Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203997.roa
File:                     AS203997.roa (raw, json)
Hash identifier:          eIPBz4k7idV8eZ6r4CTP1RHfLmI9G0LRa3VrUeS62+g=
Subject key identifier:   77:E4:79:66:0F:DE:23:21:E7:4D:33:C9:DA:89:5A:74:38:13:77:15
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       40DA82D71E7231D2FD36755903BA26D9F859D9B0
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203997.roa
Signing time:             Mon 08 Jun 2026 07:02:01 +0000
ROA not before:           Mon 08 Jun 2026 06:57:01 +0000
ROA not after:            Mon 07 Jun 2027 07:02:01 +0000
asID:                     203997
IP address blocks:        78.105.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:da:82:d7:1e:72:31:d2:fd:36:75:59:03:ba:26:d9:f8:59:d9:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  8 06:57:01 2026 GMT
            Not After : Jun  7 07:02:01 2027 GMT
        Subject: CN=77E479660FDE2321E74D33C9DA895A7438137715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f4:6c:8e:78:d5:67:67:02:e2:74:00:11:e4:
                    fd:1c:b8:07:ca:3b:d7:99:dd:69:b9:4b:6c:4f:3c:
                    23:1b:a9:dc:e4:aa:77:07:9c:d6:47:85:0b:6a:11:
                    3b:2a:65:1b:1d:aa:c9:1f:f6:da:ef:b4:cf:29:6a:
                    63:52:a7:36:16:86:f5:93:b9:69:f7:3f:c4:4e:bc:
                    9d:7a:ae:95:28:e4:03:70:93:6e:a3:c9:22:a7:b4:
                    6c:25:e7:31:c8:63:40:91:f5:85:2b:54:e5:34:e5:
                    d1:fe:6d:aa:33:c0:fe:3f:30:10:79:39:eb:25:89:
                    4c:b8:8e:a7:33:8d:69:a9:61:ab:0b:55:80:61:42:
                    da:37:6d:76:a9:4e:ad:d6:36:dc:8c:dc:41:da:54:
                    04:14:ba:9a:ea:55:c7:01:cc:5b:30:46:73:8e:15:
                    a8:29:ec:51:63:df:b6:1b:7e:01:19:87:dd:e8:47:
                    1c:4e:ae:60:e2:fc:fc:dd:dd:31:98:90:cb:c3:7d:
                    12:d9:9f:6f:46:e7:c4:e8:f1:f2:4c:12:0e:ad:5f:
                    15:50:ce:3f:72:43:70:4d:64:e1:71:53:a4:92:b8:
                    ed:3b:d2:32:40:b9:9f:55:e9:d7:f8:b7:0c:15:a4:
                    8d:7a:50:07:da:d9:77:80:fc:34:0f:4a:85:b2:1d:
                    90:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E4:79:66:0F:DE:23:21:E7:4D:33:C9:DA:89:5A:74:38:13:77:15
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS203997.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:36:e5:4b:2b:11:13:4e:15:2a:03:6a:e3:a4:90:4a:7d:d2:
         4a:6e:ed:e5:a3:99:1c:3f:65:f9:60:f4:d5:46:0a:66:b3:8c:
         09:51:9b:fe:c1:f8:fe:09:69:12:db:55:ee:74:6b:2b:c4:82:
         45:20:35:66:3f:79:9e:80:fa:98:48:c9:4b:48:0a:a8:6f:23:
         70:bf:7d:db:99:09:a6:b7:66:37:6b:45:c5:e7:99:a4:d4:ec:
         ad:0c:39:55:f2:95:d4:f2:d2:86:b3:a0:dc:74:77:4d:0d:d1:
         02:bb:af:eb:c1:95:5e:11:14:18:8c:b4:2e:3a:9c:6b:13:11:
         3d:47:34:6b:a7:a4:2a:43:9a:7d:5b:73:c2:d1:06:dc:b4:8d:
         bb:bb:ac:df:75:d8:1f:89:49:d2:6f:07:1a:53:93:90:3b:17:
         a1:f1:cc:fb:cb:c4:b8:cb:e6:52:38:64:29:87:69:58:49:38:
         a9:1b:3c:46:76:ae:81:35:d1:a1:0c:71:10:eb:4b:be:cc:0f:
         86:00:9f:b0:d3:df:fa:9b:f8:e4:b6:6f:65:b5:f7:95:aa:e4:
         74:62:37:1e:dc:88:87:a6:8c:67:f8:9a:ba:96:75:b7:28:b6:
         09:7b:87:28:da:65:07:c5:3f:04:e4:e2:d0:fb:01:13:26:40:
         2f:c6:87:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQNqC1x5yMdL9NnVZA7om2fhZ2bAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDgwNjU3MDFaFw0yNzA2MDcwNzAyMDFaMDMxMTAvBgNV
BAMTKDc3RTQ3OTY2MEZERTIzMjFFNzREMzNDOURBODk1QTc0MzgxMzc3MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi9GyOeNVnZwLidAAR5P0cuAfK
O9eZ3Wm5S2xPPCMbqdzkqncHnNZHhQtqETsqZRsdqskf9trvtM8pamNSpzYWhvWT
uWn3P8ROvJ16rpUo5ANwk26jySKntGwl5zHIY0CR9YUrVOU05dH+baozwP4/MBB5
OesliUy4jqczjWmpYasLVYBhQto3bXapTq3WNtyM3EHaVAQUuprqVccBzFswRnOO
Fagp7FFj37YbfgEZh93oRxxOrmDi/Pzd3TGYkMvDfRLZn29G58To8fJMEg6tXxVQ
zj9yQ3BNZOFxU6SSuO070jJAuZ9V6df4twwVpI16UAfa2XeA/DQPSoWyHZDHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUd+R5Zg/eIyHnTTPJ2oladDgTdxUwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjAzOTk3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmmx
MA0GCSqGSIb3DQEBCwUAA4IBAQASNuVLKxETThUqA2rjpJBKfdJKbu3lo5kcP2X5
YPTVRgpms4wJUZv+wfj+CWkS21XudGsrxIJFIDVmP3megPqYSMlLSAqobyNwv33b
mQmmt2Y3a0XF55mk1OytDDlV8pXU8tKGs6DcdHdNDdECu6/rwZVeERQYjLQuOpxr
ExE9RzRrp6QqQ5p9W3PC0QbctI27u6zfddgfiUnSbwcaU5OQOxeh8cz7y8S4y+ZS
OGQph2lYSTipGzxGdq6BNdGhDHEQ60u+zA+GAJ+w09/6m/jktm9ltfeVquR0Yjce
3IiHpoxn+Jq6lnW3KLYJe4co2mUHxT8E5OLQ+wETJkAvxocj
-----END CERTIFICATE-----