Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS204828.roa
File:                     AS204828.roa (raw, json)
Hash identifier:          pGRCHIpaNPQ6B/kbqgzkKuu4owhroHTcUJWQ4jhLB10=
Subject key identifier:   2D:B6:3A:A7:4A:46:1B:5B:DB:71:DE:F6:78:86:63:C1:7B:12:66:9C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       44706008E80BB23550C845AAE918AE2FE06348B8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS204828.roa
Signing time:             Wed 11 Jun 2025 16:54:09 +0000
ROA not before:           Wed 11 Jun 2025 16:49:09 +0000
ROA not after:            Wed 10 Jun 2026 16:54:09 +0000
asID:                     204828
IP address blocks:        146.103.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:70:60:08:e8:0b:b2:35:50:c8:45:aa:e9:18:ae:2f:e0:63:48:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 11 16:49:09 2025 GMT
            Not After : Jun 10 16:54:09 2026 GMT
        Subject: CN=2DB63AA74A461B5BDB71DEF6788663C17B12669C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a4:19:66:d2:ae:e0:17:6d:8c:c3:6b:fd:e8:
                    97:f8:92:a9:c5:14:59:60:9e:e7:c7:e9:50:50:45:
                    52:1a:b1:d3:de:e1:47:69:bc:cd:b0:4b:c5:c4:11:
                    73:d6:68:f3:ac:c9:f0:62:39:59:79:4b:5b:73:ce:
                    26:d9:68:c0:f8:5d:b4:92:d0:06:5e:7d:a6:2d:8c:
                    f8:ee:f1:82:e1:49:93:ce:27:a4:27:c3:06:0d:ea:
                    f6:e2:c5:88:46:32:a1:b5:9f:91:cb:25:af:47:7d:
                    e0:cf:a6:51:82:5a:e6:11:44:ac:70:94:9a:22:0e:
                    84:83:cf:98:a1:30:dd:dd:d3:a7:01:63:21:bb:c8:
                    a7:e3:b3:6a:b4:3b:c2:9d:b0:e4:cf:46:64:ee:55:
                    db:16:8e:74:61:83:47:2b:6b:f2:82:5d:5c:71:8c:
                    36:2e:11:84:54:e4:38:f9:4a:60:c4:e5:04:a7:32:
                    42:1a:a0:14:cf:ea:fd:fa:21:6d:0e:04:18:13:66:
                    54:b8:d8:e8:72:c9:57:21:b5:d3:0e:1a:c2:e4:10:
                    6b:d0:bc:24:94:fc:98:9c:f4:32:4b:7b:c9:a4:01:
                    e1:1d:1a:73:5b:17:04:72:84:37:07:27:af:eb:39:
                    fa:ea:42:ae:76:9e:7f:8d:0e:07:2c:0b:26:d7:89:
                    48:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B6:3A:A7:4A:46:1B:5B:DB:71:DE:F6:78:86:63:C1:7B:12:66:9C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS204828.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:e5:60:28:ce:6b:bf:f1:bb:d5:1d:ad:f3:e7:80:d7:61:26:
         83:d6:10:8b:41:19:35:be:0b:ed:05:b9:10:f2:5e:1c:26:57:
         73:27:9f:b7:d8:cf:6e:e2:75:bb:a6:c0:01:2d:3f:fb:17:a8:
         dd:d1:43:ef:50:39:34:a5:2a:47:f6:52:1a:b6:ba:ca:89:01:
         ad:a3:86:fe:4a:22:35:b5:b6:58:57:8c:23:02:b6:a1:b5:70:
         f7:24:a2:1d:af:20:9e:79:c4:8d:5c:5f:b4:50:51:85:86:9b:
         98:b4:03:29:7f:76:43:42:29:b3:2c:f6:c5:6b:01:07:35:fe:
         f8:dc:9c:15:2b:7c:df:87:4a:20:ec:65:f9:9f:8b:c6:74:07:
         0a:f9:7c:f8:1e:4e:80:c5:77:01:72:a9:2d:f1:b5:e3:8f:fe:
         3a:4e:09:13:f2:c9:f3:2a:5a:70:91:67:72:83:4b:79:3c:3c:
         fc:65:9e:bb:a7:ea:01:7c:41:c9:45:c7:47:80:f9:69:10:55:
         0f:4f:f9:0b:e6:cd:1f:17:2c:fc:37:8a:7f:d1:82:f9:d4:92:
         c6:d2:70:60:93:47:c5:ad:71:d8:55:5c:68:78:fc:2c:be:ad:
         c8:ce:cf:0b:cb:0e:44:4a:69:2f:99:08:dd:2e:56:5d:a1:bf:
         38:79:16:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURHBgCOgLsjVQyEWq6RiuL+BjSLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MTExNjQ5MDlaFw0yNjA2MTAxNjU0MDlaMDMxMTAvBgNV
BAMTKDJEQjYzQUE3NEE0NjFCNUJEQjcxREVGNjc4ODY2M0MxN0IxMjY2OUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMpBlm0q7gF22Mw2v96Jf4kqnF
FFlgnufH6VBQRVIasdPe4UdpvM2wS8XEEXPWaPOsyfBiOVl5S1tzzibZaMD4XbSS
0AZefaYtjPju8YLhSZPOJ6QnwwYN6vbixYhGMqG1n5HLJa9HfeDPplGCWuYRRKxw
lJoiDoSDz5ihMN3d06cBYyG7yKfjs2q0O8KdsOTPRmTuVdsWjnRhg0cra/KCXVxx
jDYuEYRU5Dj5SmDE5QSnMkIaoBTP6v36IW0OBBgTZlS42OhyyVchtdMOGsLkEGvQ
vCSU/Jic9DJLe8mkAeEdGnNbFwRyhDcHJ6/rOfrqQq52nn+NDgcsCybXiUiFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULbY6p0pGG1vbcd72eIZjwXsSZpwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0ODI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc0
MA0GCSqGSIb3DQEBCwUAA4IBAQCo5WAozmu/8bvVHa3z54DXYSaD1hCLQRk1vgvt
BbkQ8l4cJldzJ5+32M9u4nW7psABLT/7F6jd0UPvUDk0pSpH9lIatrrKiQGto4b+
SiI1tbZYV4wjArahtXD3JKIdryCeecSNXF+0UFGFhpuYtAMpf3ZDQimzLPbFawEH
Nf743JwVK3zfh0og7GX5n4vGdAcK+Xz4Hk6AxXcBcqkt8bXjj/46TgkT8snzKlpw
kWdyg0t5PDz8ZZ67p+oBfEHJRcdHgPlpEFUPT/kL5s0fFyz8N4p/0YL51JLG0nBg
k0fFrXHYVVxoePwsvq3Izs8Lyw5ESmkvmQjdLlZdob84eRbD
-----END CERTIFICATE-----