Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203113.roa
File:                     AS203113.roa (raw, json)
Hash identifier:          L80tVyn+TpiS2rKZhhRnZTpcLm9TL3tK6oYjjo4SUd8=
Subject key identifier:   D1:EA:AE:2C:8A:F8:78:D1:67:EA:F1:BB:9F:55:E5:0A:DE:B5:D6:08
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       6324B1D7175946FA20E9008DCF7C7CA4410EB41A
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203113.roa
Signing time:             Thu 04 Jun 2026 11:32:15 +0000
ROA not before:           Thu 04 Jun 2026 11:27:15 +0000
ROA not after:            Thu 03 Jun 2027 11:32:15 +0000
asID:                     203113
IP address blocks:        51.146.7.0/24 maxlen: 24
                          188.220.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:24:b1:d7:17:59:46:fa:20:e9:00:8d:cf:7c:7c:a4:41:0e:b4:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  4 11:27:15 2026 GMT
            Not After : Jun  3 11:32:15 2027 GMT
        Subject: CN=D1EAAE2C8AF878D167EAF1BB9F55E50ADEB5D608
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:91:c9:b6:4b:20:47:c0:f9:4d:b1:c7:36:97:
                    06:46:0c:37:5d:e6:92:10:bb:bf:4b:de:df:e3:9e:
                    38:c9:c7:8f:95:fc:ea:2a:ae:40:53:f5:aa:12:0a:
                    89:35:31:46:22:22:f4:e2:23:ca:14:66:31:2a:df:
                    15:ad:d8:81:97:41:30:32:35:96:ce:73:7b:9f:50:
                    42:70:c1:ad:7e:a4:33:e7:73:8d:b2:ed:c9:52:eb:
                    f4:d9:5d:8b:22:d2:da:b3:3e:41:59:51:24:b7:e6:
                    34:e7:59:ca:7b:29:82:92:ff:4e:7b:48:58:c1:c7:
                    43:bb:b8:76:92:17:3c:b0:da:47:bd:f8:a8:3a:d2:
                    03:99:1a:76:97:03:68:12:db:45:af:99:11:b8:6a:
                    78:ff:b0:36:d3:e5:57:9b:8f:b9:d7:09:e8:51:15:
                    a0:07:0d:98:bf:cf:1b:44:16:d4:91:63:eb:d4:e2:
                    94:40:00:be:07:2f:9f:9e:53:7b:7b:94:04:2a:09:
                    0b:05:91:2f:06:d0:e0:3d:98:bb:15:78:51:7f:00:
                    cf:98:54:18:0c:0a:f2:ff:57:95:ad:3d:4d:fa:5f:
                    76:4b:61:22:b8:ec:6c:52:95:6c:3e:81:76:cf:12:
                    78:00:24:07:bc:c8:0f:f6:ea:4b:90:6e:bd:81:c6:
                    f4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:EA:AE:2C:8A:F8:78:D1:67:EA:F1:BB:9F:55:E5:0A:DE:B5:D6:08
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203113.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.7.0/24
                  188.220.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:b9:18:ab:d8:7e:7e:ac:b8:16:5e:47:28:c9:27:bb:a3:79:
         9e:89:7e:fa:03:e3:20:46:1a:50:73:85:eb:c7:02:74:9a:72:
         cf:9a:18:72:2b:24:eb:14:3a:62:d0:5c:03:f1:1c:c3:3f:4d:
         eb:1e:46:07:73:5d:a6:e2:59:da:68:2a:3d:3b:32:8c:31:bd:
         0e:3c:a9:d4:0d:67:fa:cd:bd:58:a1:fe:0a:b5:99:94:65:17:
         18:dd:71:46:79:87:a7:5e:ef:b6:2a:1c:ee:70:c3:63:a9:3f:
         5d:f0:f0:0a:9e:b4:03:61:6f:87:89:6b:a0:4b:35:b1:02:b3:
         ac:62:62:c6:9d:92:b0:47:cc:d2:6a:c3:42:90:94:13:7b:cb:
         4a:a3:b0:95:dc:a2:28:30:25:98:f6:41:51:6c:8a:0f:89:ec:
         4a:a8:d6:e5:09:d8:61:52:86:7e:42:87:93:ea:fe:2e:19:6d:
         26:6c:07:dc:f8:c1:06:62:0f:26:0a:2f:e5:50:aa:9f:e7:e3:
         77:fb:a0:bb:1b:6d:57:22:f7:45:45:5e:57:75:18:c8:b6:60:
         8d:7a:2d:5c:82:e4:6c:46:d8:f4:5f:f7:f4:83:f8:58:45:2f:
         36:05:1a:e0:f9:b7:97:5e:d9:34:80:9a:3d:3e:e5:79:d8:4b:
         87:ca:70:cd
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUYySx1xdZRvog6QCNz3x8pEEOtBowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDQxMTI3MTVaFw0yNzA2MDMxMTMyMTVaMDMxMTAvBgNV
BAMTKEQxRUFBRTJDOEFGODc4RDE2N0VBRjFCQjlGNTVFNTBBREVCNUQ2MDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnkcm2SyBHwPlNscc2lwZGDDdd
5pIQu79L3t/jnjjJx4+V/OoqrkBT9aoSCok1MUYiIvTiI8oUZjEq3xWt2IGXQTAy
NZbOc3ufUEJwwa1+pDPnc42y7clS6/TZXYsi0tqzPkFZUSS35jTnWcp7KYKS/057
SFjBx0O7uHaSFzyw2ke9+Kg60gOZGnaXA2gS20WvmRG4anj/sDbT5Vebj7nXCehR
FaAHDZi/zxtEFtSRY+vU4pRAAL4HL5+eU3t7lAQqCQsFkS8G0OA9mLsVeFF/AM+Y
VBgMCvL/V5WtPU36X3ZLYSK47GxSlWw+gXbPEngAJAe8yA/26kuQbr2BxvQnAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU0equLIr4eNFn6vG7n1XlCt611ggwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjAzMTEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAM5IH
AwQAvNzXMA0GCSqGSIb3DQEBCwUAA4IBAQBSuRir2H5+rLgWXkcoySe7o3meiX76
A+MgRhpQc4XrxwJ0mnLPmhhyKyTrFDpi0FwD8RzDP03rHkYHc12m4lnaaCo9OzKM
Mb0OPKnUDWf6zb1Yof4KtZmUZRcY3XFGeYenXu+2KhzucMNjqT9d8PAKnrQDYW+H
iWugSzWxArOsYmLGnZKwR8zSasNCkJQTe8tKo7CV3KIoMCWY9kFRbIoPiexKqNbl
CdhhUoZ+QoeT6v4uGW0mbAfc+MEGYg8mCi/lUKqf5+N3+6C7G21XIvdFRV5XdRjI
tmCNei1cguRsRtj0X/f0g/hYRS82BRrg+beXXtk0gJo9PuV52EuHynDN
-----END CERTIFICATE-----