
                    93:4d:08:e8:d8:ae:7c:44:a2:5b:5a:da:6a:91:bd:
                    ea:93:89:3e:53:68:8d:93:83:76:98:95:51:26:ee:
                    da:ae:5c:d4:03:32:8d:05:fb:32:80:22:bc:21:66:
                    02:e2:7a:3f:09:0c:61:cc:4c:2c:d3:3b:bd:ad:32:
                    f3:61:9f:38:0b:39:28:46:00:31:47:ba:6c:3d:1e:
                    83:15:54:6e:80:d9:42:20:db:c7:e1:2e:df:ff:f2:
                    e7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:49:3C:E9:8B:1D:F6:C8:55:15:9E:1D:7C:5C:B8:35:68:F3:D9:1A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS203075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:d2:07:ad:21:90:3f:3f:28:fb:6e:c9:98:bc:a9:39:07:d0:
         d2:1f:41:e0:3b:38:69:c3:2e:39:3d:9b:fa:d8:0a:1a:29:dc:
         26:f1:2a:50:d2:17:45:0e:03:c5:f9:81:9a:c2:55:76:ad:7f:
         06:7d:e1:63:5d:3c:0d:95:ac:e7:58:ff:80:4e:66:f4:98:85:
         cb:bd:8b:74:21:bf:1d:e7:c2:a8:10:df:8b:ee:2c:6d:76:2c:
         35:28:8f:7c:fd:ce:14:ac:fe:03:74:8e:86:e7:2d:d8:b3:38:
         0d:4f:99:eb:ad:de:54:09:f7:b6:11:73:9b:24:0a:4d:4d:63:
         24:43:ca:c9:a3:bd:5a:e4:86:cf:03:67:22:42:08:d9:64:96:
         1a:80:e6:30:e9:94:e4:15:e9:ed:62:91:d9:b5:db:74:24:b1:
         bb:6b:bf:fa:64:b5:e6:ff:97:f9:d9:b4:78:be:5b:49:a7:d5:
         e5:1d:e4:26:b2:58:31:a0:34:dd:19:cf:0b:fd:e3:00:76:b0:
         9f:e6:49:51:65:2a:59:cd:90:7b:ea:66:33:c9:9d:1d:82:73:
         b7:16:1b:2e:8f:e5:8c:9d:06:67:d4:28:42:61:b6:6a:e7:f5:
         d3:97:e4:65:7b:35:3e:9b:8d:51:b7:7d:64:9f:7d:a1:9c:72:
         81:53:66:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUez39UpWzVTIJxzzkQ9UjbtIpZD8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDYwNDA2NTVaFw0yNzAyMDUwNDExNTVaMDMxMTAvBgNV
BAMTKEE4NDkzQ0U5OEIxREY2Qzg1NTE1OUUxRDdDNUNCODM1NjhGM0Q5MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDXYTW9XF2GjZU8M+xc54Z64H5
hq/HZFYCE/5LCzXMAYXFvjav/IRXAMaG+YoaI/X4v7TieGAeKJjkTU24H04XXdKH
cPHuZKwMO8hZBdGGqKVLLZk/8XTtfRTpjAecmffax8zZm+X6MjAYuFMR38Ibea3F
yeitXQMLQePtqAHMgAM1Yku7vpSE+GMNYs53N8IXV6DhP06/DAVWN/5nrNll6M8x
d5NNCOjYrnxEolta2mqRveqTiT5TaI2Tg3aYlVEm7tquXNQDMo0F+zKAIrwhZgLi
ej8JDGHMTCzTO72tMvNhnzgLOShGADFHumw9HoMVVG6A2UIg28fhLt//8ucFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqEk86Ysd9shVFZ4dfFy4NWjz2RowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMDc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqN54
MA0GCSqGSIb3DQEBCwUAA4IBAQCj0getIZA/Pyj7bsmYvKk5B9DSH0HgOzhpwy45
PZv62AoaKdwm8SpQ0hdFDgPF+YGawlV2rX8GfeFjXTwNlaznWP+ATmb0mIXLvYt0
Ib8d58KoEN+L7ixtdiw1KI98/c4UrP4DdI6G5y3YszgNT5nrrd5UCfe2EXObJApN
TWMkQ8rJo71a5IbPA2ciQgjZZJYagOYw6ZTkFentYpHZtdt0JLG7a7/6ZLXm/5f5
2bR4vltJp9XlHeQmslgxoDTdGc8L/eMAdrCf5klRZSpZzZB76mYzyZ0dgnO3Fhsu
j+WMnQZn1ChCYbZq5/XTl+RlezU+m41Rt31kn32hnHKBU2Yx
-----END CERTIFICATE-----