Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa
File:                     AS20454.roa (raw, json)
Hash identifier:          F5LNbHw4KzYRUsgu10KnLuC7B6WJKVs+zeCFEph0TnA=
Subject key identifier:   79:57:A8:CF:7B:B0:3D:4E:9F:5B:11:90:43:3D:8D:F0:47:6F:9E:F5
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7CF4D3197437DFBBCB4CF791B00DA6D7B5B3FC62
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa
Signing time:             Fri 20 Feb 2026 12:35:23 +0000
ROA not before:           Fri 20 Feb 2026 12:30:23 +0000
ROA not after:            Fri 19 Feb 2027 12:35:23 +0000
asID:                     20454
IP address blocks:        96.62.103.0/24 maxlen: 24
                          96.62.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:f4:d3:19:74:37:df:bb:cb:4c:f7:91:b0:0d:a6:d7:b5:b3:fc:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 20 12:30:23 2026 GMT
            Not After : Feb 19 12:35:23 2027 GMT
        Subject: CN=7957A8CF7BB03D4E9F5B1190433D8DF0476F9EF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:15:3d:90:e3:d9:33:65:3b:0a:e7:47:81:89:
                    6a:1f:a9:fc:bb:93:fa:7c:a6:67:4f:4a:57:b8:fb:
                    46:3a:db:c3:e4:67:a4:fc:e7:5d:17:e4:da:78:bf:
                    54:5c:a1:0e:05:01:f6:9c:e2:08:1f:d7:8c:05:29:
                    cd:f9:77:9f:7c:84:7a:a6:ef:e1:bd:39:93:a6:61:
                    ff:bf:7d:48:b8:61:7a:34:9c:d9:6f:d1:b7:dd:c6:
                    6d:02:e5:30:e9:4b:19:f0:4f:7d:4b:f9:d2:04:72:
                    0f:35:72:d1:07:b1:be:b2:13:ca:d3:6c:dd:42:4f:
                    d1:da:ab:ec:44:e3:c2:b2:a4:04:28:84:b9:3b:bb:
                    49:7c:62:3a:c9:8c:72:8d:fd:2a:59:6b:54:3a:d2:
                    b6:49:77:c4:57:c4:87:c7:eb:53:87:ed:40:1e:7e:
                    8d:a1:9f:01:36:cb:70:09:26:db:e6:e1:ef:ff:d2:
                    45:21:bd:de:f3:15:ef:5c:da:af:64:cb:24:13:f3:
                    99:9e:70:05:9c:37:69:dc:ca:53:de:33:e4:f8:5f:
                    28:47:07:cd:43:b3:07:6f:41:9c:85:6f:51:c2:1d:
                    0f:8e:0d:69:1f:8e:e2:ca:c0:40:fe:21:33:47:d4:
                    75:dc:85:10:1f:46:06:c7:67:14:9e:1c:49:74:4a:
                    6c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:57:A8:CF:7B:B0:3D:4E:9F:5B:11:90:43:3D:8D:F0:47:6F:9E:F5
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20454.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.103.0/24
                  96.62.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:20:85:e7:40:a5:a8:d7:a8:68:b0:4c:c3:a5:75:e3:a9:3a:
         fd:cb:ce:40:e0:17:a1:73:60:14:80:39:16:3d:3a:ca:9a:30:
         b8:03:88:a3:9e:aa:c8:9f:36:6d:76:49:16:08:27:38:55:fa:
         2f:b4:cf:c3:b3:e8:1b:8a:d9:bc:d6:4f:eb:44:37:77:de:dc:
         b5:94:b0:02:fb:da:89:71:80:b3:09:8b:d7:89:bf:2f:06:ae:
         a5:67:a2:6c:c1:db:82:3b:65:54:80:95:63:aa:dc:e4:8a:9a:
         72:38:db:8a:d0:41:ae:07:45:dc:29:13:a4:d3:48:41:2b:31:
         6e:e7:9e:27:77:d4:a9:eb:a4:92:b1:4f:08:a2:70:2c:a6:10:
         29:89:30:06:66:98:3c:9a:74:29:42:2b:44:91:95:53:6f:f5:
         4b:11:21:bf:d1:b2:d0:bc:09:b9:54:99:f8:44:7d:fc:f4:15:
         9b:84:0c:f8:1d:48:79:04:e6:9a:aa:9d:89:d3:f3:38:26:e5:
         03:70:da:b2:60:ad:33:a6:f6:d7:c6:06:f8:8e:02:a1:2f:78:
         6d:31:1a:3e:a4:73:d7:77:62:e0:cd:c0:9c:99:81:8c:12:b7:
         5a:52:f9:f0:59:91:2d:d6:51:6d:4a:be:b2:a9:85:87:a9:79:
         dc:7b:f4:87
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUfPTTGXQ337vLTPeRsA2m17Wz/GIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMjAxMjMwMjNaFw0yNzAyMTkxMjM1MjNaMDMxMTAvBgNV
BAMTKDc5NTdBOENGN0JCMDNENEU5RjVCMTE5MDQzM0Q4REYwNDc2RjlFRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJFT2Q49kzZTsK50eBiWofqfy7
k/p8pmdPSle4+0Y628PkZ6T8510X5Np4v1RcoQ4FAfac4ggf14wFKc35d598hHqm
7+G9OZOmYf+/fUi4YXo0nNlv0bfdxm0C5TDpSxnwT31L+dIEcg81ctEHsb6yE8rT
bN1CT9Haq+xE48KypAQohLk7u0l8YjrJjHKN/SpZa1Q60rZJd8RXxIfH61OH7UAe
fo2hnwE2y3AJJtvm4e//0kUhvd7zFe9c2q9kyyQT85mecAWcN2ncylPeM+T4XyhH
B81DswdvQZyFb1HCHQ+ODWkfjuLKwED+ITNH1HXchRAfRgbHZxSeHEl0SmynAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUeVeoz3uwPU6fWxGQQz2N8EdvnvUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0NTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABgPmcD
BABgPvMwDQYJKoZIhvcNAQELBQADggEBAAUghedApajXqGiwTMOldeOpOv3LzkDg
F6FzYBSAORY9OsqaMLgDiKOeqsifNm12SRYIJzhV+i+0z8Oz6BuK2bzWT+tEN3fe
3LWUsAL72olxgLMJi9eJvy8GrqVnomzB24I7ZVSAlWOq3OSKmnI424rQQa4HRdwp
E6TTSEErMW7nnid31KnrpJKxTwiicCymECmJMAZmmDyadClCK0SRlVNv9UsRIb/R
stC8CblUmfhEffz0FZuEDPgdSHkE5pqqnYnT8zgm5QNw2rJgrTOm9tfGBviOAqEv
eG0xGj6kc9d3YuDNwJyZgYwSt1pS+fBZkS3WUW1KvrKphYepedx79Ic=
-----END CERTIFICATE-----