Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa
File:                     AS20454.roa (raw, json)
Hash identifier:          Wxgzde+8y5H94MvO7wDJ+hlMza+N8iv2UxHa1nMALQM=
Subject key identifier:   7D:BB:AE:4B:0E:F9:56:D0:26:FF:72:46:7A:1F:AB:D5:90:7F:FF:D4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       188B3DAA2F77C0BD17CA95A2BEF05C3B01574D23
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa
Signing time:             Thu 11 Jun 2026 12:59:27 +0000
ROA not before:           Thu 11 Jun 2026 12:54:27 +0000
ROA not after:            Thu 10 Jun 2027 12:59:27 +0000
asID:                     20454
IP address blocks:        96.62.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:8b:3d:aa:2f:77:c0:bd:17:ca:95:a2:be:f0:5c:3b:01:57:4d:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 11 12:54:27 2026 GMT
            Not After : Jun 10 12:59:27 2027 GMT
        Subject: CN=7DBBAE4B0EF956D026FF72467A1FABD5907FFFD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ae:3e:81:ee:8b:62:54:94:42:9e:ef:72:b8:
                    13:a8:2e:21:95:f5:2f:74:94:df:10:6e:d3:cd:12:
                    c5:e3:cc:9d:34:64:3b:50:4c:a9:1d:b1:20:a3:22:
                    3b:a0:37:73:e3:bd:b5:12:66:ce:59:3e:ab:26:d5:
                    fb:cc:11:bb:10:6b:32:5b:4f:16:89:21:31:ca:49:
                    92:75:37:40:ef:24:46:62:14:e9:6c:b3:16:48:da:
                    36:78:4f:45:05:f6:ee:4f:27:ff:59:6c:57:98:95:
                    9b:8d:f4:ba:5b:7b:ba:8c:bb:4b:d8:17:cd:f2:94:
                    ed:85:b0:3f:8e:50:6c:ea:c5:63:95:cd:5a:1c:95:
                    cb:74:11:62:9f:61:7a:6b:b4:29:65:78:dc:fc:79:
                    2c:85:bf:dc:95:43:fb:91:93:1e:59:6a:25:a2:02:
                    58:9a:53:5f:05:39:f7:74:4a:b5:71:4f:ed:d6:75:
                    c7:e8:ba:4f:4a:fe:b6:30:20:4c:4b:ce:26:34:38:
                    df:78:14:3d:8c:d1:70:3d:84:41:c7:31:4c:1a:54:
                    bf:4f:a8:7f:8c:be:ae:10:36:70:80:02:eb:30:dd:
                    31:2a:fb:38:be:e3:ce:fa:97:44:82:15:7f:23:63:
                    e6:e1:b1:7c:11:0f:69:72:a2:43:9e:82:6b:d8:dc:
                    84:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:BB:AE:4B:0E:F9:56:D0:26:FF:72:46:7A:1F:AB:D5:90:7F:FF:D4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:ee:03:57:fc:0e:5c:2d:3d:e9:2b:b8:99:f1:1d:32:29:6e:
         26:bd:3e:94:9b:20:80:6b:11:1a:67:3a:87:a1:fe:31:61:47:
         55:96:04:7c:3b:ab:79:54:13:fd:04:c9:bf:33:ca:4e:72:3b:
         64:b6:53:1f:18:56:90:0c:26:89:6e:47:53:7e:40:bc:93:30:
         34:f8:3a:7c:26:30:93:19:df:96:d2:96:ea:86:0c:46:f1:e5:
         79:e6:4f:59:92:35:c7:5c:dc:3b:28:0a:62:aa:70:45:d9:71:
         cf:3e:17:da:64:b1:84:e5:98:fc:72:8f:34:4e:bd:38:a9:7e:
         04:10:52:c7:4a:ed:56:d8:de:94:c7:48:5b:6f:e7:c2:32:6f:
         fe:89:7e:ab:e0:8b:a6:a1:3c:7b:71:47:1a:d0:e0:1d:86:c7:
         98:33:25:ee:b9:05:cf:a3:a7:f7:73:dc:76:a1:aa:5e:7d:8a:
         98:1e:b8:06:5d:9c:48:b2:3d:38:6d:25:7b:5c:76:c5:9d:fe:
         68:45:7c:c2:e2:e1:0d:f7:99:86:1a:77:18:c0:cd:ba:05:61:
         4b:8d:b5:63:23:0c:66:d5:7a:c3:a6:cb:b3:cd:b5:9f:1c:4d:
         94:31:7f:6f:d2:d1:8a:8c:3a:50:34:ef:db:14:19:1f:bb:06:
         75:e8:4a:69
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGIs9qi93wL0XypWivvBcOwFXTSMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MTExMjU0MjdaFw0yNzA2MTAxMjU5MjdaMDMxMTAvBgNV
BAMTKDdEQkJBRTRCMEVGOTU2RDAyNkZGNzI0NjdBMUZBQkQ1OTA3RkZGRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgrj6B7otiVJRCnu9yuBOoLiGV
9S90lN8QbtPNEsXjzJ00ZDtQTKkdsSCjIjugN3PjvbUSZs5ZPqsm1fvMEbsQazJb
TxaJITHKSZJ1N0DvJEZiFOlssxZI2jZ4T0UF9u5PJ/9ZbFeYlZuN9Lpbe7qMu0vY
F83ylO2FsD+OUGzqxWOVzVoclct0EWKfYXprtClleNz8eSyFv9yVQ/uRkx5ZaiWi
AliaU18FOfd0SrVxT+3Wdcfouk9K/rYwIExLziY0ON94FD2M0XA9hEHHMUwaVL9P
qH+Mvq4QNnCAAusw3TEq+zi+4876l0SCFX8jY+bhsXwRD2lyokOegmvY3IRHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUfbuuSw75VtAm/3JGeh+r1ZB//9QwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0NTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABgPkcw
DQYJKoZIhvcNAQELBQADggEBAG/uA1f8DlwtPekruJnxHTIpbia9PpSbIIBrERpn
Ooeh/jFhR1WWBHw7q3lUE/0Eyb8zyk5yO2S2Ux8YVpAMJoluR1N+QLyTMDT4Onwm
MJMZ35bSluqGDEbx5XnmT1mSNcdc3DsoCmKqcEXZcc8+F9pksYTlmPxyjzROvTip
fgQQUsdK7VbY3pTHSFtv58Iyb/6Jfqvgi6ahPHtxRxrQ4B2Gx5gzJe65Bc+jp/dz
3Hahql59ipgeuAZdnEiyPThtJXtcdsWd/mhFfMLi4Q33mYYadxjAzboFYUuNtWMj
DGbVesOmy7PNtZ8cTZQxf2/S0YqMOlA079sUGR+7BnXoSmk=
-----END CERTIFICATE-----