Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207019.roa
File:                     AS207019.roa (raw, json)
Hash identifier:          K/cgfRAsrpuY7ZRvBftgRklw2IoMqEQD2mqUfRfgTJg=
Subject key identifier:   EE:44:29:83:D1:B3:07:BE:0D:A6:5C:3A:13:9E:11:CB:F6:B1:C7:95
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2225CBAADE1827BB17636EB315AFE55632AD383A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207019.roa
Signing time:             Tue 24 Mar 2026 06:35:33 +0000
ROA not before:           Tue 24 Mar 2026 06:30:33 +0000
ROA not after:            Tue 23 Mar 2027 06:35:33 +0000
asID:                     207019
IP address blocks:        143.14.22.0/24 maxlen: 24
                          168.222.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:25:cb:aa:de:18:27:bb:17:63:6e:b3:15:af:e5:56:32:ad:38:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 24 06:30:33 2026 GMT
            Not After : Mar 23 06:35:33 2027 GMT
        Subject: CN=EE442983D1B307BE0DA65C3A139E11CBF6B1C795
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:53:0f:f7:cd:d8:88:a2:44:40:c0:d7:32:89:
                    6e:9e:60:42:a5:10:e7:d6:88:c5:ae:49:74:cf:a9:
                    b7:f3:9a:c9:be:12:3a:e8:82:07:36:4d:07:26:85:
                    f2:79:ac:b9:51:6e:37:bb:cb:15:64:06:b7:95:ba:
                    f9:bc:5d:44:7d:7e:11:c9:8f:41:02:7c:41:04:e6:
                    09:96:39:20:08:4f:4e:cb:12:65:c0:ab:9f:ed:aa:
                    0c:f5:40:52:12:74:72:6c:ca:94:50:0b:aa:49:c0:
                    88:6d:06:ff:32:56:85:b0:61:30:c1:39:79:63:b4:
                    f2:41:1a:a8:94:b3:5c:97:ef:7e:09:80:77:a2:59:
                    86:38:91:7d:57:08:ea:76:00:1e:73:98:95:a2:c6:
                    e1:06:ef:6c:40:e0:3d:ec:51:63:45:c9:5f:d9:9c:
                    6e:58:c0:5d:1f:36:2f:60:27:ec:cc:28:41:cb:c1:
                    11:44:52:ca:7d:81:a9:2a:5e:2e:2f:74:21:3e:58:
                    41:7c:0e:41:19:6f:1f:69:cf:bb:06:36:7d:a5:7f:
                    97:76:95:dd:5c:21:9b:5a:77:ef:9d:02:a8:09:63:
                    1b:2e:3a:76:23:98:92:88:e1:b8:5c:ee:76:a7:b3:
                    9d:b1:74:55:44:21:7e:a3:d1:0c:44:a3:d1:f3:9f:
                    4f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:44:29:83:D1:B3:07:BE:0D:A6:5C:3A:13:9E:11:CB:F6:B1:C7:95
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207019.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.22.0/24
                  168.222.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:39:e7:fd:14:12:26:f0:8a:32:ea:82:63:39:cd:ab:c0:b3:
         a0:e4:d1:85:77:5d:b7:e9:bb:ff:c8:d0:3d:95:21:93:ef:ec:
         5a:1e:29:39:60:4c:2e:1a:16:79:8e:a5:65:02:76:cd:03:09:
         51:6d:ef:fe:47:de:af:2a:be:6a:8f:f1:53:81:81:30:dc:81:
         8a:02:ef:8a:56:d7:9f:40:42:19:68:27:82:48:3c:15:49:8c:
         4a:cf:ba:51:b8:f6:f7:9c:8c:bb:a0:f9:06:be:ab:73:f3:03:
         7f:2f:4d:d2:01:df:58:73:dd:80:3c:14:cb:57:96:85:02:ae:
         49:cd:86:87:af:a4:99:ba:5b:ad:db:6a:50:e9:32:11:e1:94:
         27:8e:ac:97:dc:32:84:57:ef:61:48:5c:52:2c:72:5e:a9:ea:
         59:bf:cd:f0:07:73:25:f2:9a:67:24:d9:5a:44:46:e3:63:07:
         a6:23:9f:3d:e8:40:d2:08:ee:37:8b:73:56:d9:54:98:72:77:
         a6:80:21:e9:7e:61:21:7a:9a:8e:7c:a9:a1:af:bd:4a:7e:ac:
         49:6d:62:8d:7c:1c:9a:83:c9:5c:89:32:b4:e8:b5:e1:c2:ee:
         d2:67:3f:46:ba:1f:47:2f:5a:c4:82:ee:3c:ca:9c:da:4d:4e:
         a1:85:bf:c1
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUIiXLqt4YJ7sXY26zFa/lVjKtODowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjQwNjMwMzNaFw0yNzAzMjMwNjM1MzNaMDMxMTAvBgNV
BAMTKEVFNDQyOTgzRDFCMzA3QkUwREE2NUMzQTEzOUUxMUNCRjZCMUM3OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsUw/3zdiIokRAwNcyiW6eYEKl
EOfWiMWuSXTPqbfzmsm+Ejroggc2TQcmhfJ5rLlRbje7yxVkBreVuvm8XUR9fhHJ
j0ECfEEE5gmWOSAIT07LEmXAq5/tqgz1QFISdHJsypRQC6pJwIhtBv8yVoWwYTDB
OXljtPJBGqiUs1yX734JgHeiWYY4kX1XCOp2AB5zmJWixuEG72xA4D3sUWNFyV/Z
nG5YwF0fNi9gJ+zMKEHLwRFEUsp9gakqXi4vdCE+WEF8DkEZbx9pz7sGNn2lf5d2
ld1cIZtad++dAqgJYxsuOnYjmJKI4bhc7nans52xdFVEIX6j0QxEo9Hzn087AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU7kQpg9GzB74Nplw6E54Ry/axx5UwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA3MDE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw4W
AwQAqN5vMA0GCSqGSIb3DQEBCwUAA4IBAQCOOef9FBIm8Ioy6oJjOc2rwLOg5NGF
d1236bv/yNA9lSGT7+xaHik5YEwuGhZ5jqVlAnbNAwlRbe/+R96vKr5qj/FTgYEw
3IGKAu+KVtefQEIZaCeCSDwVSYxKz7pRuPb3nIy7oPkGvqtz8wN/L03SAd9Yc92A
PBTLV5aFAq5JzYaHr6SZulut22pQ6TIR4ZQnjqyX3DKEV+9hSFxSLHJeqepZv83w
B3Ml8ppnJNlaREbjYwemI5896EDSCO43i3NW2VSYcnemgCHpfmEhepqOfKmhr71K
fqxJbWKNfByag8lciTK06LXhwu7SZz9Guh9HL1rEgu48ypzaTU6hhb/B
-----END CERTIFICATE-----