Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203075.roa
File:                     AS203075.roa (raw, json)
Hash identifier:          chuLfFz17g+DTm8c2u9y1TuyUiFpnrsg8yaY0F+w0rk=
Subject key identifier:   97:B7:19:CC:70:D4:8D:DB:E9:31:10:FD:03:B2:70:5B:4B:2D:0E:11
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       7A15649BD010FB278B0E6DCFE936CD95D2213B2A
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203075.roa
Signing time:             Tue 09 Jun 2026 14:31:44 +0000
ROA not before:           Tue 09 Jun 2026 14:26:44 +0000
ROA not after:            Tue 08 Jun 2027 14:31:44 +0000
asID:                     203075
IP address blocks:        188.221.96.0/24 maxlen: 24
                          188.221.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:15:64:9b:d0:10:fb:27:8b:0e:6d:cf:e9:36:cd:95:d2:21:3b:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  9 14:26:44 2026 GMT
            Not After : Jun  8 14:31:44 2027 GMT
        Subject: CN=97B719CC70D48DDBE93110FD03B2705B4B2D0E11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fc:29:de:39:d2:0f:53:0f:6f:84:b4:24:8f:
                    e4:38:71:d6:35:b7:3e:ac:fd:68:5d:b0:a5:0a:e2:
                    ce:d2:53:3f:df:e0:9e:61:0e:19:1e:d3:29:c5:33:
                    76:2d:51:9c:9c:be:42:a8:51:c4:fe:24:d3:65:ed:
                    e1:ea:96:e7:31:bd:68:79:b7:0c:b6:e6:01:f8:1c:
                    8e:3c:51:b3:a7:4d:f9:83:b8:1c:e9:e6:ee:bc:1c:
                    68:a0:c1:c2:00:01:85:6d:51:7d:d3:83:d5:0b:74:
                    58:a6:cd:aa:a9:b3:24:9d:de:b8:83:44:15:8e:03:
                    64:92:7e:6d:40:30:03:e8:f5:dc:9b:18:ee:0f:78:
                    08:13:22:c4:9d:23:c8:aa:21:7b:10:3c:6c:46:11:
                    5f:40:fd:34:a5:ac:c6:b9:1f:3f:b2:33:1c:21:99:
                    c9:e9:84:22:fa:39:3a:c3:ab:5d:0d:93:04:5d:e2:
                    66:90:c5:86:7a:83:3a:a6:9d:a0:be:92:a7:4e:4d:
                    f8:5e:ec:51:de:1d:9d:9d:e7:90:3b:41:29:42:58:
                    53:de:c8:08:fa:be:f1:9c:47:ee:a6:d3:64:e6:16:
                    2d:30:2c:48:8d:14:09:5f:f7:0a:ef:70:47:d8:e6:
                    a6:21:5a:a1:0e:5e:6c:31:70:4c:3a:5c:37:98:b7:
                    0f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:B7:19:CC:70:D4:8D:DB:E9:31:10:FD:03:B2:70:5B:4B:2D:0E:11
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.221.96.0/24
                  188.221.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:07:df:19:05:10:f5:80:87:03:20:37:91:d8:2d:0e:20:8f:
         4e:b6:9c:a7:f1:a0:b2:6e:35:ff:c9:4a:78:d1:8f:89:57:2f:
         9f:2b:9c:67:4a:ab:00:8b:9a:b9:de:44:8f:81:08:31:02:0a:
         b6:77:1e:96:9c:df:b0:3d:9e:ae:3a:48:a5:d2:7d:25:94:19:
         89:e4:6f:69:dd:23:c8:ca:a0:9c:44:68:a1:94:04:30:84:5a:
         ea:f1:90:7c:40:72:9e:85:e0:b7:fb:00:ab:51:f6:56:4d:0f:
         cc:c9:13:36:af:4c:8b:f5:3b:9e:b3:ce:b1:0f:04:21:cb:84:
         eb:f9:62:e7:20:93:1e:e2:66:80:ce:bf:88:dd:db:2a:e5:c7:
         f0:7b:40:a7:e5:c2:d6:f6:c4:41:05:c1:c4:00:b9:e1:c7:cf:
         be:d9:e3:70:00:09:a7:ff:84:1f:dc:db:b4:96:3a:92:48:90:
         7c:70:c6:b0:23:fd:dd:83:3c:30:7d:3f:dc:ed:c3:37:41:a4:
         2e:22:69:38:a6:71:f9:61:a6:00:64:e2:06:a3:7c:b0:7d:f2:
         34:78:d3:1c:2f:b7:68:0b:83:28:52:bb:e6:25:6d:40:3e:13:
         89:29:ff:80:b7:e9:52:b7:0c:5a:f6:34:76:d0:d5:8a:21:7f:
         0f:9e:b0:15
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUehVkm9AQ+yeLDm3P6TbNldIhOyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDkxNDI2NDRaFw0yNzA2MDgxNDMxNDRaMDMxMTAvBgNV
BAMTKDk3QjcxOUNDNzBENDhEREJFOTMxMTBGRDAzQjI3MDVCNEIyRDBFMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCM/CneOdIPUw9vhLQkj+Q4cdY1
tz6s/WhdsKUK4s7SUz/f4J5hDhke0ynFM3YtUZycvkKoUcT+JNNl7eHqlucxvWh5
twy25gH4HI48UbOnTfmDuBzp5u68HGigwcIAAYVtUX3Tg9ULdFimzaqpsySd3riD
RBWOA2SSfm1AMAPo9dybGO4PeAgTIsSdI8iqIXsQPGxGEV9A/TSlrMa5Hz+yMxwh
mcnphCL6OTrDq10NkwRd4maQxYZ6gzqmnaC+kqdOTfhe7FHeHZ2d55A7QSlCWFPe
yAj6vvGcR+6m02TmFi0wLEiNFAlf9wrvcEfY5qYhWqEOXmwxcEw6XDeYtw+hAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUl7cZzHDUjdvpMRD9A7JwW0stDhEwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjAzMDc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvN1g
AwQAvN2LMA0GCSqGSIb3DQEBCwUAA4IBAQASB98ZBRD1gIcDIDeR2C0OII9Otpyn
8aCybjX/yUp40Y+JVy+fK5xnSqsAi5q53kSPgQgxAgq2dx6WnN+wPZ6uOkil0n0l
lBmJ5G9p3SPIyqCcRGihlAQwhFrq8ZB8QHKeheC3+wCrUfZWTQ/MyRM2r0yL9Tue
s86xDwQhy4Tr+WLnIJMe4maAzr+I3dsq5cfwe0Cn5cLW9sRBBcHEALnhx8++2eNw
AAmn/4Qf3Nu0ljqSSJB8cMawI/3dgzwwfT/c7cM3QaQuImk4pnH5YaYAZOIGo3yw
ffI0eNMcL7doC4MoUrvmJW1APhOJKf+At+lStwxa9jR20NWKIX8PnrAV
-----END CERTIFICATE-----