Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS203771.roa
File:                     AS203771.roa (raw, json)
Hash identifier:          HtG3pqaVh+ZAKkChBzJXTHPTS+gFpvzv8pZkbW5Zqb8=
Subject key identifier:   43:3F:B7:E1:94:17:24:5B:BC:75:6D:4D:85:20:F2:7C:41:4C:A4:11
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       6E482435001CF86B33DEB975A12D25B070EF9EDB
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS203771.roa
Signing time:             Wed 15 Apr 2026 16:59:29 +0000
ROA not before:           Wed 15 Apr 2026 16:54:29 +0000
ROA not after:            Wed 14 Apr 2027 16:59:29 +0000
asID:                     203771
IP address blocks:        31.40.196.0/24 maxlen: 24
                          37.221.79.0/24 maxlen: 24
                          185.231.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:16:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:48:24:35:00:1c:f8:6b:33:de:b9:75:a1:2d:25:b0:70:ef:9e:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr 15 16:54:29 2026 GMT
            Not After : Apr 14 16:59:29 2027 GMT
        Subject: CN=433FB7E19417245BBC756D4D8520F27C414CA411
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a3:97:a7:05:db:15:4a:d7:b0:e9:db:a1:7f:
                    73:94:c0:00:65:1d:7c:3c:ea:b2:1d:a9:67:b0:61:
                    0a:aa:b5:27:97:b8:6a:29:14:58:55:9d:c9:22:af:
                    de:85:d7:aa:50:2e:01:b5:85:18:83:a6:b3:67:15:
                    3c:9f:d9:87:db:42:7d:08:0a:69:3c:80:76:92:5f:
                    85:86:90:e8:33:de:30:5d:6a:cc:11:65:eb:c4:34:
                    98:18:04:32:b3:30:b0:f1:c7:1f:b4:05:fb:ba:48:
                    da:72:2c:14:73:ac:06:a2:8e:d2:74:ee:1d:51:e7:
                    5a:e1:76:f7:de:e2:0f:1d:cb:45:8c:2e:d2:1f:1d:
                    bf:5d:ed:da:52:85:7c:7e:4b:15:62:76:1b:52:38:
                    b2:22:dd:d8:d8:de:14:5b:22:37:6b:50:17:60:b6:
                    b0:de:c5:b7:40:c8:5c:08:4d:cf:73:bf:1c:2a:3c:
                    f7:39:8c:5a:b9:94:53:96:8b:7a:64:f1:95:f1:91:
                    83:7f:ed:60:f3:5f:07:e6:b1:bc:60:34:11:25:81:
                    db:24:93:3b:9e:4b:f3:38:1c:c0:f1:d8:ba:ec:5a:
                    e9:4f:4d:5a:d9:83:18:c8:a6:3a:83:a8:9c:00:5d:
                    53:ee:64:fe:d8:b0:57:ee:66:88:fc:ec:a7:cf:5b:
                    fc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:3F:B7:E1:94:17:24:5B:BC:75:6D:4D:85:20:F2:7C:41:4C:A4:11
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS203771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.196.0/24
                  37.221.79.0/24
                  185.231.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:a1:40:e7:d3:de:fe:83:54:ef:7a:07:cd:19:43:0b:06:37:
         64:11:bf:e2:c3:9a:86:07:e0:a3:7c:ee:a4:ef:03:b5:fe:06:
         af:dd:b7:aa:05:be:78:ee:65:36:ec:56:50:92:43:e1:58:ff:
         71:6b:b2:29:09:b2:91:86:46:97:f9:19:fd:b9:7a:31:cc:66:
         4b:0c:97:10:f7:53:8a:4e:8a:1b:39:47:e5:b0:ee:db:4c:fa:
         d4:2c:37:66:61:ea:5e:82:51:aa:b1:1e:41:93:55:9e:28:99:
         6e:54:b7:3d:24:35:20:16:1c:dd:7c:fd:7d:58:81:6b:64:51:
         09:03:f3:3e:cb:0c:52:b2:4a:89:27:48:fd:7a:99:58:5a:9a:
         fc:92:af:a1:42:56:e9:9a:a0:90:7c:82:5e:a2:8f:79:fd:df:
         4d:f3:9d:a5:94:f8:78:0b:9c:3d:f9:32:28:c4:d4:25:c4:5e:
         18:be:15:bb:22:5c:27:cd:f6:71:6f:e4:b9:9d:17:59:a9:76:
         dd:57:3f:37:ca:12:d1:01:de:2b:c4:ac:6f:84:77:cb:10:23:
         c5:51:90:3e:25:c1:38:9c:f0:10:b5:ba:da:d4:8b:27:08:6f:
         d0:e4:37:00:c3:43:38:15:68:8d:fd:32:9e:c2:02:70:39:2f:
         7a:73:61:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUbkgkNQAc+Gsz3rl1oS0lsHDvntswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MTUxNjU0MjlaFw0yNzA0MTQxNjU5MjlaMDMxMTAvBgNV
BAMTKDQzM0ZCN0UxOTQxNzI0NUJCQzc1NkQ0RDg1MjBGMjdDNDE0Q0E0MTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgo5enBdsVStew6duhf3OUwABl
HXw86rIdqWewYQqqtSeXuGopFFhVnckir96F16pQLgG1hRiDprNnFTyf2YfbQn0I
Cmk8gHaSX4WGkOgz3jBdaswRZevENJgYBDKzMLDxxx+0Bfu6SNpyLBRzrAaijtJ0
7h1R51rhdvfe4g8dy0WMLtIfHb9d7dpShXx+SxVidhtSOLIi3djY3hRbIjdrUBdg
trDexbdAyFwITc9zvxwqPPc5jFq5lFOWi3pk8ZXxkYN/7WDzXwfmsbxgNBElgdsk
kzueS/M4HMDx2LrsWulPTVrZgxjIpjqDqJwAXVPuZP7YsFfuZoj87KfPW/yBAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUQz+34ZQXJFu8dW1NhSDyfEFMpBEwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjAzNzcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHyjE
AwQAJd1PAwQAuefiMA0GCSqGSIb3DQEBCwUAA4IBAQDXoUDn097+g1TvegfNGUML
BjdkEb/iw5qGB+CjfO6k7wO1/gav3beqBb547mU27FZQkkPhWP9xa7IpCbKRhkaX
+Rn9uXoxzGZLDJcQ91OKToobOUflsO7bTPrULDdmYepeglGqsR5Bk1WeKJluVLc9
JDUgFhzdfP19WIFrZFEJA/M+ywxSskqJJ0j9eplYWpr8kq+hQlbpmqCQfIJeoo95
/d9N852llPh4C5w9+TIoxNQlxF4YvhW7IlwnzfZxb+S5nRdZqXbdVz83yhLRAd4r
xKxvhHfLECPFUZA+JcE4nPAQtbra1IsnCG/Q5DcAw0M4FWiN/TKewgJwOS96c2Hj
-----END CERTIFICATE-----