Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204236.roa
File:                     AS204236.roa (raw, json)
Hash identifier:          sITs53yfzJXpWPFDE3HYaxLhajQ8q4M6shtzvVSvTwY=
Subject key identifier:   79:23:6B:33:E8:77:7B:15:32:8D:6D:49:88:F5:4F:B5:59:4A:14:D1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2623501F6C4960DEC0E32C9224CA71556E3BBCA0
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204236.roa
Signing time:             Sat 28 Feb 2026 18:25:33 +0000
ROA not before:           Sat 28 Feb 2026 18:20:33 +0000
ROA not after:            Sat 27 Feb 2027 18:25:33 +0000
asID:                     204236
IP address blocks:        185.108.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:23:50:1f:6c:49:60:de:c0:e3:2c:92:24:ca:71:55:6e:3b:bc:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 28 18:20:33 2026 GMT
            Not After : Feb 27 18:25:33 2027 GMT
        Subject: CN=79236B33E8777B15328D6D4988F54FB5594A14D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:72:10:db:5b:c0:93:16:0c:6e:44:46:fc:64:
                    6a:8f:40:c7:23:e7:4a:d9:fe:58:93:4c:a2:13:9a:
                    f3:9c:8f:c8:3f:17:1a:93:37:84:a7:7d:8e:95:00:
                    22:b9:38:2d:23:ba:3c:6d:57:be:e3:ca:93:ac:24:
                    20:a2:df:c3:0c:dd:96:80:d7:c7:76:fb:25:0a:9c:
                    fc:45:ba:d7:cf:b8:30:fe:81:35:25:1e:ca:f6:ab:
                    7a:87:db:a3:6a:e3:72:17:49:c3:cd:19:55:b2:16:
                    09:44:79:53:a6:37:e9:37:ad:6f:8f:fa:52:7d:59:
                    29:55:7f:72:40:7f:66:24:c2:a2:87:5f:6e:e9:79:
                    c2:b4:27:be:7c:83:36:da:2f:55:a2:73:46:e0:b5:
                    1d:bb:f6:0f:2d:d5:74:6f:63:1b:08:a7:18:63:62:
                    70:cf:15:21:d5:7d:cc:29:2d:69:02:ca:ca:8d:dd:
                    36:2d:f7:c7:1e:4d:77:d2:be:c7:dd:f9:04:0f:60:
                    06:e8:24:09:e9:24:98:e2:6d:de:0c:4a:b2:11:df:
                    ad:29:7e:fe:22:18:8a:c6:8f:d2:6d:96:f4:e8:31:
                    30:53:50:86:2c:c4:e9:5d:5b:a6:79:01:0a:ff:3d:
                    7c:1b:03:66:c7:5c:c1:0c:07:36:c1:c7:1a:59:86:
                    79:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:23:6B:33:E8:77:7B:15:32:8D:6D:49:88:F5:4F:B5:59:4A:14:D1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:e5:3f:7f:87:0b:ba:05:5a:71:59:d4:f6:28:ec:0a:96:2d:
         a1:19:61:31:ee:04:65:aa:5d:7f:a5:10:e5:70:51:08:49:4e:
         f8:6a:9d:cc:85:f6:6c:48:cd:28:5b:78:85:f2:ff:ab:85:17:
         23:bd:51:1d:d6:88:24:d1:f5:4f:42:63:33:5c:08:ac:82:0f:
         68:63:82:04:7d:14:8b:d4:1e:51:f0:75:ea:96:5b:f0:14:36:
         34:d2:78:a0:37:9f:20:1b:3c:dc:3d:72:1a:4a:a7:b6:9b:a5:
         34:58:20:17:6f:76:69:56:ff:38:c7:d9:f4:c6:27:96:cc:5b:
         43:9d:c1:c6:f9:a9:65:42:7c:f8:2e:b1:2f:7d:ee:46:eb:6e:
         36:5c:a7:07:1c:c6:02:da:ce:3a:12:91:ee:af:12:71:64:c7:
         2f:78:40:52:26:ea:71:9e:53:2c:04:57:c2:52:cf:b4:0b:ea:
         80:c2:12:fb:82:68:e1:cc:b1:a6:a6:cc:fa:12:3c:18:c7:ee:
         07:2d:10:e1:d3:31:b9:bd:55:3f:cb:12:44:70:1a:f7:50:a5:
         93:bb:83:5d:4f:f9:36:96:de:8f:14:63:41:9d:a2:a3:6a:3b:
         6d:f2:b9:f3:c6:9a:1d:80:8e:ca:b2:b4:4b:37:75:8e:19:a7:
         3c:b3:7e:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJiNQH2xJYN7A4yySJMpxVW47vKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMjgxODIwMzNaFw0yNzAyMjcxODI1MzNaMDMxMTAvBgNV
BAMTKDc5MjM2QjMzRTg3NzdCMTUzMjhENkQ0OTg4RjU0RkI1NTk0QTE0RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9chDbW8CTFgxuREb8ZGqPQMcj
50rZ/liTTKITmvOcj8g/FxqTN4SnfY6VACK5OC0jujxtV77jypOsJCCi38MM3ZaA
18d2+yUKnPxFutfPuDD+gTUlHsr2q3qH26Nq43IXScPNGVWyFglEeVOmN+k3rW+P
+lJ9WSlVf3JAf2YkwqKHX27pecK0J758gzbaL1Wic0bgtR279g8t1XRvYxsIpxhj
YnDPFSHVfcwpLWkCysqN3TYt98ceTXfSvsfd+QQPYAboJAnpJJjibd4MSrIR360p
fv4iGIrGj9JtlvToMTBTUIYsxOldW6Z5AQr/PXwbA2bHXMEMBzbBxxpZhnmRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeSNrM+h3exUyjW1JiPVPtVlKFNEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA0MjM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWyE
MA0GCSqGSIb3DQEBCwUAA4IBAQBu5T9/hwu6BVpxWdT2KOwKli2hGWEx7gRlql1/
pRDlcFEISU74ap3MhfZsSM0oW3iF8v+rhRcjvVEd1ogk0fVPQmMzXAisgg9oY4IE
fRSL1B5R8HXqllvwFDY00nigN58gGzzcPXIaSqe2m6U0WCAXb3ZpVv84x9n0xieW
zFtDncHG+allQnz4LrEvfe5G6242XKcHHMYC2s46EpHurxJxZMcveEBSJupxnlMs
BFfCUs+0C+qAwhL7gmjhzLGmpsz6EjwYx+4HLRDh0zG5vVU/yxJEcBr3UKWTu4Nd
T/k2lt6PFGNBnaKjajtt8rnzxpodgI7KsrRLN3WOGac8s36H
-----END CERTIFICATE-----