Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS204044.roa
File:                     AS204044.roa (raw, json)
Hash identifier:          c3UBGBkgQmLa6pa4ns67fvXAWwayTlDy9DkEguxNimo=
Subject key identifier:   F3:2F:5E:09:BB:F4:4A:98:C4:E2:FD:D8:3B:92:99:FC:9A:97:D4:41
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       63703F5425978374617A142B14EC6C987D7524E6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS204044.roa
Signing time:             Mon 02 Feb 2026 12:01:13 +0000
ROA not before:           Mon 02 Feb 2026 11:56:13 +0000
ROA not after:            Mon 01 Feb 2027 12:01:13 +0000
asID:                     204044
IP address blocks:        167.148.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:70:3f:54:25:97:83:74:61:7a:14:2b:14:ec:6c:98:7d:75:24:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  2 11:56:13 2026 GMT
            Not After : Feb  1 12:01:13 2027 GMT
        Subject: CN=F32F5E09BBF44A98C4E2FDD83B9299FC9A97D441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:51:c0:a1:0f:3e:7c:f8:b8:d4:24:75:b1:0a:
                    fb:d4:80:ae:4c:22:6b:3f:6b:8d:a3:20:51:ae:46:
                    ec:a1:f3:f9:48:89:d5:9f:f9:2d:df:f8:51:d0:ed:
                    b1:ff:f4:f2:93:43:a6:1a:56:bd:15:de:dd:01:7e:
                    8c:7c:9b:37:69:8c:a0:10:b9:e4:1f:af:ef:57:14:
                    87:c6:a6:57:de:b0:cf:fa:76:52:cd:4e:c5:78:36:
                    8b:5a:5a:43:ac:38:3a:9f:e6:ba:8b:db:8a:e7:73:
                    b5:6f:d3:c8:0c:2b:8a:85:48:d9:78:9c:dc:76:54:
                    26:9b:71:f8:a9:38:56:eb:08:6b:11:7e:b6:8f:ad:
                    33:6b:97:b3:49:db:42:be:6d:81:29:d0:79:ca:12:
                    fc:19:45:d9:14:78:ea:87:9f:d0:b6:ed:50:fe:b1:
                    3f:2c:c1:9c:ac:0c:9f:9c:e4:f4:ae:83:a6:9f:24:
                    5c:51:76:bf:28:5e:ba:c2:12:ae:ee:19:b8:04:0b:
                    d0:a9:1e:1c:6d:95:09:f4:ca:ee:e3:49:3b:84:86:
                    4f:0a:1b:71:dd:b8:63:07:2e:d6:d1:ec:d9:0d:02:
                    e5:16:c2:87:64:da:cc:e4:0a:fe:7d:a6:3f:d8:a3:
                    1b:67:12:12:d2:61:33:79:72:23:03:7b:1d:1f:80:
                    c3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:2F:5E:09:BB:F4:4A:98:C4:E2:FD:D8:3B:92:99:FC:9A:97:D4:41
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS204044.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:fe:45:89:52:9f:30:4c:e8:c1:2f:88:26:80:92:e8:ba:5f:
         ae:a2:bb:82:7f:29:2d:4a:ee:fd:b0:05:5f:79:b3:53:0d:a8:
         7e:ed:90:72:1f:d9:8a:8d:fb:d8:27:8f:25:68:cf:46:9d:96:
         44:26:c7:04:24:31:b4:8a:85:79:6d:51:fe:86:4e:84:0c:32:
         5a:fe:64:7e:89:2f:40:62:6c:4f:f5:10:d6:f9:9f:d9:84:fb:
         94:ad:09:ec:d5:ee:20:3f:e4:c6:98:28:db:8a:b5:ff:af:6d:
         13:61:c1:44:46:eb:21:ce:ca:88:f0:5d:49:e1:96:3a:e0:14:
         f4:90:10:b9:d5:94:21:af:ca:1a:00:03:ab:40:30:e5:5a:41:
         bd:62:56:b8:77:5b:f9:a5:97:c8:a0:bb:11:4b:56:ff:58:36:
         54:16:fa:5e:f6:a6:01:1a:24:02:d1:c5:af:2e:83:86:d5:09:
         ea:d3:6d:d1:6c:45:39:a8:ac:ab:ea:b1:a7:03:39:68:cc:db:
         ab:83:a0:1d:7b:7e:0a:18:63:70:ec:85:4b:72:c9:64:85:84:
         42:73:15:47:c3:01:02:db:ab:5a:8c:82:94:87:65:72:7e:b9:
         d6:27:37:72:ac:18:4a:01:58:2e:03:c5:5a:8b:c6:6a:bc:f6:
         c9:ad:94:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUY3A/VCWXg3RhehQrFOxsmH11JOYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDIxMTU2MTNaFw0yNzAyMDExMjAxMTNaMDMxMTAvBgNV
BAMTKEYzMkY1RTA5QkJGNDRBOThDNEUyRkREODNCOTI5OUZDOUE5N0Q0NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCUcChDz58+LjUJHWxCvvUgK5M
Ims/a42jIFGuRuyh8/lIidWf+S3f+FHQ7bH/9PKTQ6YaVr0V3t0Bfox8mzdpjKAQ
ueQfr+9XFIfGplfesM/6dlLNTsV4NotaWkOsODqf5rqL24rnc7Vv08gMK4qFSNl4
nNx2VCabcfipOFbrCGsRfraPrTNrl7NJ20K+bYEp0HnKEvwZRdkUeOqHn9C27VD+
sT8swZysDJ+c5PSug6afJFxRdr8oXrrCEq7uGbgEC9CpHhxtlQn0yu7jSTuEhk8K
G3HduGMHLtbR7NkNAuUWwodk2szkCv59pj/YoxtnEhLSYTN5ciMDex0fgMPNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU8y9eCbv0SpjE4v3YO5KZ/JqX1EEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0MDQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5SN
MA0GCSqGSIb3DQEBCwUAA4IBAQBp/kWJUp8wTOjBL4gmgJLoul+uoruCfyktSu79
sAVfebNTDah+7ZByH9mKjfvYJ48laM9GnZZEJscEJDG0ioV5bVH+hk6EDDJa/mR+
iS9AYmxP9RDW+Z/ZhPuUrQns1e4gP+TGmCjbirX/r20TYcFERushzsqI8F1J4ZY6
4BT0kBC51ZQhr8oaAAOrQDDlWkG9Yla4d1v5pZfIoLsRS1b/WDZUFvpe9qYBGiQC
0cWvLoOG1Qnq023RbEU5qKyr6rGnAzlozNurg6Ade34KGGNw7IVLcslkhYRCcxVH
wwEC26tajIKUh2VyfrnWJzdyrBhKAVguA8Vai8ZqvPbJrZRS
-----END CERTIFICATE-----