Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          bZIyaLikOECcfkWkqoLJK+S11DnFOH8gh8s0fQOhapo=
Subject key identifier:   16:89:64:7C:72:E9:1A:7A:D7:F1:28:08:1D:A2:23:7D:0A:8F:E2:09
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       03F54ACA99CDB23F6F592EA4F4C69BC44E5172F3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
Signing time:             Tue 14 Oct 2025 13:44:21 +0000
ROA not before:           Tue 14 Oct 2025 13:39:21 +0000
ROA not after:            Tue 13 Oct 2026 13:44:21 +0000
asID:                     57043
IP address blocks:        143.14.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:f5:4a:ca:99:cd:b2:3f:6f:59:2e:a4:f4:c6:9b:c4:4e:51:72:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 14 13:39:21 2025 GMT
            Not After : Oct 13 13:44:21 2026 GMT
        Subject: CN=1689647C72E91A7AD7F128081DA2237D0A8FE209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3f:92:b7:5d:60:3f:bf:03:d0:82:a7:a0:f2:
                    0a:c5:b7:b3:6d:01:1b:67:0b:f5:2d:32:56:9a:8f:
                    7f:59:f8:5a:17:d3:99:a6:60:07:f7:8c:90:eb:67:
                    72:63:3a:bb:2c:de:bc:0b:18:1a:c2:c3:25:88:e1:
                    fe:ab:bd:cf:a1:e4:d3:ec:3e:ee:61:05:85:49:13:
                    6f:b4:75:9f:4c:7e:ad:b3:9d:8c:7d:86:a8:dd:8e:
                    de:6f:6a:29:ca:4c:41:ed:ef:85:d1:54:63:28:a6:
                    f6:de:58:f6:e6:25:9c:d8:b9:61:88:16:45:a0:fb:
                    18:53:de:f1:0b:9b:0a:4b:24:83:57:07:4c:73:d6:
                    6e:cf:d4:ad:bc:e7:e0:09:ac:b4:52:39:0b:ca:61:
                    42:82:b8:98:4a:bd:ad:ff:3d:dd:af:14:7d:ac:7b:
                    e7:a4:a3:71:ec:df:b6:c0:16:96:5d:00:5c:14:d3:
                    28:55:a9:07:60:aa:3d:ad:ee:79:cc:de:a6:b0:76:
                    46:2f:7e:a6:fe:ea:e4:dd:86:e9:93:cf:c0:9e:4e:
                    ac:44:0c:e9:d2:1c:1e:9e:d3:c7:06:c1:0b:bb:95:
                    47:2c:54:fe:c1:7e:34:11:18:b2:7d:c4:b7:4c:fc:
                    3c:97:d4:e8:da:76:d6:10:3f:7a:f0:5c:db:dc:ce:
                    39:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:89:64:7C:72:E9:1A:7A:D7:F1:28:08:1D:A2:23:7D:0A:8F:E2:09
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:28:4a:79:80:6e:78:49:8e:fd:ac:02:95:9a:29:b8:eb:ef:
         64:04:ff:0b:91:15:94:fc:00:5c:f5:0b:7c:8f:54:fa:21:b8:
         5f:a2:42:81:cd:9c:b7:b5:79:56:f4:af:b4:e6:f7:7a:ac:2d:
         e1:d7:a0:a1:67:93:92:28:58:0e:6b:87:84:96:2a:a4:f4:9f:
         de:57:51:55:6e:1a:ed:dc:12:16:2a:8f:d5:cf:7a:85:95:7d:
         69:77:65:1f:1d:c2:83:dd:25:cd:1d:c2:e2:ab:cd:74:f9:ab:
         ac:2f:02:27:73:3f:3a:d6:01:7a:c4:67:60:ab:4d:62:d4:ee:
         d4:b0:f2:9f:be:78:fa:cb:b9:8a:79:cd:9b:46:80:a8:3c:98:
         a5:3b:6d:e9:53:11:19:e8:d7:7f:be:26:0a:05:72:c0:78:fd:
         3f:fd:e2:f8:fd:4b:ee:f7:6d:fa:0a:00:5d:bd:15:af:e0:33:
         59:95:e6:b7:01:01:f9:b7:14:72:a9:1c:ef:04:df:7d:92:c3:
         96:b6:f9:5c:40:0f:a4:66:87:92:2a:11:16:61:1b:15:74:1e:
         c8:65:67:e3:bd:15:82:67:6c:14:df:f7:a8:17:e8:e9:99:ae:
         7b:29:16:75:81:b9:6c:86:59:b3:14:83:7e:71:a5:ba:32:43:
         e1:0d:ce:3d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUA/VKypnNsj9vWS6k9MabxE5RcvMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMTQxMzM5MjFaFw0yNjEwMTMxMzQ0MjFaMDMxMTAvBgNV
BAMTKDE2ODk2NDdDNzJFOTFBN0FEN0YxMjgwODFEQTIyMzdEMEE4RkUyMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoP5K3XWA/vwPQgqeg8grFt7Nt
ARtnC/UtMlaaj39Z+FoX05mmYAf3jJDrZ3JjOrss3rwLGBrCwyWI4f6rvc+h5NPs
Pu5hBYVJE2+0dZ9Mfq2znYx9hqjdjt5vainKTEHt74XRVGMopvbeWPbmJZzYuWGI
FkWg+xhT3vELmwpLJINXB0xz1m7P1K285+AJrLRSOQvKYUKCuJhKva3/Pd2vFH2s
e+eko3Hs37bAFpZdAFwU0yhVqQdgqj2t7nnM3qawdkYvfqb+6uTdhumTz8CeTqxE
DOnSHB6e08cGwQu7lUcsVP7BfjQRGLJ9xLdM/DyX1OjadtYQP3rwXNvczjmzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUFolkfHLpGnrX8SgIHaIjfQqP4gkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPDnww
DQYJKoZIhvcNAQELBQADggEBAIEoSnmAbnhJjv2sApWaKbjr72QE/wuRFZT8AFz1
C3yPVPohuF+iQoHNnLe1eVb0r7Tm93qsLeHXoKFnk5IoWA5rh4SWKqT0n95XUVVu
Gu3cEhYqj9XPeoWVfWl3ZR8dwoPdJc0dwuKrzXT5q6wvAidzPzrWAXrEZ2CrTWLU
7tSw8p++ePrLuYp5zZtGgKg8mKU7belTERno13++JgoFcsB4/T/94vj9S+73bfoK
AF29Fa/gM1mV5rcBAfm3FHKpHO8E332Sw5a2+VxAD6Rmh5IqERZhGxV0HshlZ+O9
FYJnbBTf96gX6OmZrnspFnWBuWyGWbMUg35xpboyQ+ENzj0=
-----END CERTIFICATE-----