Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          sZNGqf/6TIdlwt6/5PzmhENQqPWuOx3zcc/O1c9Kz/Y=
Subject key identifier:   39:2D:43:77:C9:86:59:BF:5A:F6:8F:EE:5B:9C:31:02:DF:37:F1:98
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1707BBE375BCA8706B55A84BAFE7619B02CFDD91
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
Signing time:             Tue 29 Jul 2025 13:41:58 +0000
ROA not before:           Tue 29 Jul 2025 13:36:58 +0000
ROA not after:            Tue 28 Jul 2026 13:41:58 +0000
asID:                     20326
IP address blocks:        96.62.200.0/21 maxlen: 24
                          143.14.138.0/23 maxlen: 23
                          167.148.80.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:07:bb:e3:75:bc:a8:70:6b:55:a8:4b:af:e7:61:9b:02:cf:dd:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 29 13:36:58 2025 GMT
            Not After : Jul 28 13:41:58 2026 GMT
        Subject: CN=392D4377C98659BF5AF68FEE5B9C3102DF37F198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c8:e5:3b:f8:dc:39:7a:ec:b1:80:4d:e7:30:
                    f6:25:22:8e:bf:69:e2:6a:44:ce:f9:37:a2:50:7a:
                    9e:76:26:33:bc:67:5a:5a:f9:04:14:bb:6f:f6:9a:
                    70:34:66:bd:e5:84:aa:2f:de:3e:77:25:71:4b:7e:
                    dd:3e:7a:0c:dd:dc:94:3d:d7:a9:d0:37:38:34:a4:
                    1c:b5:fa:a7:ad:a4:00:1a:e9:29:0f:a9:d8:62:d5:
                    e4:6e:ee:e5:80:10:ea:83:6a:24:cb:ad:70:5b:62:
                    c6:fb:b3:c3:0d:71:88:a6:09:25:d1:49:9e:37:63:
                    a0:78:9a:9c:66:a5:50:9b:bd:b0:c0:33:27:c0:fc:
                    2f:50:32:fc:7f:e5:f4:8a:b2:03:d9:44:c7:ff:6e:
                    3f:03:74:30:cf:f7:0e:7b:a0:9c:cf:21:dd:8f:46:
                    be:de:c6:ac:1a:e5:81:76:d0:0f:9f:6a:a3:61:8a:
                    34:ec:b7:56:7e:07:cc:36:26:ee:cc:41:27:24:7d:
                    8f:db:d4:67:ab:9e:d0:75:de:b6:93:6c:ee:2b:ee:
                    58:cb:55:59:2c:a0:f5:7d:45:91:4e:58:d7:42:f7:
                    4c:2f:12:0a:92:dc:fe:5a:2c:a9:01:7f:b3:2a:df:
                    6c:c0:c9:55:d6:75:0c:54:2e:59:95:36:5d:8b:1c:
                    d9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:2D:43:77:C9:86:59:BF:5A:F6:8F:EE:5B:9C:31:02:DF:37:F1:98
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.200.0/21
                  143.14.138.0/23
                  167.148.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         65:4f:08:d9:4a:f3:f4:e3:65:68:d1:a4:e5:76:79:17:37:18:
         ae:81:93:b2:b0:41:2a:de:96:df:ce:21:45:ef:1c:73:7f:28:
         f2:4b:57:5c:f4:1c:93:8e:27:b2:2c:be:fa:67:1b:54:cc:6a:
         af:dd:09:e7:f9:5b:ab:fc:1c:3e:61:4e:05:36:3e:61:89:cb:
         52:26:55:1b:df:f3:c1:b2:a3:ae:02:42:fe:80:f9:cb:6b:87:
         d0:09:8b:43:ef:64:2b:53:77:56:9c:d1:9b:6f:d2:27:dc:50:
         67:9f:59:01:b7:48:8c:f1:4c:d2:bf:93:2b:91:75:d8:b3:a8:
         6e:92:25:d1:ad:fb:93:af:b5:2b:7d:82:6d:54:1f:c3:b8:63:
         d8:49:aa:1f:9a:ca:fa:ea:4e:76:b4:d4:42:08:83:30:8d:6e:
         8d:19:19:81:80:9d:74:17:28:e3:ca:1c:6a:34:92:d1:00:f3:
         9a:f1:c0:c5:d1:17:ad:58:30:0d:9a:e6:e2:60:e2:d2:88:2e:
         d5:33:c4:b1:1d:31:62:10:c2:9b:8f:ba:56:51:89:7a:0b:02:
         cf:79:44:b4:66:c5:82:2a:53:07:e7:28:c7:5f:6f:3e:35:9d:
         df:fc:d7:ad:2f:37:42:76:58:31:de:19:f0:58:e4:c8:fd:e2:
         87:7b:ec:4d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUFwe743W8qHBrVahLr+dhmwLP3ZEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MjkxMzM2NThaFw0yNjA3MjgxMzQxNThaMDMxMTAvBgNV
BAMTKDM5MkQ0Mzc3Qzk4NjU5QkY1QUY2OEZFRTVCOUMzMTAyREYzN0YxOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTyOU7+Nw5euyxgE3nMPYlIo6/
aeJqRM75N6JQep52JjO8Z1pa+QQUu2/2mnA0Zr3lhKov3j53JXFLft0+egzd3JQ9
16nQNzg0pBy1+qetpAAa6SkPqdhi1eRu7uWAEOqDaiTLrXBbYsb7s8MNcYimCSXR
SZ43Y6B4mpxmpVCbvbDAMyfA/C9QMvx/5fSKsgPZRMf/bj8DdDDP9w57oJzPId2P
Rr7exqwa5YF20A+faqNhijTst1Z+B8w2Ju7MQSckfY/b1GerntB13raTbO4r7ljL
VVksoPV9RZFOWNdC90wvEgqS3P5aLKkBf7Mq32zAyVXWdQxULlmVNl2LHNlnAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUOS1Dd8mGWb9a9o/uW5wxAt838ZgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBANgPsgD
BAGPDooDBAOnlFAwDQYJKoZIhvcNAQELBQADggEBAGVPCNlK8/TjZWjRpOV2eRc3
GK6Bk7KwQSrelt/OIUXvHHN/KPJLV1z0HJOOJ7IsvvpnG1TMaq/dCef5W6v8HD5h
TgU2PmGJy1ImVRvf88Gyo64CQv6A+ctrh9AJi0PvZCtTd1ac0Ztv0ifcUGefWQG3
SIzxTNK/kyuRddizqG6SJdGt+5OvtSt9gm1UH8O4Y9hJqh+ayvrqTna01EIIgzCN
bo0ZGYGAnXQXKOPKHGo0ktEA85rxwMXRF61YMA2a5uJg4tKILtUzxLEdMWIQwpuP
ulZRiXoLAs95RLRmxYIqUwfnKMdfbz41nd/8160vN0J2WDHeGfBY5Mj94od77E0=
-----END CERTIFICATE-----