Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20404.roa
File:                     AS20404.roa (raw, json)
Hash identifier:          h/p815rv6iBCNzyaRI/oT0sT+Kw5TlnxjfN5sPFrm7k=
Subject key identifier:   55:A0:3D:F8:BD:54:0B:9F:91:73:C5:28:83:F6:A6:8B:0E:63:76:65
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       25B4285D247317E216CE44D4B16E1CB22572D5C2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20404.roa
Signing time:             Sun 01 Feb 2026 10:22:18 +0000
ROA not before:           Sun 01 Feb 2026 10:17:18 +0000
ROA not after:            Sun 31 Jan 2027 10:22:18 +0000
asID:                     20404
IP address blocks:        167.148.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:b4:28:5d:24:73:17:e2:16:ce:44:d4:b1:6e:1c:b2:25:72:d5:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  1 10:17:18 2026 GMT
            Not After : Jan 31 10:22:18 2027 GMT
        Subject: CN=55A03DF8BD540B9F9173C52883F6A68B0E637665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fb:3d:56:79:c4:e1:6c:ce:d3:e4:29:93:38:
                    cc:60:e5:22:62:12:93:7c:9f:96:f4:f3:58:27:02:
                    59:ee:6e:c9:5d:64:b5:17:5c:b2:58:4d:94:9e:20:
                    6d:e2:f9:42:81:e2:bb:78:63:21:6a:3a:f8:ec:b2:
                    84:b7:3e:b8:17:7a:fc:93:71:50:75:51:57:04:8d:
                    58:64:f9:20:f3:8a:15:5f:c3:1f:98:d6:a2:aa:de:
                    45:8c:5a:d8:b5:5c:dc:c8:3f:c5:0e:e1:05:93:18:
                    41:f2:b8:c4:7c:65:48:34:6c:3d:80:68:a3:66:26:
                    ad:01:99:eb:99:54:59:b1:1e:dd:ae:f6:35:c8:56:
                    4b:26:4e:6d:bf:c5:84:c4:f8:8b:a1:e9:a8:52:67:
                    2f:e1:b2:72:f1:b8:2a:65:78:b1:c6:68:d0:d9:b8:
                    2c:67:6c:e4:c9:9f:73:fa:3e:90:ae:47:ba:b6:eb:
                    2c:e3:9e:52:a6:89:18:bd:39:fa:30:a8:4b:63:9a:
                    17:24:c6:be:cf:06:f4:4d:f8:43:50:29:39:5c:9e:
                    2d:b1:8b:ae:73:8c:3e:78:b1:9b:bb:fa:3b:b9:46:
                    c6:f2:95:9f:f3:d3:72:39:8d:50:02:02:5d:8d:bb:
                    94:3e:b4:47:49:95:1b:88:6a:1b:48:d9:b6:ef:09:
                    dd:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A0:3D:F8:BD:54:0B:9F:91:73:C5:28:83:F6:A6:8B:0E:63:76:65
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20404.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:ae:13:f0:f9:a5:b1:9a:7c:ad:8c:84:4e:8f:21:ee:c0:e4:
         8b:fa:57:26:39:c2:4c:8f:ad:b1:89:cc:c8:96:ae:08:ee:46:
         bf:83:26:b2:f9:eb:a6:ac:8e:36:3b:00:31:05:fe:75:3d:cc:
         c4:63:10:d2:98:0a:6a:29:7f:3b:bd:1e:2f:29:24:16:ad:f0:
         26:26:9a:16:04:69:ca:a4:66:07:b6:0e:41:8c:27:5f:fe:08:
         c7:c8:05:9a:4e:34:be:0e:8c:5d:73:39:b8:89:22:53:3f:0e:
         53:3a:81:76:eb:5d:42:02:5d:86:8a:79:6b:5d:cc:48:71:8e:
         14:c5:f9:82:11:e8:f4:00:36:ce:d3:05:b7:52:ad:b3:d3:72:
         6c:bb:29:c5:cb:c7:f4:40:14:a6:3a:e4:27:36:0d:fe:70:b6:
         dd:bf:33:90:da:7d:31:1c:81:ad:97:ca:93:e1:8d:d1:28:2c:
         2d:45:bb:d6:56:e3:09:71:6b:45:f4:a1:6b:60:62:1d:36:b5:
         14:88:ed:02:97:8b:0e:00:5f:1c:9d:c8:e0:b3:ef:d6:29:37:
         b8:3d:57:99:7e:24:7f:c0:9d:9b:0a:cd:25:9b:08:7c:0a:49:
         34:e1:03:7c:04:9c:7d:cd:9f:2f:43:7b:65:3b:e3:4d:fe:98:
         f7:f4:42:2d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUJbQoXSRzF+IWzkTUsW4csiVy1cIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDExMDE3MThaFw0yNzAxMzExMDIyMThaMDMxMTAvBgNV
BAMTKDU1QTAzREY4QkQ1NDBCOUY5MTczQzUyODgzRjZBNjhCMEU2Mzc2NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV+z1WecThbM7T5CmTOMxg5SJi
EpN8n5b081gnAlnubsldZLUXXLJYTZSeIG3i+UKB4rt4YyFqOvjssoS3PrgXevyT
cVB1UVcEjVhk+SDzihVfwx+Y1qKq3kWMWti1XNzIP8UO4QWTGEHyuMR8ZUg0bD2A
aKNmJq0BmeuZVFmxHt2u9jXIVksmTm2/xYTE+Iuh6ahSZy/hsnLxuCpleLHGaNDZ
uCxnbOTJn3P6PpCuR7q26yzjnlKmiRi9OfowqEtjmhckxr7PBvRN+ENQKTlcni2x
i65zjD54sZu7+ju5RsbylZ/z03I5jVACAl2Nu5Q+tEdJlRuIahtI2bbvCd2PAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUVaA9+L1UC5+Rc8Uog/amiw5jdmUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0MDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACnlI0w
DQYJKoZIhvcNAQELBQADggEBAIauE/D5pbGafK2MhE6PIe7A5Iv6VyY5wkyPrbGJ
zMiWrgjuRr+DJrL566asjjY7ADEF/nU9zMRjENKYCmopfzu9Hi8pJBat8CYmmhYE
acqkZge2DkGMJ1/+CMfIBZpONL4OjF1zObiJIlM/DlM6gXbrXUICXYaKeWtdzEhx
jhTF+YIR6PQANs7TBbdSrbPTcmy7KcXLx/RAFKY65Cc2Df5wtt2/M5DafTEcga2X
ypPhjdEoLC1Fu9ZW4wlxa0X0oWtgYh02tRSI7QKXiw4AXxydyOCz79YpN7g9V5l+
JH/AnZsKzSWbCHwKSTThA3wEnH3Nny9De2U7403+mPf0Qi0=
-----END CERTIFICATE-----