Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS14445.roa
File:                     AS14445.roa (raw, json)
Hash identifier:          99gxX/hpu5WS6bCLx20QUzRTPYblA7o/Em0gVQ8I/kY=
Subject key identifier:   A0:D9:8C:85:36:69:25:11:40:AB:AF:9B:F0:6E:20:41:2F:59:57:6F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1B83F24A9828A4732DD1F3E49868A9E146140F51
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS14445.roa
Signing time:             Mon 18 Aug 2025 08:12:52 +0000
ROA not before:           Mon 18 Aug 2025 08:07:52 +0000
ROA not after:            Mon 17 Aug 2026 08:12:52 +0000
asID:                     14445
IP address blocks:        143.20.10.0/24 maxlen: 24
                          143.20.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:83:f2:4a:98:28:a4:73:2d:d1:f3:e4:98:68:a9:e1:46:14:0f:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 18 08:07:52 2025 GMT
            Not After : Aug 17 08:12:52 2026 GMT
        Subject: CN=A0D98C853669251140ABAF9BF06E20412F59576F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1b:85:12:fc:f9:33:37:7c:9a:7b:e4:c6:3a:
                    26:c7:c3:95:40:9b:19:dc:4a:48:50:c6:71:dd:ab:
                    d6:2a:dd:1f:7e:27:86:76:c7:4f:2f:48:bb:52:cd:
                    2f:0b:78:cd:91:ad:92:6e:47:6f:0e:57:e3:4e:a0:
                    44:ec:0a:b1:57:c0:c2:59:dc:2a:c0:0f:2c:bd:71:
                    0c:9c:c8:7a:6a:f3:c9:14:3b:a0:c5:10:4c:0e:78:
                    ea:22:04:a7:d2:93:50:55:04:c6:67:3f:de:2f:df:
                    fc:ab:01:f6:34:80:8c:1d:32:34:d9:64:22:3b:9a:
                    f7:4b:fa:00:d0:88:a4:2b:d5:99:75:f0:02:14:c9:
                    75:30:c2:74:d5:8b:e0:b2:de:f9:9f:5f:45:c6:3b:
                    70:63:f7:bb:92:d1:50:d0:5f:e2:58:ab:97:b0:15:
                    1a:eb:c9:a3:0d:94:cd:49:30:3b:21:98:e4:e5:58:
                    51:37:16:c6:24:94:79:08:c4:96:3c:0b:d3:15:fe:
                    27:97:d7:96:69:c3:cc:04:4d:4c:01:c8:30:85:c5:
                    a0:e1:7a:b0:d5:6c:8c:ce:c9:c1:5a:65:f7:37:37:
                    83:d3:2f:87:d5:01:63:c4:97:2c:ee:7f:87:fc:5c:
                    b8:5b:27:3b:9e:bf:83:61:19:47:c1:59:31:b6:8d:
                    40:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:D9:8C:85:36:69:25:11:40:AB:AF:9B:F0:6E:20:41:2F:59:57:6F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS14445.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.10.0/24
                  143.20.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:35:0a:5b:9e:2e:a7:fc:ee:77:e1:9d:74:f8:4d:97:3c:96:
         c2:b4:a3:8c:25:70:c2:67:86:79:24:e3:e1:74:4f:b8:fb:d7:
         7f:23:03:ec:98:c3:f8:ba:2c:6c:33:ee:4f:e9:e6:a4:95:3c:
         fa:80:f6:7d:9d:6c:40:3d:fc:14:63:7a:05:01:6b:0e:6d:de:
         08:5a:15:90:49:0c:fc:ca:2b:d5:3b:38:8c:ee:96:6f:0c:06:
         1c:c6:a2:a6:f1:94:60:37:d4:f0:17:59:bd:26:c4:51:ec:7f:
         88:29:e0:38:52:c0:0d:91:8e:3c:fe:b6:e0:49:1e:a5:9c:87:
         ae:fc:83:b5:dc:ba:d9:95:b8:dc:be:68:df:06:36:3d:17:51:
         2e:4c:62:f9:1e:70:a8:e9:a1:04:7d:0d:0c:31:38:1a:b1:aa:
         91:14:40:5b:09:68:9f:64:af:32:14:50:53:22:6a:7f:b6:ec:
         54:89:dd:88:57:e9:83:53:de:9a:f4:5d:90:00:ab:2d:12:0d:
         fe:98:c0:3f:3b:c4:d7:03:47:c5:8d:90:4e:38:41:b5:11:47:
         9e:42:ba:63:29:0e:5c:26:04:75:74:1d:b4:ad:42:8b:81:9d:
         8f:ca:7f:e1:1c:4e:b7:e2:f5:07:61:19:b0:a1:49:bc:e4:5c:
         3e:87:59:f1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUG4PySpgopHMt0fPkmGip4UYUD1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MTgwODA3NTJaFw0yNjA4MTcwODEyNTJaMDMxMTAvBgNV
BAMTKEEwRDk4Qzg1MzY2OTI1MTE0MEFCQUY5QkYwNkUyMDQxMkY1OTU3NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3G4US/PkzN3yae+TGOibHw5VA
mxncSkhQxnHdq9Yq3R9+J4Z2x08vSLtSzS8LeM2RrZJuR28OV+NOoETsCrFXwMJZ
3CrADyy9cQycyHpq88kUO6DFEEwOeOoiBKfSk1BVBMZnP94v3/yrAfY0gIwdMjTZ
ZCI7mvdL+gDQiKQr1Zl18AIUyXUwwnTVi+Cy3vmfX0XGO3Bj97uS0VDQX+JYq5ew
FRrryaMNlM1JMDshmOTlWFE3FsYklHkIxJY8C9MV/ieX15Zpw8wETUwByDCFxaDh
erDVbIzOycFaZfc3N4PTL4fVAWPElyzuf4f8XLhbJzuev4NhGUfBWTG2jUDZAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUoNmMhTZpJRFAq6+b8G4gQS9ZV28wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTQ0NDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFAoD
BACPFE4wDQYJKoZIhvcNAQELBQADggEBAF81ClueLqf87nfhnXT4TZc8lsK0o4wl
cMJnhnkk4+F0T7j7138jA+yYw/i6LGwz7k/p5qSVPPqA9n2dbEA9/BRjegUBaw5t
3ghaFZBJDPzKK9U7OIzulm8MBhzGoqbxlGA31PAXWb0mxFHsf4gp4DhSwA2Rjjz+
tuBJHqWch678g7XcutmVuNy+aN8GNj0XUS5MYvkecKjpoQR9DQwxOBqxqpEUQFsJ
aJ9krzIUUFMian+27FSJ3YhX6YNT3pr0XZAAqy0SDf6YwD87xNcDR8WNkE44QbUR
R55CumMpDlwmBHV0HbStQouBnY/Kf+EcTrfi9QdhGbChSbzkXD6HWfE=
-----END CERTIFICATE-----