Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa
File:                     AS20454.roa (raw, json)
Hash identifier:          WUVCa1ttZX6lIMZ0lRBZbgBMRNWTfYoY/F6pNviIZbw=
Subject key identifier:   72:31:A3:C9:1F:FC:5A:5C:47:5A:E7:A3:BF:0D:1B:E6:0C:4C:5D:99
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       39C2D9C562A2551670DF077AAF4ADD16B42F3583
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa
Signing time:             Mon 30 Mar 2026 10:49:49 +0000
ROA not before:           Mon 30 Mar 2026 10:44:49 +0000
ROA not after:            Mon 29 Mar 2027 10:49:49 +0000
asID:                     20454
IP address blocks:        96.62.103.0/24 maxlen: 24
                          96.62.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:c2:d9:c5:62:a2:55:16:70:df:07:7a:af:4a:dd:16:b4:2f:35:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 30 10:44:49 2026 GMT
            Not After : Mar 29 10:49:49 2027 GMT
        Subject: CN=7231A3C91FFC5A5C475AE7A3BF0D1BE60C4C5D99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c6:b7:fb:ce:7c:60:39:12:d3:83:8d:f8:31:
                    95:d0:20:34:87:be:74:2f:37:4e:9b:83:b2:f2:c0:
                    05:f0:e4:33:28:9a:93:0f:96:6f:9f:34:23:53:c0:
                    1f:ae:07:e4:3b:53:2f:1e:f0:ac:bf:e4:5b:6a:7a:
                    11:9c:d5:2c:47:04:59:08:61:3e:ef:6c:db:cb:ce:
                    9f:10:ea:31:4e:2f:bd:3e:8f:d6:d7:0f:41:23:f0:
                    54:6d:b5:29:fa:97:28:be:2a:a6:3b:0f:8e:3f:f4:
                    c4:65:84:c2:79:c8:93:8a:21:31:24:28:69:1d:b1:
                    d9:c9:85:af:29:b7:7e:d5:03:bf:53:12:dd:0e:03:
                    4a:08:ca:28:11:71:65:49:c4:bd:63:16:a2:26:53:
                    1a:31:c5:37:11:9e:22:07:e5:38:d8:d8:48:da:7d:
                    18:e9:2a:75:25:08:6f:25:7b:79:fe:a2:14:d2:61:
                    19:40:d5:6b:e9:d3:d9:f0:54:85:4b:f4:5f:8d:b1:
                    c5:56:7a:ef:a7:79:03:18:22:db:5c:64:76:0e:d3:
                    89:ac:58:54:97:61:3b:79:75:cc:29:ae:41:35:ab:
                    25:7d:16:6f:cd:e8:4d:b7:56:59:df:e1:3e:f1:c4:
                    5c:b0:4e:20:2a:c7:6f:6d:a6:56:10:5b:ab:41:97:
                    16:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:31:A3:C9:1F:FC:5A:5C:47:5A:E7:A3:BF:0D:1B:E6:0C:4C:5D:99
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.103.0/24
                  96.62.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c7:06:0c:73:46:ea:13:32:4d:3d:16:74:be:d9:67:00:c2:
         32:d3:c2:8c:1b:20:c9:fc:02:f7:35:0b:20:43:5e:a6:d6:14:
         8b:12:95:3e:c8:f9:b4:8c:4a:f4:8c:40:40:a5:a5:31:ba:14:
         d8:8d:7c:6c:18:cf:b4:18:01:7a:8f:83:3c:06:97:9b:af:31:
         8c:3d:b7:45:13:46:64:14:49:5a:96:d4:e0:c3:8a:df:b5:b7:
         08:81:08:97:cf:b0:05:3b:be:1a:5d:66:56:29:61:96:13:01:
         b1:02:61:27:e7:a0:fc:b8:40:98:8d:8d:98:6f:2e:a3:17:88:
         9e:0c:b3:1c:7f:bf:bc:00:66:bd:25:55:43:b6:2c:b7:16:96:
         30:01:2f:95:65:c6:ab:a4:d5:3f:22:31:62:3b:ef:55:f1:79:
         d0:11:b4:aa:88:5f:73:94:85:c8:9d:d1:11:89:3d:1b:19:93:
         71:fb:a3:4f:4a:f7:14:63:c4:14:fb:64:11:2b:73:f4:fd:73:
         c6:72:48:5f:82:2e:a7:19:66:49:76:90:84:40:8f:79:23:53:
         46:f0:f5:d1:de:d9:f5:2d:f9:c1:67:66:a6:0c:23:62:1d:fa:
         60:3b:69:17:0e:db:f6:87:0d:5d:0e:04:ed:f0:61:b8:56:7e:
         1b:00:68:07
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUOcLZxWKiVRZw3wd6r0rdFrQvNYMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMzAxMDQ0NDlaFw0yNzAzMjkxMDQ5NDlaMDMxMTAvBgNV
BAMTKDcyMzFBM0M5MUZGQzVBNUM0NzVBRTdBM0JGMEQxQkU2MEM0QzVEOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxrf7znxgORLTg434MZXQIDSH
vnQvN06bg7LywAXw5DMompMPlm+fNCNTwB+uB+Q7Uy8e8Ky/5FtqehGc1SxHBFkI
YT7vbNvLzp8Q6jFOL70+j9bXD0Ej8FRttSn6lyi+KqY7D44/9MRlhMJ5yJOKITEk
KGkdsdnJha8pt37VA79TEt0OA0oIyigRcWVJxL1jFqImUxoxxTcRniIH5TjY2Eja
fRjpKnUlCG8le3n+ohTSYRlA1Wvp09nwVIVL9F+NscVWeu+neQMYIttcZHYO04ms
WFSXYTt5dcwprkE1qyV9Fm/N6E23Vlnf4T7xxFywTiAqx29tplYQW6tBlxY7AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUcjGjyR/8WlxHWuejvw0b5gxMXZkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0NTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABgPmcD
BABgPtowDQYJKoZIhvcNAQELBQADggEBAEnHBgxzRuoTMk09FnS+2WcAwjLTwowb
IMn8Avc1CyBDXqbWFIsSlT7I+bSMSvSMQEClpTG6FNiNfGwYz7QYAXqPgzwGl5uv
MYw9t0UTRmQUSVqW1ODDit+1twiBCJfPsAU7vhpdZlYpYZYTAbECYSfnoPy4QJiN
jZhvLqMXiJ4Msxx/v7wAZr0lVUO2LLcWljABL5Vlxquk1T8iMWI771XxedARtKqI
X3OUhcid0RGJPRsZk3H7o09K9xRjxBT7ZBErc/T9c8ZySF+CLqcZZkl2kIRAj3kj
U0bw9dHe2fUt+cFnZqYMI2Id+mA7aRcO2/aHDV0OBO3wYbhWfhsAaAc=
-----END CERTIFICATE-----