Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203997.roa
File:                     AS203997.roa (raw, json)
Hash identifier:          qJv0OdY36mdf1eU+ECiq8XJQz6MUXf1zZhGbQw7ccJk=
Subject key identifier:   89:1A:A5:FB:14:04:4F:84:DE:45:F0:BF:AA:49:9C:A0:2B:75:63:F1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       51ACA1B390C2B9742773ED15248F87215490FCF9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203997.roa
Signing time:             Thu 04 Jun 2026 18:12:50 +0000
ROA not before:           Thu 04 Jun 2026 18:07:50 +0000
ROA not after:            Thu 03 Jun 2027 18:12:50 +0000
asID:                     203997
IP address blocks:        82.24.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ac:a1:b3:90:c2:b9:74:27:73:ed:15:24:8f:87:21:54:90:fc:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  4 18:07:50 2026 GMT
            Not After : Jun  3 18:12:50 2027 GMT
        Subject: CN=891AA5FB14044F84DE45F0BFAA499CA02B7563F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:28:e3:6f:18:08:80:02:87:7e:54:a7:fc:ec:
                    e4:02:98:43:e9:f6:60:98:7a:f4:99:6b:26:95:b1:
                    c3:c4:1e:79:c2:16:ca:21:ea:10:f1:7d:5f:82:5b:
                    be:a5:9b:10:5c:27:df:36:1b:24:b6:83:a7:f5:f2:
                    be:99:9a:e7:27:86:5d:e6:87:c7:32:74:76:7d:14:
                    47:76:cb:25:4e:9b:fc:de:15:5e:9d:f0:cc:9b:31:
                    51:0b:ef:71:44:85:79:cf:05:2b:14:7e:b2:e9:09:
                    2c:1b:74:92:03:28:60:89:32:24:a6:59:59:19:24:
                    c0:15:ed:84:10:03:4f:06:28:55:22:38:37:ce:61:
                    80:37:8c:df:63:4e:58:51:1f:d4:37:e5:de:05:9f:
                    bd:b0:12:88:c5:51:58:e0:8e:01:3d:b3:d7:28:4c:
                    e9:12:3d:94:3a:82:5d:a3:1a:43:d2:01:55:94:d1:
                    41:74:6c:e7:16:91:d5:1e:9b:b6:37:22:e3:b4:09:
                    1d:73:ab:b7:9c:21:84:f4:51:30:da:3f:25:58:0a:
                    87:7e:6a:e1:9b:a6:46:2c:58:0b:16:a0:90:c0:09:
                    cb:4b:a2:62:e0:39:06:f6:a4:a1:5b:33:2d:ca:f1:
                    24:fc:97:c9:7a:80:a6:f9:f9:1d:c2:54:1d:01:6f:
                    dc:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:1A:A5:FB:14:04:4F:84:DE:45:F0:BF:AA:49:9C:A0:2B:75:63:F1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203997.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.24.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:1f:c6:59:63:31:ca:e7:de:be:0d:1f:6c:13:c6:87:99:3d:
         5d:40:a8:24:84:d7:fd:ec:62:ec:7a:2c:5b:5b:5c:65:0d:06:
         ae:d1:3f:e2:67:d9:03:68:c6:0d:f3:6d:b3:a8:54:0f:ef:62:
         96:5a:50:58:94:8f:73:9c:fd:bc:be:1f:ca:60:37:d7:14:eb:
         5d:1c:aa:3d:be:a5:a2:81:25:04:23:12:41:77:60:23:94:df:
         3a:ba:dc:ba:f0:20:c5:b6:9b:24:7e:ba:20:29:0e:86:d8:98:
         ce:d7:7d:68:bf:07:1e:1e:b5:8d:08:a8:e1:92:72:98:92:69:
         11:ac:42:6b:f6:e4:fd:4c:c5:66:0f:c9:0e:71:e6:45:dd:9a:
         cd:36:0e:3e:36:65:fb:11:00:4f:e1:57:7f:61:fc:1b:c0:21:
         51:81:34:88:e8:97:3a:71:94:63:db:07:b1:2e:a7:3d:ce:f1:
         a0:34:63:4b:1b:07:a8:85:42:cf:66:69:12:e9:ac:39:88:31:
         d7:a5:de:7e:c7:e4:df:2e:d3:8e:79:29:08:81:54:bd:88:e0:
         f2:4c:98:5c:6f:11:b2:49:bc:7d:ef:27:d8:df:5b:54:69:4f:
         e0:d3:20:31:70:6d:af:70:36:f5:f9:c7:29:ec:06:1e:5a:59:
         20:4a:1d:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUayhs5DCuXQnc+0VJI+HIVSQ/PkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDQxODA3NTBaFw0yNzA2MDMxODEyNTBaMDMxMTAvBgNV
BAMTKDg5MUFBNUZCMTQwNDRGODRERTQ1RjBCRkFBNDk5Q0EwMkI3NTYzRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1KONvGAiAAod+VKf87OQCmEPp
9mCYevSZayaVscPEHnnCFsoh6hDxfV+CW76lmxBcJ982GyS2g6f18r6Zmucnhl3m
h8cydHZ9FEd2yyVOm/zeFV6d8MybMVEL73FEhXnPBSsUfrLpCSwbdJIDKGCJMiSm
WVkZJMAV7YQQA08GKFUiODfOYYA3jN9jTlhRH9Q35d4Fn72wEojFUVjgjgE9s9co
TOkSPZQ6gl2jGkPSAVWU0UF0bOcWkdUem7Y3IuO0CR1zq7ecIYT0UTDaPyVYCod+
auGbpkYsWAsWoJDACctLomLgOQb2pKFbMy3K8ST8l8l6gKb5+R3CVB0Bb9w7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiRql+xQET4TeRfC/qkmcoCt1Y/EwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAzOTk3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhiR
MA0GCSqGSIb3DQEBCwUAA4IBAQBMH8ZZYzHK596+DR9sE8aHmT1dQKgkhNf97GLs
eixbW1xlDQau0T/iZ9kDaMYN822zqFQP72KWWlBYlI9znP28vh/KYDfXFOtdHKo9
vqWigSUEIxJBd2AjlN86uty68CDFtpskfrogKQ6G2JjO131ovwceHrWNCKjhknKY
kmkRrEJr9uT9TMVmD8kOceZF3ZrNNg4+NmX7EQBP4Vd/YfwbwCFRgTSI6Jc6cZRj
2wexLqc9zvGgNGNLGweohULPZmkS6aw5iDHXpd5+x+TfLtOOeSkIgVS9iODyTJhc
bxGySbx97yfY31tUaU/g0yAxcG2vcDb1+ccp7AYeWlkgSh0a
-----END CERTIFICATE-----