Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS269070.roa
File:                     AS269070.roa (raw, json)
Hash identifier:          t30UxsxUj9/N7R5I7skYoadyhCZODhMdX+blG9zwuLE=
Subject key identifier:   9D:A4:04:04:D7:ED:54:AF:E6:55:B6:A5:F6:23:29:10:F1:2F:ED:AC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       655B388455FE9C02ED811F993516DC53FA00E6A0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS269070.roa
Signing time:             Tue 05 Aug 2025 11:59:38 +0000
ROA not before:           Tue 05 Aug 2025 11:54:38 +0000
ROA not after:            Tue 04 Aug 2026 11:59:38 +0000
asID:                     269070
IP address blocks:        143.14.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:5b:38:84:55:fe:9c:02:ed:81:1f:99:35:16:dc:53:fa:00:e6:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  5 11:54:38 2025 GMT
            Not After : Aug  4 11:59:38 2026 GMT
        Subject: CN=9DA40404D7ED54AFE655B6A5F6232910F12FEDAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0b:0f:ab:81:2f:13:72:f3:e0:78:cb:4e:46:
                    8c:60:fb:e2:e0:db:5b:6c:3c:6a:e3:1e:ed:9c:6d:
                    3c:db:7f:b6:23:fe:60:e9:c4:c6:d6:f6:1f:f1:ae:
                    e4:de:a0:b4:1e:dd:7e:9a:60:5b:0a:39:c7:b3:47:
                    91:45:d5:b5:c2:ad:11:a3:fb:c8:53:10:98:03:b5:
                    a0:d5:94:38:c7:9e:1f:68:af:76:e7:d5:7f:2e:7d:
                    ac:73:04:ad:0f:2f:36:71:10:d6:be:60:f1:06:0f:
                    8c:e7:06:ab:d7:39:8d:dc:6b:82:ca:c6:1e:80:44:
                    76:8d:72:50:04:6d:9d:58:ab:18:84:b1:1e:9b:ef:
                    81:ed:dc:28:ed:d5:69:b3:c3:78:6d:da:07:4d:50:
                    56:32:22:26:2f:7e:34:8e:49:dc:1c:f7:b2:15:85:
                    c6:40:96:5c:fc:13:9f:97:c6:a8:40:ea:fc:95:1f:
                    21:85:b8:03:b4:57:88:71:35:33:1a:61:21:ae:73:
                    6e:70:de:07:ff:74:c9:b0:32:da:3d:e9:75:30:59:
                    39:a1:3e:9e:a2:e6:36:23:85:94:0b:ea:fc:a2:47:
                    9f:25:96:04:9f:ed:20:a7:db:59:5e:60:f0:c5:23:
                    3e:00:f6:74:b8:4f:e6:cc:61:d5:df:29:df:a9:b1:
                    a2:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:A4:04:04:D7:ED:54:AF:E6:55:B6:A5:F6:23:29:10:F1:2F:ED:AC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS269070.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:24:c8:19:70:9a:49:19:f9:15:b0:07:e7:15:fb:0d:d5:5a:
         78:a5:93:a5:c1:80:3f:af:ca:b0:b5:53:bd:1f:9e:e0:01:d6:
         92:28:b9:6b:d1:91:5d:b2:85:20:00:61:88:42:5b:fa:36:91:
         a4:7e:2f:62:8a:93:e0:31:e9:53:42:81:a7:1e:ff:56:74:fd:
         59:cc:5c:43:35:75:c8:8e:8c:04:c0:70:11:78:f3:93:c1:74:
         e4:f0:ce:8b:0f:40:ed:7b:ab:8a:5a:ad:55:b5:89:e3:97:b4:
         9a:89:78:df:13:b9:f7:31:27:1c:f9:22:99:5f:8f:84:1f:89:
         b3:f1:b2:b4:70:ec:91:c0:d6:19:11:d0:a1:0f:b7:eb:3a:7e:
         6e:1c:0a:ba:64:ea:d2:34:35:8d:04:8d:dc:f2:0f:14:fd:aa:
         f1:92:3e:96:7b:c7:88:27:7a:dd:00:d3:6e:89:59:9a:79:3c:
         64:f4:92:9f:04:e9:25:82:cb:0a:e3:80:44:0e:f2:a0:d0:bb:
         a2:40:a6:73:0c:45:1e:91:10:68:3c:94:da:a3:3d:22:67:2d:
         e5:ca:51:f6:d0:90:1d:af:48:db:d6:8d:7b:2b:1a:3e:a3:37:
         27:f2:92:73:a4:da:e9:f3:d7:83:32:d1:3f:e8:b3:63:2a:9c:
         19:30:0d:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZVs4hFX+nALtgR+ZNRbcU/oA5qAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDUxMTU0MzhaFw0yNjA4MDQxMTU5MzhaMDMxMTAvBgNV
BAMTKDlEQTQwNDA0RDdFRDU0QUZFNjU1QjZBNUY2MjMyOTEwRjEyRkVEQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Cw+rgS8TcvPgeMtORoxg++Lg
21tsPGrjHu2cbTzbf7Yj/mDpxMbW9h/xruTeoLQe3X6aYFsKOcezR5FF1bXCrRGj
+8hTEJgDtaDVlDjHnh9or3bn1X8ufaxzBK0PLzZxENa+YPEGD4znBqvXOY3ca4LK
xh6ARHaNclAEbZ1YqxiEsR6b74Ht3Cjt1Wmzw3ht2gdNUFYyIiYvfjSOSdwc97IV
hcZAllz8E5+XxqhA6vyVHyGFuAO0V4hxNTMaYSGuc25w3gf/dMmwMto96XUwWTmh
Pp6i5jYjhZQL6vyiR58llgSf7SCn21leYPDFIz4A9nS4T+bMYdXfKd+psaKBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUnaQEBNftVK/mVbal9iMpEPEv7awwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjY5MDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw73
MA0GCSqGSIb3DQEBCwUAA4IBAQAcJMgZcJpJGfkVsAfnFfsN1Vp4pZOlwYA/r8qw
tVO9H57gAdaSKLlr0ZFdsoUgAGGIQlv6NpGkfi9iipPgMelTQoGnHv9WdP1ZzFxD
NXXIjowEwHARePOTwXTk8M6LD0Dte6uKWq1VtYnjl7SaiXjfE7n3MScc+SKZX4+E
H4mz8bK0cOyRwNYZEdChD7frOn5uHAq6ZOrSNDWNBI3c8g8U/arxkj6We8eIJ3rd
ANNuiVmaeTxk9JKfBOklgssK44BEDvKg0LuiQKZzDEUekRBoPJTaoz0iZy3lylH2
0JAdr0jb1o17Kxo+ozcn8pJzpNrp89eDMtE/6LNjKpwZMA0M
-----END CERTIFICATE-----