Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS201276.roa
File:                     AS201276.roa (raw, json)
Hash identifier:          CRYiq0wAB2gyQUCBLDuVytSl/NAzQ4lqoMSOP7aHmUE=
Subject key identifier:   60:E3:6A:56:5C:81:76:EC:C5:4C:8A:60:07:CA:5E:26:F9:98:6C:05
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7ED4DC2B83E7442F74C7BF261974867F191A50D1
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS201276.roa
Signing time:             Sat 14 Feb 2026 09:30:37 +0000
ROA not before:           Sat 14 Feb 2026 09:25:37 +0000
ROA not after:            Sat 13 Feb 2027 09:30:37 +0000
asID:                     201276
IP address blocks:        91.199.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:34:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:d4:dc:2b:83:e7:44:2f:74:c7:bf:26:19:74:86:7f:19:1a:50:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 14 09:25:37 2026 GMT
            Not After : Feb 13 09:30:37 2027 GMT
        Subject: CN=60E36A565C8176ECC54C8A6007CA5E26F9986C05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b0:fa:d5:79:1c:c3:47:40:97:cb:ee:b2:01:
                    66:a1:f1:89:df:c3:a0:8e:88:3a:7a:11:b0:f9:63:
                    8f:1d:93:e3:dd:b7:ca:dd:23:b2:4c:bb:5f:01:f1:
                    5a:ea:22:cc:43:92:30:61:f9:ec:a3:dc:43:bf:3e:
                    01:b8:04:d7:5c:ed:48:56:7a:8b:26:3c:d8:4d:c9:
                    2b:23:89:94:21:a6:4a:02:50:fd:89:81:ab:b0:d9:
                    df:dc:cb:8e:fd:71:9c:c5:90:c7:ef:ff:a2:e8:4e:
                    ec:9c:6b:e4:e0:96:37:8b:99:c5:ad:f4:dd:70:93:
                    19:59:cb:36:ec:f5:c1:df:3e:1f:2d:49:c3:c5:fc:
                    0b:c6:e7:58:6c:4a:bd:1c:2c:ca:8e:b7:8f:f4:c5:
                    1b:21:ca:cf:38:65:2b:c0:cd:47:12:7d:f2:21:ec:
                    ca:21:ef:23:31:de:9d:d3:b3:c4:3f:fe:1f:8f:f5:
                    9f:43:a0:64:84:e2:a9:2d:52:07:b3:d2:f9:ef:f2:
                    b3:d4:ef:80:e5:f4:87:10:6d:54:79:52:04:92:fd:
                    45:cb:be:d0:ad:5c:83:a2:fe:6a:50:f4:2f:85:12:
                    6f:cd:0f:af:84:42:db:70:b0:a3:c8:a2:fc:a4:f2:
                    0b:61:56:07:37:fe:ba:db:72:7b:cf:a1:66:11:a4:
                    fc:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:E3:6A:56:5C:81:76:EC:C5:4C:8A:60:07:CA:5E:26:F9:98:6C:05
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS201276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:81:7d:a9:1f:c9:eb:d2:c3:02:75:28:e1:b5:21:8f:cc:86:
         fb:bc:2e:34:e8:ee:03:c6:b8:0d:b0:d9:5e:98:29:50:3b:ae:
         c4:9c:e7:79:e9:5e:a7:6f:da:f0:ee:9f:c6:fc:f8:21:fa:79:
         b9:12:82:e0:45:ff:f5:7d:db:4f:74:7b:d4:3e:fa:f1:44:d5:
         66:95:47:9b:55:28:83:a0:19:65:16:f6:23:fe:6c:27:6c:52:
         20:3e:a9:aa:30:17:6d:89:f4:7e:6f:3e:84:bc:0e:5e:51:4f:
         24:6a:83:e8:f8:b9:c0:7a:5a:8e:70:44:8b:ba:09:87:d0:aa:
         3a:ab:97:90:a4:4b:8c:e8:d1:f4:6d:7e:df:81:c8:ad:ba:4f:
         82:e8:41:5d:2f:8a:b9:9b:24:66:c5:06:a4:c9:2f:3a:c0:34:
         b9:f4:ca:b6:84:6e:79:ba:d7:08:df:30:d2:be:51:c0:72:5b:
         f4:90:92:82:7c:86:d8:f4:78:01:ef:81:36:c4:81:f2:50:79:
         60:1e:b5:7b:46:f2:cb:b5:88:72:a7:c0:53:a4:45:f1:df:c1:
         65:8b:a2:02:5a:b0:5c:d9:88:7b:8b:cf:19:e2:7c:0c:1e:9f:
         71:0f:34:3f:b1:4f:c4:b0:8e:2c:44:04:99:07:a8:af:65:b1:
         05:5c:54:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUftTcK4PnRC90x78mGXSGfxkaUNEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAyMTQwOTI1MzdaFw0yNzAyMTMwOTMwMzdaMDMxMTAvBgNV
BAMTKDYwRTM2QTU2NUM4MTc2RUNDNTRDOEE2MDA3Q0E1RTI2Rjk5ODZDMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCssPrVeRzDR0CXy+6yAWah8Ynf
w6COiDp6EbD5Y48dk+Pdt8rdI7JMu18B8VrqIsxDkjBh+eyj3EO/PgG4BNdc7UhW
eosmPNhNySsjiZQhpkoCUP2Jgauw2d/cy479cZzFkMfv/6LoTuyca+TgljeLmcWt
9N1wkxlZyzbs9cHfPh8tScPF/AvG51hsSr0cLMqOt4/0xRshys84ZSvAzUcSffIh
7Moh7yMx3p3Ts8Q//h+P9Z9DoGSE4qktUgez0vnv8rPU74Dl9IcQbVR5UgSS/UXL
vtCtXIOi/mpQ9C+FEm/ND6+EQttwsKPIovyk8gthVgc3/rrbcnvPoWYRpPxNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYONqVlyBduzFTIpgB8peJvmYbAUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAxMjc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8eo
MA0GCSqGSIb3DQEBCwUAA4IBAQDTgX2pH8nr0sMCdSjhtSGPzIb7vC406O4DxrgN
sNlemClQO67EnOd56V6nb9rw7p/G/Pgh+nm5EoLgRf/1fdtPdHvUPvrxRNVmlUeb
VSiDoBllFvYj/mwnbFIgPqmqMBdtifR+bz6EvA5eUU8kaoPo+LnAelqOcESLugmH
0Ko6q5eQpEuM6NH0bX7fgcituk+C6EFdL4q5myRmxQakyS86wDS59Mq2hG55utcI
3zDSvlHAclv0kJKCfIbY9HgB74E2xIHyUHlgHrV7RvLLtYhyp8BTpEXx38Fli6IC
WrBc2Yh7i88Z4nwMHp9xDzQ/sU/EsI4sRASZB6ivZbEFXFSE
-----END CERTIFICATE-----