Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS203090.roa
File:                     AS203090.roa (raw, json)
Hash identifier:          95D0Arn7lpyqFL3B8dufB9pDMQUEoH2IzMD4dnhwEvw=
Subject key identifier:   3B:4B:23:D6:5C:C8:DB:77:DF:54:8B:18:77:8B:6D:00:F6:6A:6D:32
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       44C2271624CC3428D53FF9760ECD877ADA5C954A
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS203090.roa
Signing time:             Mon 23 Feb 2026 18:17:25 +0000
ROA not before:           Mon 23 Feb 2026 18:12:25 +0000
ROA not after:            Mon 22 Feb 2027 18:17:25 +0000
asID:                     203090
IP address blocks:        212.60.151.0/24 maxlen: 24
                          212.60.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 05:29:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:c2:27:16:24:cc:34:28:d5:3f:f9:76:0e:cd:87:7a:da:5c:95:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Feb 23 18:12:25 2026 GMT
            Not After : Feb 22 18:17:25 2027 GMT
        Subject: CN=3B4B23D65CC8DB77DF548B18778B6D00F66A6D32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5a:4d:f7:85:39:91:74:a0:b1:6c:da:cb:0c:
                    3f:05:44:39:79:81:05:f6:44:eb:d3:cb:f2:df:56:
                    3f:42:f5:62:90:7b:de:5e:5e:9d:f5:b5:73:bd:55:
                    23:72:f6:9f:81:af:db:47:33:47:5e:bb:92:7f:30:
                    b0:df:88:61:c5:5c:e3:2c:55:1d:00:53:c9:99:29:
                    58:03:e1:81:d4:6e:d4:d9:2c:9e:21:41:4b:ed:71:
                    23:31:5e:a8:ae:0e:b4:ff:86:7b:82:4a:b1:03:42:
                    77:2e:cf:64:86:7a:78:60:e2:69:76:5a:69:ab:f4:
                    83:76:f7:19:5f:a5:66:ef:51:17:15:11:e1:1f:9a:
                    0b:e3:cf:ed:ef:4a:fe:15:27:fd:da:78:d2:c4:29:
                    dc:e5:93:c5:2b:c3:bc:9f:94:1a:74:6f:88:4f:19:
                    ff:15:8d:66:8a:82:34:ed:71:3b:d5:71:03:b4:79:
                    dd:4b:f4:bb:c6:c3:0a:1b:00:a1:65:ef:7b:ca:48:
                    74:a0:05:be:2f:7d:87:cb:7f:00:8a:80:43:b1:22:
                    29:70:09:d1:fa:91:aa:61:0c:b9:3a:c5:87:3e:cd:
                    69:9c:1c:e5:f3:81:de:8a:b0:ce:3e:d9:db:87:38:
                    f7:f8:1e:2d:e4:8e:31:cc:5a:4e:a7:ad:ff:b8:50:
                    80:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:4B:23:D6:5C:C8:DB:77:DF:54:8B:18:77:8B:6D:00:F6:6A:6D:32
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS203090.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.151.0/24
                  212.60.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:b3:0e:48:68:23:f9:fe:a4:f4:a8:8a:50:df:95:a8:5c:f9:
         50:22:e7:47:69:b1:b9:5d:99:c0:7b:07:52:43:0e:51:8b:9a:
         73:6c:e5:73:fe:05:d7:ee:5c:91:50:43:b3:4c:cb:22:8c:bc:
         85:ab:1a:28:a3:89:b2:42:d4:2d:9f:2a:cb:0c:be:ee:d7:dd:
         3f:2d:d0:d7:4e:86:6b:cc:20:74:c7:a4:ed:45:a9:ea:b1:b4:
         ee:71:11:77:3f:3e:72:48:11:47:c3:c6:6c:de:7c:29:f1:2c:
         a1:bd:6d:b9:68:bd:1a:97:27:71:0d:5a:32:40:a5:ed:a1:40:
         78:c7:3f:5f:ea:a6:49:71:91:0b:20:2c:63:cc:94:5d:dd:80:
         01:68:2f:df:ef:d0:35:96:43:0f:49:52:0b:93:eb:26:36:22:
         a0:c6:a5:36:4f:b0:37:eb:25:d2:b5:2b:02:3d:38:fc:26:d8:
         11:2e:5f:41:5e:dc:d3:2f:a5:fa:5b:83:0f:3e:2c:9c:35:21:
         f5:0e:83:83:e3:84:cb:b7:62:f3:2f:b6:11:5f:60:5c:5b:f2:
         1c:63:9e:36:de:c4:11:89:7e:78:b7:e3:24:ec:f2:f5:a8:a2:
         dc:c3:9d:3b:bc:05:5a:07:b8:25:76:b6:ef:47:37:1c:cb:99:
         10:0c:45:d3
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURMInFiTMNCjVP/l2Ds2HetpclUowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAyMjMxODEyMjVaFw0yNzAyMjIxODE3MjVaMDMxMTAvBgNV
BAMTKDNCNEIyM0Q2NUNDOERCNzdERjU0OEIxODc3OEI2RDAwRjY2QTZEMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZWk33hTmRdKCxbNrLDD8FRDl5
gQX2ROvTy/LfVj9C9WKQe95eXp31tXO9VSNy9p+Br9tHM0deu5J/MLDfiGHFXOMs
VR0AU8mZKVgD4YHUbtTZLJ4hQUvtcSMxXqiuDrT/hnuCSrEDQncuz2SGenhg4ml2
Wmmr9IN29xlfpWbvURcVEeEfmgvjz+3vSv4VJ/3aeNLEKdzlk8Urw7yflBp0b4hP
Gf8VjWaKgjTtcTvVcQO0ed1L9LvGwwobAKFl73vKSHSgBb4vfYfLfwCKgEOxIilw
CdH6kaphDLk6xYc+zWmcHOXzgd6KsM4+2duHOPf4Hi3kjjHMWk6nrf+4UICTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUO0sj1lzI23ffVIsYd4ttAPZqbTIwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjAzMDkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1DyX
AwQA1DyZMA0GCSqGSIb3DQEBCwUAA4IBAQCOsw5IaCP5/qT0qIpQ35WoXPlQIudH
abG5XZnAewdSQw5Ri5pzbOVz/gXX7lyRUEOzTMsijLyFqxooo4myQtQtnyrLDL7u
190/LdDXToZrzCB0x6TtRanqsbTucRF3Pz5ySBFHw8Zs3nwp8SyhvW25aL0alydx
DVoyQKXtoUB4xz9f6qZJcZELICxjzJRd3YABaC/f79A1lkMPSVILk+smNiKgxqU2
T7A36yXStSsCPTj8JtgRLl9BXtzTL6X6W4MPPiycNSH1DoOD44TLt2LzL7YRX2Bc
W/IcY5423sQRiX54t+Mk7PL1qKLcw507vAVaB7gldrbvRzccy5kQDEXT
-----END CERTIFICATE-----