Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS207343.roa
File:                     AS207343.roa (raw, json)
Hash identifier:          mY7wwtioLcC1iQGbr9F4mH3V+OdOc+roWn3ZWoae1ro=
Subject key identifier:   29:9E:99:CA:8E:8F:C9:53:27:82:49:6B:F6:FF:64:B0:CD:EC:51:A1
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       25BAAE0ADBEE8047FD8299BF61A402561A267640
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS207343.roa
Signing time:             Thu 04 Jun 2026 11:33:48 +0000
ROA not before:           Thu 04 Jun 2026 11:28:48 +0000
ROA not after:            Thu 03 Jun 2027 11:33:48 +0000
asID:                     207343
IP address blocks:        188.220.63.0/24 maxlen: 24
                          188.220.213.0/24 maxlen: 24
                          188.221.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:ba:ae:0a:db:ee:80:47:fd:82:99:bf:61:a4:02:56:1a:26:76:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  4 11:28:48 2026 GMT
            Not After : Jun  3 11:33:48 2027 GMT
        Subject: CN=299E99CA8E8FC9532782496BF6FF64B0CDEC51A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fd:39:de:65:3f:69:bf:c9:e2:f0:d1:e8:df:
                    c9:d5:7e:1e:51:27:3d:c7:2e:9c:af:28:d1:42:ae:
                    31:c4:55:49:bb:aa:fe:1f:b5:f8:ea:1a:14:57:9f:
                    d5:02:12:52:b6:7b:77:da:8b:27:b4:8a:f5:4a:50:
                    20:25:e2:dd:47:43:3e:dd:82:b0:c6:85:1d:48:a3:
                    f3:04:4b:92:5a:d0:0a:ba:f6:6e:af:3f:06:08:1b:
                    ad:2a:f5:34:4a:c2:74:79:33:e7:42:28:60:4c:a3:
                    6d:1a:ed:03:8a:05:c3:16:00:ee:38:56:40:09:34:
                    00:d6:84:b9:59:89:c2:27:5c:93:4f:b8:05:a8:b8:
                    33:ac:2f:42:cf:3c:2d:8c:70:89:6a:11:df:30:06:
                    cc:7a:51:90:44:c6:59:d7:b4:0b:f4:00:ec:fb:88:
                    41:27:b1:2d:5b:33:7d:38:f9:d5:71:c1:1b:44:9c:
                    fa:9e:b1:54:80:c6:3e:22:95:3d:b2:6f:4f:88:3d:
                    88:d2:17:f1:2b:c6:65:f3:ae:64:c5:c0:6f:1d:8f:
                    d8:c2:6c:ad:4f:96:dd:e2:3d:35:de:60:00:9a:a4:
                    f8:3a:8a:a4:b0:ac:3e:66:9b:5a:3b:1c:c1:f9:b8:
                    d6:93:39:32:51:25:44:fd:da:8f:4f:50:f5:87:1e:
                    43:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9E:99:CA:8E:8F:C9:53:27:82:49:6B:F6:FF:64:B0:CD:EC:51:A1
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS207343.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.63.0/24
                  188.220.213.0/24
                  188.221.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:0f:5f:23:41:fc:9b:0c:9f:87:77:f6:0b:70:3f:ca:6b:d2:
         db:c7:32:c2:96:21:b5:c8:4a:74:91:4a:4b:d8:77:49:88:ba:
         b4:50:e2:d0:12:a6:49:8c:7e:76:83:c0:1f:f6:b8:fd:b3:64:
         2f:39:92:f8:d9:be:ee:08:11:97:e7:e7:21:42:53:55:63:1d:
         dd:a0:7a:c6:ea:01:a7:ea:ff:bf:c0:49:73:00:e3:21:c6:bf:
         29:1d:6f:ba:8e:45:43:df:c2:58:59:65:22:7d:21:2e:40:12:
         cb:c1:fa:4b:08:5a:f1:35:36:d3:b3:b4:b4:bd:6f:44:64:8d:
         31:27:20:5e:0a:73:f3:a3:59:a0:8e:0f:fe:a9:2f:6e:52:5b:
         54:1a:77:65:aa:8a:80:10:27:c2:9e:b5:af:39:0c:b3:cd:ce:
         3f:84:f3:30:a7:1d:ef:3a:27:b8:70:5d:55:ec:ed:ea:7c:4a:
         a4:92:3a:6d:8f:f7:52:4a:4d:bd:f7:db:55:d9:08:a7:b7:4c:
         0a:64:38:ac:da:d8:55:17:b5:2e:ec:74:22:93:7c:1a:2e:6f:
         9b:58:c1:e3:3b:cc:13:43:b7:b3:38:af:b6:43:77:7b:06:5b:
         2b:17:33:9d:c1:6c:e8:d0:c6:9e:66:1a:c6:ad:91:7a:50:ec:
         b5:23:cc:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUJbquCtvugEf9gpm/YaQCVhomdkAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDQxMTI4NDhaFw0yNzA2MDMxMTMzNDhaMDMxMTAvBgNV
BAMTKDI5OUU5OUNBOEU4RkM5NTMyNzgyNDk2QkY2RkY2NEIwQ0RFQzUxQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL/TneZT9pv8ni8NHo38nVfh5R
Jz3HLpyvKNFCrjHEVUm7qv4ftfjqGhRXn9UCElK2e3faiye0ivVKUCAl4t1HQz7d
grDGhR1Io/MES5Ja0Aq69m6vPwYIG60q9TRKwnR5M+dCKGBMo20a7QOKBcMWAO44
VkAJNADWhLlZicInXJNPuAWouDOsL0LPPC2McIlqEd8wBsx6UZBExlnXtAv0AOz7
iEEnsS1bM304+dVxwRtEnPqesVSAxj4ilT2yb0+IPYjSF/ErxmXzrmTFwG8dj9jC
bK1Plt3iPTXeYACapPg6iqSwrD5mm1o7HMH5uNaTOTJRJUT92o9PUPWHHkOvAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUKZ6Zyo6PyVMngklr9v9ksM3sUaEwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjA3MzQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvNw/
AwQAvNzVAwQAvN21MA0GCSqGSIb3DQEBCwUAA4IBAQBDD18jQfybDJ+Hd/YLcD/K
a9LbxzLCliG1yEp0kUpL2HdJiLq0UOLQEqZJjH52g8Af9rj9s2QvOZL42b7uCBGX
5+chQlNVYx3doHrG6gGn6v+/wElzAOMhxr8pHW+6jkVD38JYWWUifSEuQBLLwfpL
CFrxNTbTs7S0vW9EZI0xJyBeCnPzo1mgjg/+qS9uUltUGndlqoqAECfCnrWvOQyz
zc4/hPMwpx3vOie4cF1V7O3qfEqkkjptj/dSSk2999tV2Qint0wKZDis2thVF7Uu
7HQik3waLm+bWMHjO8wTQ7ezOK+2Q3d7BlsrFzOdwWzo0MaeZhrGrZF6UOy1I8zU
-----END CERTIFICATE-----