Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20200.roa
File:                     AS20200.roa (raw, json)
Hash identifier:          IjTYZ274z4m1pM+K5O5Uvb6uHr4Fy1Oz/XI6VUc8lEA=
Subject key identifier:   7A:95:0B:8D:BD:51:90:2C:E9:38:3A:A1:AE:2C:9C:C6:86:CC:6D:F2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6A75032EE886D87E312C49FE81615CF137D10CC8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20200.roa
Signing time:             Tue 10 Jun 2025 06:57:45 +0000
ROA not before:           Tue 10 Jun 2025 06:52:45 +0000
ROA not after:            Tue 09 Jun 2026 06:57:45 +0000
asID:                     20200
IP address blocks:        82.21.75.0/24 maxlen: 24
                          82.24.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:75:03:2e:e8:86:d8:7e:31:2c:49:fe:81:61:5c:f1:37:d1:0c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 10 06:52:45 2025 GMT
            Not After : Jun  9 06:57:45 2026 GMT
        Subject: CN=7A950B8DBD51902CE9383AA1AE2C9CC686CC6DF2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d5:6d:34:cc:60:ae:61:53:7c:43:5b:b9:1b:
                    b4:55:58:ee:d4:95:27:66:6c:b7:58:55:be:1a:d1:
                    6b:42:bf:71:56:88:fc:11:63:29:08:c9:e2:a9:89:
                    74:10:4b:62:79:fb:bd:1c:99:37:13:08:b9:5c:e5:
                    ae:7a:f9:47:c7:87:bc:dd:f6:17:7e:27:1a:58:50:
                    97:b3:5d:7b:e7:1f:91:2d:68:05:52:85:63:e5:1a:
                    70:16:4b:e0:16:ff:51:03:5f:ca:40:40:a1:2c:f5:
                    14:c3:1f:00:f4:d7:0d:6c:c6:aa:c0:9b:63:42:df:
                    92:1d:7d:e5:63:27:b4:d6:b2:5b:90:bc:a8:a6:3d:
                    70:8a:7b:17:af:16:4e:7b:dd:fb:29:4b:82:be:23:
                    c3:9a:f2:c4:61:b6:ff:49:f9:eb:2d:91:e8:51:8e:
                    47:88:70:83:f9:13:2a:7c:5a:f2:ae:55:38:cb:8d:
                    ad:b3:c5:be:b2:55:2e:68:88:aa:a7:a0:59:76:cf:
                    95:94:6a:82:61:03:9f:12:89:d3:34:5c:bb:82:21:
                    81:bc:94:47:7d:89:3b:cc:03:33:c3:fc:a5:dd:80:
                    e9:39:d9:e5:a3:e8:77:12:62:c4:6a:48:02:8c:46:
                    61:e6:26:00:db:14:77:7c:32:73:0f:67:bf:eb:26:
                    5f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:95:0B:8D:BD:51:90:2C:E9:38:3A:A1:AE:2C:9C:C6:86:CC:6D:F2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20200.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.75.0/24
                  82.24.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:c3:d8:6a:d0:88:dc:23:b4:62:f4:62:88:a6:f9:a3:d1:8a:
         4d:38:33:cb:4a:a7:97:63:45:28:85:1c:d7:dd:d8:84:fd:ba:
         a3:86:9e:44:0b:0c:28:61:c3:81:5b:1b:30:1e:79:1a:f8:a4:
         80:65:1b:f4:0d:17:b8:3d:59:56:57:78:8b:55:87:37:ec:51:
         2c:6d:35:65:92:d1:3a:4f:de:8b:19:a2:3f:ed:20:99:99:c6:
         d8:2e:84:fd:3a:fb:87:2c:2e:94:a3:64:f6:7c:c2:c5:47:c0:
         0d:fa:58:05:c5:0a:ab:2e:08:7b:5a:63:a9:0f:6a:46:ec:27:
         43:55:e0:47:61:60:e7:01:d2:ee:82:97:7c:a0:7d:b7:df:76:
         e2:e4:4d:e5:c1:76:ae:a3:8c:5d:c7:dd:c6:51:32:59:4c:d3:
         0d:32:b1:fb:be:1e:ed:61:46:94:bc:c9:47:8e:8d:e7:1b:3b:
         a8:5f:06:00:38:60:24:a2:a4:87:b1:f7:26:61:e5:4a:55:37:
         1d:f9:5f:cb:35:ab:0b:71:66:99:94:37:0b:8c:be:39:ea:36:
         b2:77:15:27:8e:5d:80:c7:0b:82:dc:29:65:df:21:e4:4c:07:
         29:a7:42:7c:39:04:70:57:59:3d:8b:8f:b3:04:4a:be:19:56:
         9a:f9:3d:86
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUanUDLuiG2H4xLEn+gWFc8TfRDMgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTAwNjUyNDVaFw0yNjA2MDkwNjU3NDVaMDMxMTAvBgNV
BAMTKDdBOTUwQjhEQkQ1MTkwMkNFOTM4M0FBMUFFMkM5Q0M2ODZDQzZERjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx1W00zGCuYVN8Q1u5G7RVWO7U
lSdmbLdYVb4a0WtCv3FWiPwRYykIyeKpiXQQS2J5+70cmTcTCLlc5a56+UfHh7zd
9hd+JxpYUJezXXvnH5EtaAVShWPlGnAWS+AW/1EDX8pAQKEs9RTDHwD01w1sxqrA
m2NC35IdfeVjJ7TWsluQvKimPXCKexevFk573fspS4K+I8Oa8sRhtv9J+estkehR
jkeIcIP5Eyp8WvKuVTjLja2zxb6yVS5oiKqnoFl2z5WUaoJhA58SidM0XLuCIYG8
lEd9iTvMAzPD/KXdgOk52eWj6HcSYsRqSAKMRmHmJgDbFHd8MnMPZ7/rJl/nAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUepULjb1RkCzpODqhriycxobMbfIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAyMDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSFUsD
BABSGEwwDQYJKoZIhvcNAQELBQADggEBAErD2GrQiNwjtGL0Yoim+aPRik04M8tK
p5djRSiFHNfd2IT9uqOGnkQLDChhw4FbGzAeeRr4pIBlG/QNF7g9WVZXeItVhzfs
USxtNWWS0TpP3osZoj/tIJmZxtguhP06+4csLpSjZPZ8wsVHwA36WAXFCqsuCHta
Y6kPakbsJ0NV4EdhYOcB0u6Cl3ygfbffduLkTeXBdq6jjF3H3cZRMllM0w0ysfu+
Hu1hRpS8yUeOjecbO6hfBgA4YCSipIex9yZh5UpVNx35X8s1qwtxZpmUNwuMvjnq
NrJ3FSeOXYDHC4LcKWXfIeRMBymnQnw5BHBXWT2Lj7MESr4ZVpr5PYY=
-----END CERTIFICATE-----