Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS203656.roa
File:                     AS203656.roa (raw, json)
Hash identifier:          3zaERdFM9MP8zeYu1NdNn20ROpaWwKNaZULdm1aCN+w=
Subject key identifier:   65:2E:CA:5D:46:83:19:74:CF:A5:1F:15:C5:77:16:80:A4:23:C8:38
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       58A688CCD902DA984992370BB5CC74D0D8AFD1A0
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS203656.roa
Signing time:             Tue 14 Apr 2026 19:19:02 +0000
ROA not before:           Tue 14 Apr 2026 19:14:02 +0000
ROA not after:            Tue 13 Apr 2027 19:19:02 +0000
asID:                     203656
IP address blocks:        143.20.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:a6:88:cc:d9:02:da:98:49:92:37:0b:b5:cc:74:d0:d8:af:d1:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Apr 14 19:14:02 2026 GMT
            Not After : Apr 13 19:19:02 2027 GMT
        Subject: CN=652ECA5D46831974CFA51F15C5771680A423C838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3b:da:6a:f8:00:49:2a:f7:01:a1:c5:1a:0f:
                    aa:28:0e:3a:32:62:8b:39:bb:95:55:fd:79:9b:df:
                    45:05:4f:e8:71:5e:d0:f1:b1:ba:33:c9:87:a9:47:
                    50:8d:e2:29:9b:b8:a5:33:b5:8d:3c:c5:02:09:d9:
                    f2:02:1d:43:56:f4:ec:9f:92:c6:b1:d2:ee:ff:d0:
                    ba:0c:33:bf:12:31:81:48:42:7d:1c:82:07:fa:56:
                    c8:7f:d1:ea:f9:89:73:2b:25:f6:26:7e:cb:bd:58:
                    12:86:d2:8a:c2:2e:21:50:80:55:38:1a:06:6e:5b:
                    ba:64:04:3b:c7:d1:19:6c:4f:e6:0a:bb:45:a4:51:
                    ca:02:94:31:4b:de:26:fb:cd:12:35:86:4f:2c:63:
                    d5:de:9b:52:e3:3e:47:26:54:3a:d4:45:a5:55:8b:
                    02:ad:9c:39:ce:5d:9e:7d:b5:a2:28:98:c4:6f:f4:
                    e0:6b:30:54:8c:d6:9b:cf:2c:cb:16:d6:1e:20:73:
                    b7:f7:4b:c0:29:e1:fe:4c:d6:3b:35:7e:ef:58:c2:
                    2f:43:bc:6e:6b:b5:9a:e1:70:2f:72:42:e0:5a:b5:
                    36:91:cd:9e:75:d5:cc:12:e5:d2:e7:65:e9:ca:00:
                    41:9f:72:eb:73:da:97:7a:cf:bf:13:cf:e3:9f:4c:
                    eb:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:2E:CA:5D:46:83:19:74:CF:A5:1F:15:C5:77:16:80:A4:23:C8:38
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS203656.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:2b:ce:a9:79:6e:d3:5d:8e:10:07:62:80:ff:8c:47:a5:dd:
         30:14:7a:87:88:a9:73:15:4a:19:d6:01:e7:7f:c5:5e:d3:ac:
         88:14:16:8c:c0:7f:75:d9:dc:25:d3:1e:74:75:af:18:a2:6c:
         11:07:99:73:51:f5:71:b9:5c:4a:aa:0f:01:d4:bd:2a:35:3f:
         26:33:91:b8:87:e4:b3:db:cf:df:6a:27:bf:50:ec:d0:6c:53:
         b4:a1:1b:cb:8c:c4:f0:2b:b9:a4:31:75:37:8c:3a:7e:98:36:
         c9:c0:0b:9a:fc:d7:ea:ae:63:ab:4b:98:4e:82:a1:db:69:27:
         0d:1c:f5:1e:6b:53:9c:83:8d:f1:eb:aa:50:c6:7f:01:74:17:
         92:14:b2:67:35:ed:3b:7d:59:15:a7:94:2e:ee:3f:fa:ad:96:
         0f:ca:c3:fa:4b:1e:de:8d:34:cb:42:5f:6c:8c:d1:3d:fc:b9:
         98:21:60:aa:fd:fa:00:61:7e:cc:44:c4:55:0e:dd:eb:36:d4:
         32:96:16:6c:1a:0f:be:f0:46:2f:e0:54:2e:70:0a:de:ee:6c:
         6f:ad:ad:8b:14:d8:42:5b:ea:ed:0d:1d:73:f3:22:21:d4:06:
         2f:e2:06:ac:8a:5c:f8:7e:32:5d:1a:fb:91:54:ad:10:7c:39:
         e4:25:e0:f5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWKaIzNkC2phJkjcLtcx00Niv0aAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA0MTQxOTE0MDJaFw0yNzA0MTMxOTE5MDJaMDMxMTAvBgNV
BAMTKDY1MkVDQTVENDY4MzE5NzRDRkE1MUYxNUM1NzcxNjgwQTQyM0M4MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHO9pq+ABJKvcBocUaD6ooDjoy
Yos5u5VV/Xmb30UFT+hxXtDxsbozyYepR1CN4imbuKUztY08xQIJ2fICHUNW9Oyf
ksax0u7/0LoMM78SMYFIQn0cggf6Vsh/0er5iXMrJfYmfsu9WBKG0orCLiFQgFU4
GgZuW7pkBDvH0RlsT+YKu0WkUcoClDFL3ib7zRI1hk8sY9Xem1LjPkcmVDrURaVV
iwKtnDnOXZ59taIomMRv9OBrMFSM1pvPLMsW1h4gc7f3S8Ap4f5M1js1fu9Ywi9D
vG5rtZrhcC9yQuBatTaRzZ511cwS5dLnZenKAEGfcutz2pd6z78Tz+OfTOuVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUZS7KXUaDGXTPpR8VxXcWgKQjyDgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjAzNjU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSx
MA0GCSqGSIb3DQEBCwUAA4IBAQAmK86peW7TXY4QB2KA/4xHpd0wFHqHiKlzFUoZ
1gHnf8Ve06yIFBaMwH912dwl0x50da8YomwRB5lzUfVxuVxKqg8B1L0qNT8mM5G4
h+Sz28/faie/UOzQbFO0oRvLjMTwK7mkMXU3jDp+mDbJwAua/NfqrmOrS5hOgqHb
aScNHPUea1Ocg43x66pQxn8BdBeSFLJnNe07fVkVp5Qu7j/6rZYPysP6Sx7ejTTL
Ql9sjNE9/LmYIWCq/foAYX7MRMRVDt3rNtQylhZsGg++8EYv4FQucAre7mxvra2L
FNhCW+rtDR1z8yIh1AYv4gasilz4fjJdGvuRVK0QfDnkJeD1
-----END CERTIFICATE-----