Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS201078.roa
File:                     AS201078.roa (raw, json)
Hash identifier:          O3+qOY6J2D0kcwr2BlxidIRsDzP0Qi6lQchmHMFaKqI=
Subject key identifier:   67:38:88:3D:2C:3C:27:C4:85:F7:FE:D4:A0:EC:30:FE:58:C2:1B:A0
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       2B473FBCBD3F9534B6F1659FAB4943E3128CB23E
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS201078.roa
Signing time:             Tue 09 Jun 2026 10:07:27 +0000
ROA not before:           Tue 09 Jun 2026 10:02:27 +0000
ROA not after:            Tue 08 Jun 2027 10:07:27 +0000
asID:                     201078
IP address blocks:        51.146.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:47:3f:bc:bd:3f:95:34:b6:f1:65:9f:ab:49:43:e3:12:8c:b2:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  9 10:02:27 2026 GMT
            Not After : Jun  8 10:07:27 2027 GMT
        Subject: CN=6738883D2C3C27C485F7FED4A0EC30FE58C21BA0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:af:1d:21:bf:65:61:2c:73:3f:65:f2:72:b6:
                    c0:41:e1:46:44:7a:57:10:ad:00:d5:fc:77:a2:a5:
                    1d:e0:79:f9:8e:c6:86:11:38:88:94:61:f8:53:46:
                    54:5b:74:2d:e1:aa:a0:4f:85:90:6b:a7:08:d0:8c:
                    0e:44:63:1c:1c:a3:1e:a3:3b:88:80:ac:16:87:0c:
                    6f:f4:cc:ee:0f:3f:7f:26:71:f0:59:06:58:30:72:
                    c8:d3:92:c9:6b:90:e2:c0:57:25:a5:cd:bc:bb:82:
                    54:58:20:0d:85:f5:7a:4c:16:65:0a:e7:9c:d9:b5:
                    77:70:e3:53:6a:a3:0b:fb:aa:ac:91:85:db:58:ef:
                    2a:eb:0d:dd:42:00:34:aa:57:e7:58:de:35:0a:64:
                    6e:66:3f:74:95:ce:35:93:78:d4:92:a3:76:67:0d:
                    e2:57:1e:cd:61:b7:88:b3:97:93:53:bd:c3:3d:39:
                    d5:9e:f5:65:21:1e:c4:d9:c4:db:bb:70:90:83:e1:
                    7c:d5:50:07:51:c1:f5:a6:2b:16:82:27:5a:27:64:
                    93:ae:ca:40:9c:28:ca:9c:e4:9c:c4:e2:e3:90:bf:
                    f5:66:11:25:96:dc:ac:e8:2b:f0:9c:6f:54:a9:72:
                    6b:d1:16:ab:1a:00:35:94:4b:ee:37:dc:04:94:35:
                    f1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:38:88:3D:2C:3C:27:C4:85:F7:FE:D4:A0:EC:30:FE:58:C2:1B:A0
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS201078.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f0:45:cf:38:4a:81:8e:b8:aa:57:12:08:30:8d:fb:be:34:
         73:19:1e:12:9e:a8:d7:2b:82:1c:fb:ee:15:8d:23:f1:68:3d:
         1f:51:94:e2:06:54:c5:00:9a:f5:4a:c8:04:0b:c0:3c:6c:79:
         e8:98:0c:88:ae:bf:db:a9:bd:d9:6a:4c:e0:40:d4:ec:ea:a9:
         7c:95:f7:90:04:09:2a:54:3a:77:8e:31:4a:d7:47:8e:7f:bf:
         0a:ec:bf:1e:58:d8:ad:eb:57:81:0d:32:2b:70:c1:46:0c:2f:
         1f:1c:f7:2a:c5:96:9c:91:be:7d:16:ef:4b:ba:f9:26:42:c7:
         fe:25:14:e7:dc:c3:92:d8:ed:86:7a:a9:f3:ee:0f:a8:1f:d0:
         91:b9:27:27:32:29:64:4e:60:66:8b:95:16:44:f5:f0:ee:e6:
         f2:40:62:17:95:81:eb:88:54:21:41:dc:df:56:9e:82:de:77:
         be:cb:cc:a2:65:b3:44:e8:79:90:d4:39:c5:05:08:c1:9e:c8:
         61:85:d4:a3:34:e0:7c:72:38:8a:7b:d1:80:c1:7f:37:63:f6:
         f2:d0:0b:5a:e8:07:c2:9f:19:d8:09:f4:19:c2:aa:f9:85:e8:
         8c:1d:e6:4c:38:90:d0:8d:32:b7:9a:c4:ae:c3:04:b9:12:6f:
         6d:53:3d:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUK0c/vL0/lTS28WWfq0lD4xKMsj4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDkxMDAyMjdaFw0yNzA2MDgxMDA3MjdaMDMxMTAvBgNV
BAMTKDY3Mzg4ODNEMkMzQzI3QzQ4NUY3RkVENEEwRUMzMEZFNThDMjFCQTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmrx0hv2VhLHM/ZfJytsBB4UZE
elcQrQDV/HeipR3gefmOxoYROIiUYfhTRlRbdC3hqqBPhZBrpwjQjA5EYxwcox6j
O4iArBaHDG/0zO4PP38mcfBZBlgwcsjTkslrkOLAVyWlzby7glRYIA2F9XpMFmUK
55zZtXdw41Nqowv7qqyRhdtY7yrrDd1CADSqV+dY3jUKZG5mP3SVzjWTeNSSo3Zn
DeJXHs1ht4izl5NTvcM9OdWe9WUhHsTZxNu7cJCD4XzVUAdRwfWmKxaCJ1onZJOu
ykCcKMqc5JzE4uOQv/VmESWW3KzoK/Ccb1SpcmvRFqsaADWUS+433ASUNfEpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZziIPSw8J8SF9/7UoOww/ljCG6AwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjAxMDc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAM5JC
MA0GCSqGSIb3DQEBCwUAA4IBAQBJ8EXPOEqBjriqVxIIMI37vjRzGR4SnqjXK4Ic
++4VjSPxaD0fUZTiBlTFAJr1SsgEC8A8bHnomAyIrr/bqb3ZakzgQNTs6ql8lfeQ
BAkqVDp3jjFK10eOf78K7L8eWNit61eBDTIrcMFGDC8fHPcqxZackb59Fu9Luvkm
Qsf+JRTn3MOS2O2Geqnz7g+oH9CRuScnMilkTmBmi5UWRPXw7ubyQGIXlYHriFQh
QdzfVp6C3ne+y8yiZbNE6HmQ1DnFBQjBnshhhdSjNOB8cjiKe9GAwX83Y/by0Ata
6AfCnxnYCfQZwqr5heiMHeZMOJDQjTK3msSuwwS5Em9tUz2U
-----END CERTIFICATE-----