Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202437.roa
File:                     AS202437.roa (raw, json)
Hash identifier:          QjnX4TjYtb4xIkBrVVU0Wf4Re7D0DKsAsDpnHDngflM=
Subject key identifier:   68:83:E2:3B:F2:30:71:C5:D9:F8:B5:2A:6F:34:EA:62:6B:FC:63:48
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       40E5EF4A5CC6C70AADEB2B440C8B17C8F657FF47
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202437.roa
Signing time:             Tue 27 Jan 2026 16:08:53 +0000
ROA not before:           Tue 27 Jan 2026 16:03:53 +0000
ROA not after:            Tue 26 Jan 2027 16:08:53 +0000
asID:                     202437
IP address blocks:        2a0f:85c1:e20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:e5:ef:4a:5c:c6:c7:0a:ad:eb:2b:44:0c:8b:17:c8:f6:57:ff:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 27 16:03:53 2026 GMT
            Not After : Jan 26 16:08:53 2027 GMT
        Subject: CN=6883E23BF23071C5D9F8B52A6F34EA626BFC6348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:59:89:39:8d:1b:e7:d6:23:4b:eb:af:4e:a7:
                    ea:f5:c6:bd:74:4a:b3:72:13:2f:b7:c2:cb:a3:dc:
                    11:e1:95:8b:3c:b8:c6:62:57:10:75:8b:aa:c1:65:
                    0b:cc:76:e5:e8:df:d8:14:c9:d0:17:e4:57:5d:eb:
                    b0:66:68:b8:6d:fc:6a:a8:d0:d6:51:b3:42:15:87:
                    e8:48:bc:28:48:3e:2c:a4:d3:fa:2c:1f:29:55:06:
                    00:05:97:df:8d:13:88:1e:64:d9:d5:53:f5:77:05:
                    07:ee:ac:d5:3e:2a:af:b3:ba:6a:91:9e:92:2c:cc:
                    54:13:d3:84:27:85:bb:54:fa:93:21:c7:f4:82:8b:
                    32:89:3d:f6:c1:f3:3a:b0:17:01:56:c5:83:26:38:
                    d2:79:6c:03:88:30:ca:35:b5:98:5f:87:fb:cd:fa:
                    4b:73:c3:cd:f6:b7:f5:4f:1a:97:4c:d6:f5:46:95:
                    62:56:8b:34:5c:32:3c:fd:19:38:f6:04:84:67:d7:
                    f4:60:ec:ef:1c:a3:d2:f2:c3:3e:b0:ea:d6:04:90:
                    a7:5c:45:de:5c:10:06:a9:b1:7c:c9:eb:c0:85:73:
                    af:a3:96:d7:bc:31:b2:e2:cd:b7:91:2e:94:21:cf:
                    2b:c2:68:1e:5c:07:fb:68:bb:5a:b1:f8:51:84:de:
                    d0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:83:E2:3B:F2:30:71:C5:D9:F8:B5:2A:6F:34:EA:62:6B:FC:63:48
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:e20::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:1c:cb:95:fa:5e:5d:e5:bc:c0:03:0d:5b:a5:89:c4:1e:9d:
         e4:99:58:4c:4c:ef:6c:52:28:1d:ed:87:98:e2:ff:04:67:3d:
         ea:51:ae:ea:8a:10:5a:8e:5e:aa:ff:fd:2c:4e:d4:5e:0d:9b:
         27:89:3b:36:78:07:68:b5:1e:c1:6e:48:e8:8b:07:97:57:22:
         7f:68:02:89:33:67:4b:77:69:9d:31:f0:e4:fe:1d:70:34:13:
         02:f2:82:84:3b:f4:de:32:53:b1:54:74:f5:1d:04:28:3b:c2:
         08:df:80:41:5a:85:d1:b7:3c:2c:57:b1:1b:30:e2:79:d4:ed:
         e9:b6:0d:38:e8:8b:8b:53:7a:9b:87:8b:c3:cd:24:d0:4a:6b:
         e1:00:82:e0:b3:37:b9:af:76:4d:22:f9:fb:b8:28:8d:cf:4c:
         ec:11:33:b3:b0:3d:b2:3d:5a:bc:35:23:7c:7b:e2:a3:4c:a3:
         c6:9a:1d:22:d1:fe:27:4d:30:a8:5d:cd:1a:4a:7f:50:c1:3e:
         6c:b1:a2:bf:29:0c:37:85:06:21:1a:cf:93:74:3c:4c:56:2e:
         e8:6b:77:06:d7:f0:b9:c3:8f:8d:f4:65:0b:cf:6d:b9:1e:95:
         d6:42:0f:91:8c:e9:44:fc:28:06:e1:05:06:eb:d0:21:b1:6c:
         aa:a7:7e:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQOXvSlzGxwqt6ytEDIsXyPZX/0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMjcxNjAzNTNaFw0yNzAxMjYxNjA4NTNaMDMxMTAvBgNV
BAMTKDY4ODNFMjNCRjIzMDcxQzVEOUY4QjUyQTZGMzRFQTYyNkJGQzYzNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbWYk5jRvn1iNL669Op+r1xr10
SrNyEy+3wsuj3BHhlYs8uMZiVxB1i6rBZQvMduXo39gUydAX5Fdd67BmaLht/Gqo
0NZRs0IVh+hIvChIPiyk0/osHylVBgAFl9+NE4geZNnVU/V3BQfurNU+Kq+zumqR
npIszFQT04QnhbtU+pMhx/SCizKJPfbB8zqwFwFWxYMmONJ5bAOIMMo1tZhfh/vN
+ktzw832t/VPGpdM1vVGlWJWizRcMjz9GTj2BIRn1/Rg7O8co9Lywz6w6tYEkKdc
Rd5cEAapsXzJ68CFc6+jlte8MbLizbeRLpQhzyvCaB5cB/tou1qx+FGE3tAZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUaIPiO/IwccXZ+LUqbzTqYmv8Y0gwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjAyNDM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ4gMA0GCSqGSIb3DQEBCwUAA4IBAQA2HMuV+l5d5bzAAw1bpYnEHp3kmVhMTO9s
Uigd7YeY4v8EZz3qUa7qihBajl6q//0sTtReDZsniTs2eAdotR7BbkjoiweXVyJ/
aAKJM2dLd2mdMfDk/h1wNBMC8oKEO/TeMlOxVHT1HQQoO8II34BBWoXRtzwsV7Eb
MOJ51O3ptg046IuLU3qbh4vDzSTQSmvhAILgsze5r3ZNIvn7uCiNz0zsETOzsD2y
PVq8NSN8e+KjTKPGmh0i0f4nTTCoXc0aSn9QwT5ssaK/KQw3hQYhGs+TdDxMVi7o
a3cG1/C5w4+N9GULz225HpXWQg+RjOlE/CgG4QUG69AhsWyqp37V
-----END CERTIFICATE-----