Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          bjlCs1cn8SZvrAA+XVOeFzTEEDwkFKKTeVLvOLa+FN0=
Subject key identifier:   F3:BE:5B:4C:F2:9C:F0:4E:88:1B:3A:EF:79:28:B3:DB:C1:CC:F6:39
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       174D40C2B99243BFC1C4DCB9BBE7E484B987372A
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS20326.roa
Signing time:             Mon 03 Nov 2025 08:30:42 +0000
ROA not before:           Mon 03 Nov 2025 08:25:42 +0000
ROA not after:            Mon 02 Nov 2026 08:30:42 +0000
asID:                     20326
IP address blocks:        82.139.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:4d:40:c2:b9:92:43:bf:c1:c4:dc:b9:bb:e7:e4:84:b9:87:37:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Nov  3 08:25:42 2025 GMT
            Not After : Nov  2 08:30:42 2026 GMT
        Subject: CN=F3BE5B4CF29CF04E881B3AEF7928B3DBC1CCF639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d3:c2:5f:35:ff:40:2d:e2:a2:f3:f3:aa:a6:
                    97:5b:7f:95:16:39:ce:5d:37:94:f1:d5:0c:84:18:
                    8f:db:46:48:d6:7b:04:86:0e:91:db:00:38:97:35:
                    dc:ad:7d:cc:9d:5a:ce:34:8a:42:c8:c0:97:66:17:
                    d6:c9:31:cb:f8:1b:85:19:a8:63:23:a6:18:f6:c1:
                    3e:d7:e0:48:13:09:cd:3f:02:88:24:91:fb:7d:0f:
                    51:91:e3:a8:ff:e2:6b:1b:6c:e3:46:4f:9c:12:99:
                    e5:45:32:34:24:76:58:9b:c7:96:3a:cb:1a:15:71:
                    a9:e3:b2:4a:3c:d4:7d:ed:ec:39:ad:91:d5:89:b8:
                    19:c4:c2:89:8c:56:b5:4d:35:c0:4c:6d:40:39:e7:
                    ea:11:18:c4:cb:7f:9c:1b:fc:9d:d0:00:da:4f:51:
                    b9:0e:ed:82:97:7c:ca:89:b5:1e:57:bb:89:c4:eb:
                    cd:6e:ef:31:55:fe:2d:87:05:5d:e6:0c:49:1a:f1:
                    05:4c:e0:58:0a:ab:b2:60:41:2c:92:bf:11:6a:00:
                    50:ba:98:4e:dc:5e:64:dd:46:23:c3:b6:14:f7:4c:
                    62:61:fa:93:2f:71:5b:e7:68:6a:35:30:77:50:27:
                    60:5a:13:ae:cb:22:6b:c9:95:7e:2b:5c:7f:e8:e7:
                    63:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:BE:5B:4C:F2:9C:F0:4E:88:1B:3A:EF:79:28:B3:DB:C1:CC:F6:39
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:d4:b4:27:73:ce:5d:17:8d:e3:ff:11:f9:84:b2:d0:02:9e:
         c5:83:f9:83:7a:38:ac:15:f4:2d:d0:85:6d:c0:bf:f7:b2:06:
         5e:44:6f:25:a2:78:a9:16:be:55:5c:65:01:a3:a9:3b:fc:df:
         3e:f5:1a:24:4a:96:48:2f:e0:e7:9d:86:01:2a:55:61:a3:98:
         c5:27:74:d1:be:9c:bb:2f:62:6a:4d:f1:b4:5f:90:1a:89:ff:
         06:e6:4f:2f:b4:00:19:21:44:f2:bb:de:c1:4a:ab:ad:af:84:
         03:dc:8e:65:7f:5f:58:c2:6e:e0:64:86:d8:3d:ae:f1:75:b6:
         22:73:67:46:88:98:c0:fd:e9:c4:bf:db:bc:fa:38:8f:50:4d:
         83:3f:b7:6b:7f:4d:a1:b2:09:eb:07:52:45:4b:0b:2e:31:f2:
         aa:03:d8:61:97:98:93:d5:6a:75:6b:54:07:e0:5d:91:c8:3b:
         b9:f3:6e:7c:54:8b:c6:a6:d7:32:42:a7:2d:15:c9:e9:ab:f4:
         6f:86:28:0a:41:17:09:b0:97:3c:b0:9c:d5:32:cb:7e:27:88:
         67:a2:ce:5c:92:6c:05:9d:65:6f:fc:1d:dc:75:ca:47:ad:ae:
         2c:ba:82:d9:a4:c0:61:6b:fa:d0:c9:22:3e:0e:4b:dd:b1:5d:
         3a:c6:29:fb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUF01AwrmSQ7/BxNy5u+fkhLmHNyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTExMDMwODI1NDJaFw0yNjExMDIwODMwNDJaMDMxMTAvBgNV
BAMTKEYzQkU1QjRDRjI5Q0YwNEU4ODFCM0FFRjc5MjhCM0RCQzFDQ0Y2MzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl08JfNf9ALeKi8/Oqppdbf5UW
Oc5dN5Tx1QyEGI/bRkjWewSGDpHbADiXNdytfcydWs40ikLIwJdmF9bJMcv4G4UZ
qGMjphj2wT7X4EgTCc0/Aogkkft9D1GR46j/4msbbONGT5wSmeVFMjQkdlibx5Y6
yxoVcanjsko81H3t7DmtkdWJuBnEwomMVrVNNcBMbUA55+oRGMTLf5wb/J3QANpP
UbkO7YKXfMqJtR5Xu4nE681u7zFV/i2HBV3mDEka8QVM4FgKq7JgQSySvxFqAFC6
mE7cXmTdRiPDthT3TGJh+pMvcVvnaGo1MHdQJ2BaE67LImvJlX4rXH/o52OxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU875bTPKc8E6IGzrveSiz28HM9jkwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSi+0w
DQYJKoZIhvcNAQELBQADggEBABXUtCdzzl0XjeP/EfmEstACnsWD+YN6OKwV9C3Q
hW3Av/eyBl5EbyWieKkWvlVcZQGjqTv83z71GiRKlkgv4OedhgEqVWGjmMUndNG+
nLsvYmpN8bRfkBqJ/wbmTy+0ABkhRPK73sFKq62vhAPcjmV/X1jCbuBkhtg9rvF1
tiJzZ0aImMD96cS/27z6OI9QTYM/t2t/TaGyCesHUkVLCy4x8qoD2GGXmJPVanVr
VAfgXZHIO7nzbnxUi8am1zJCpy0Vyemr9G+GKApBFwmwlzywnNUyy34niGeizlyS
bAWdZW/8Hdx1yketriy6gtmkwGFr+tDJIj4OS92xXTrGKfs=
-----END CERTIFICATE-----