Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS203771.roa
File:                     AS203771.roa (raw, json)
Hash identifier:          p08h20csOyyCUHGJ2/o0ZGEIRw+IMqn9UnmVeKaqJHU=
Subject key identifier:   DB:CF:5E:EA:BB:B3:01:44:A7:F0:46:CF:30:19:5F:07:D0:06:4F:11
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       35F16E465E5571D0C1C380E6945FBE0896439DF1
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS203771.roa
Signing time:             Mon 16 Feb 2026 14:53:55 +0000
ROA not before:           Mon 16 Feb 2026 14:48:55 +0000
ROA not after:            Mon 15 Feb 2027 14:53:55 +0000
asID:                     203771
IP address blocks:        31.40.196.0/24 maxlen: 24
                          37.221.79.0/24 maxlen: 24
                          185.231.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:f1:6e:46:5e:55:71:d0:c1:c3:80:e6:94:5f:be:08:96:43:9d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Feb 16 14:48:55 2026 GMT
            Not After : Feb 15 14:53:55 2027 GMT
        Subject: CN=DBCF5EEABBB30144A7F046CF30195F07D0064F11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:60:db:23:d8:4c:14:e1:8d:ff:9d:b1:a3:27:
                    f7:14:fa:62:ad:96:2d:53:97:3c:06:65:bc:98:fa:
                    83:3d:b6:b9:8e:94:8e:0b:e5:1f:74:a3:8a:82:3e:
                    26:50:ab:a6:02:c4:d1:a7:88:e2:ad:91:41:7e:bd:
                    2a:4b:86:48:d7:12:08:a9:49:c0:7b:f9:23:04:98:
                    b7:8c:8f:b2:11:33:c5:cd:43:31:66:cc:62:c0:1d:
                    57:e1:9e:72:fe:3b:17:c5:22:81:70:a8:12:dc:c5:
                    f2:06:9e:7b:fd:fc:84:b9:98:44:f2:94:67:94:1d:
                    f9:b2:61:6d:9a:a4:84:2b:ba:50:2a:39:dd:aa:f8:
                    27:a2:59:cd:44:59:3a:a7:a1:40:ca:f6:26:30:3f:
                    1e:73:1b:03:c4:2f:e6:99:92:4e:8f:69:1c:b3:59:
                    11:9d:f7:6e:3a:3b:30:79:62:21:5c:71:54:4c:fd:
                    52:cf:12:0d:c9:4c:6d:c9:e8:23:f8:4b:ea:df:12:
                    52:31:a7:8a:0b:bd:5a:9f:bc:b6:c9:45:87:2e:56:
                    a3:01:55:bc:db:79:9e:d6:5f:2c:d0:f0:f4:77:5d:
                    51:d2:0e:9d:8e:fe:ad:0e:53:27:dc:a5:0c:5a:b4:
                    0c:3f:4f:0c:37:f5:f3:03:33:6d:19:48:80:bd:3e:
                    a5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:CF:5E:EA:BB:B3:01:44:A7:F0:46:CF:30:19:5F:07:D0:06:4F:11
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS203771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.196.0/24
                  37.221.79.0/24
                  185.231.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:73:db:99:81:9c:68:cb:56:31:b9:53:f7:4c:a6:2b:ea:8a:
         92:ee:00:4e:92:c3:77:81:7e:f2:56:cd:16:eb:8b:ad:fd:af:
         08:aa:14:91:f9:1a:7f:b0:e5:42:20:41:a5:d9:28:b5:90:23:
         68:1f:26:ff:3f:b4:2f:24:cb:24:3f:b9:d4:e6:34:e8:29:13:
         5b:92:90:0d:23:50:e9:26:85:34:80:b4:3a:29:dc:57:32:3e:
         4a:ca:da:27:0f:a3:fe:bc:d5:90:12:0c:4f:8b:2a:00:18:71:
         74:d4:20:19:71:e7:09:48:99:6e:ea:e9:0b:43:13:a8:3b:a5:
         02:99:9d:cd:7a:6d:61:24:7f:39:ef:b7:28:18:1f:6a:5a:00:
         46:7e:f3:08:7b:4c:f1:ac:81:8f:79:73:d1:cf:a0:be:6c:18:
         dc:e8:bb:24:1d:66:a2:87:c7:5f:af:c4:5d:1e:91:99:39:62:
         36:56:c5:4b:c9:32:98:a4:19:3d:4b:1d:7c:d2:4c:4a:47:aa:
         23:33:99:08:47:42:8d:14:c6:47:5d:3d:e1:50:1d:2d:a1:0e:
         14:20:2d:08:19:28:48:3b:11:fc:19:3c:0b:e0:f5:c5:79:99:
         ec:19:d6:7b:93:03:08:8a:3f:c7:bf:28:ca:f9:0a:a3:82:e5:
         ee:af:10:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUNfFuRl5VcdDBw4DmlF++CJZDnfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjAyMTYxNDQ4NTVaFw0yNzAyMTUxNDUzNTVaMDMxMTAvBgNV
BAMTKERCQ0Y1RUVBQkJCMzAxNDRBN0YwNDZDRjMwMTk1RjA3RDAwNjRGMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0YNsj2EwU4Y3/nbGjJ/cU+mKt
li1TlzwGZbyY+oM9trmOlI4L5R90o4qCPiZQq6YCxNGniOKtkUF+vSpLhkjXEgip
ScB7+SMEmLeMj7IRM8XNQzFmzGLAHVfhnnL+OxfFIoFwqBLcxfIGnnv9/IS5mETy
lGeUHfmyYW2apIQrulAqOd2q+CeiWc1EWTqnoUDK9iYwPx5zGwPEL+aZkk6PaRyz
WRGd9246OzB5YiFccVRM/VLPEg3JTG3J6CP4S+rfElIxp4oLvVqfvLbJRYcuVqMB
VbzbeZ7WXyzQ8PR3XVHSDp2O/q0OUyfcpQxatAw/Tww39fMDM20ZSIC9PqWrAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU289e6ruzAUSn8EbPMBlfB9AGTxEwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjAzNzcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHyjE
AwQAJd1PAwQAuefiMA0GCSqGSIb3DQEBCwUAA4IBAQDRc9uZgZxoy1YxuVP3TKYr
6oqS7gBOksN3gX7yVs0W64ut/a8IqhSR+Rp/sOVCIEGl2Si1kCNoHyb/P7QvJMsk
P7nU5jToKRNbkpANI1DpJoU0gLQ6KdxXMj5KytonD6P+vNWQEgxPiyoAGHF01CAZ
cecJSJlu6ukLQxOoO6UCmZ3Nem1hJH8577coGB9qWgBGfvMIe0zxrIGPeXPRz6C+
bBjc6LskHWaih8dfr8RdHpGZOWI2VsVLyTKYpBk9Sx180kxKR6ojM5kIR0KNFMZH
XT3hUB0toQ4UIC0IGShIOxH8GTwL4PXFeZnsGdZ7kwMIij/HvyjK+QqjguXurxC6
-----END CERTIFICATE-----