Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS202673.roa
File:                     AS202673.roa (raw, json)
Hash identifier:          smPlvbdZVDggFgGMy/AfNlFo5Ysvko30K3DsUI22TEI=
Subject key identifier:   E5:7F:E2:11:A1:16:1C:37:31:19:3C:8D:47:1D:77:BF:E4:40:DA:40
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3C6BAD9D9D6BB98D91B61BFCC92A7F5B10831B99
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS202673.roa
Signing time:             Wed 01 Oct 2025 13:16:51 +0000
ROA not before:           Wed 01 Oct 2025 13:11:51 +0000
ROA not after:            Wed 30 Sep 2026 13:16:51 +0000
asID:                     202673
IP address blocks:        143.20.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:6b:ad:9d:9d:6b:b9:8d:91:b6:1b:fc:c9:2a:7f:5b:10:83:1b:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct  1 13:11:51 2025 GMT
            Not After : Sep 30 13:16:51 2026 GMT
        Subject: CN=E57FE211A1161C3731193C8D471D77BFE440DA40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:b5:60:94:64:df:17:75:b6:9a:68:9e:20:8e:
                    70:18:21:5b:40:bc:cf:51:c5:02:5c:0a:63:91:56:
                    58:d3:9c:3a:f7:96:2a:c9:fd:72:43:b6:f7:18:5d:
                    a9:74:d9:3d:d1:a5:19:28:c7:c9:02:bf:5d:49:0f:
                    0b:dd:be:fc:02:9b:0a:02:18:67:95:12:14:aa:b1:
                    bf:34:a2:60:66:4c:7b:51:7f:26:72:d4:6f:10:77:
                    3a:f3:f8:7b:b3:cd:e4:64:53:d3:22:19:ac:16:59:
                    ec:00:bc:6c:95:20:fa:87:06:04:40:90:bb:b8:9b:
                    8f:d2:d8:d7:d7:c2:0c:54:75:75:c5:3f:9e:35:1f:
                    82:cb:16:b4:35:a7:51:a3:7d:b0:72:09:97:49:01:
                    3b:17:54:7a:af:18:2f:a6:f9:17:58:9c:fb:53:1d:
                    27:d2:7b:b4:bf:00:c2:e4:65:5e:14:f4:b9:cb:eb:
                    73:e9:a6:7a:ca:f8:0e:1c:6d:1c:27:02:04:9d:38:
                    5b:2c:ad:73:0c:10:fb:cb:70:6f:e7:9d:ad:df:e2:
                    d1:e9:ca:59:92:d2:cd:5c:6c:9c:73:6a:c9:54:69:
                    f7:43:95:4d:9b:65:96:56:ae:23:80:6d:5e:f2:05:
                    dd:58:c0:59:ad:02:8f:a9:b6:50:2d:ca:29:1c:4a:
                    28:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7F:E2:11:A1:16:1C:37:31:19:3C:8D:47:1D:77:BF:E4:40:DA:40
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS202673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:af:1c:67:ac:5e:ba:1f:d5:51:6b:09:5e:77:e2:10:e9:77:
         37:aa:90:09:bb:06:56:ca:a1:78:4f:12:22:50:90:24:c2:53:
         bc:35:71:92:9d:5c:4d:63:ab:bd:1f:a4:b1:ce:61:1e:d2:77:
         54:51:90:51:97:77:f7:1c:0c:80:f8:57:c2:99:63:89:0a:72:
         ce:2e:f6:ba:6a:1f:f7:f5:c6:29:36:2b:c5:28:e6:5e:8b:b1:
         b2:98:21:4d:8d:ae:82:40:ab:19:bd:f2:fd:3f:67:61:43:2a:
         81:60:fc:8a:16:ab:a8:6e:e4:5f:09:81:a1:b8:52:7b:b7:45:
         3a:de:00:bb:0d:0b:8d:50:39:61:22:75:5f:f7:e7:de:d8:23:
         be:1c:df:ca:b5:12:40:90:0f:eb:47:32:82:0f:f2:06:a9:bf:
         5b:e0:54:6e:2f:a5:23:53:3b:b4:39:9f:08:ff:37:9f:85:2d:
         8b:f0:1b:fa:2d:c3:ec:68:3c:77:b8:19:c0:ef:d8:c5:47:63:
         bd:1a:15:fe:4e:67:1d:aa:06:3c:f1:fb:26:6b:14:4d:5e:44:
         6b:43:9a:fc:ab:59:9b:c3:92:a7:48:d1:5e:dc:14:14:b6:0a:
         19:0a:b8:3e:91:ad:30:7b:b8:79:bf:b6:f1:93:e8:c9:e6:36:
         b9:b9:e9:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPGutnZ1ruY2Rthv8ySp/WxCDG5kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMDExMzExNTFaFw0yNjA5MzAxMzE2NTFaMDMxMTAvBgNV
BAMTKEU1N0ZFMjExQTExNjFDMzczMTE5M0M4RDQ3MUQ3N0JGRTQ0MERBNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDstWCUZN8XdbaaaJ4gjnAYIVtA
vM9RxQJcCmORVljTnDr3lirJ/XJDtvcYXal02T3RpRkox8kCv11JDwvdvvwCmwoC
GGeVEhSqsb80omBmTHtRfyZy1G8Qdzrz+HuzzeRkU9MiGawWWewAvGyVIPqHBgRA
kLu4m4/S2NfXwgxUdXXFP541H4LLFrQ1p1GjfbByCZdJATsXVHqvGC+m+RdYnPtT
HSfSe7S/AMLkZV4U9LnL63PppnrK+A4cbRwnAgSdOFssrXMMEPvLcG/nna3f4tHp
ylmS0s1cbJxzaslUafdDlU2bZZZWriOAbV7yBd1YwFmtAo+ptlAtyikcSijtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5X/iEaEWHDcxGTyNRx13v+RA2kAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjAyNjczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSB
MA0GCSqGSIb3DQEBCwUAA4IBAQB9rxxnrF66H9VRawled+IQ6Xc3qpAJuwZWyqF4
TxIiUJAkwlO8NXGSnVxNY6u9H6SxzmEe0ndUUZBRl3f3HAyA+FfCmWOJCnLOLva6
ah/39cYpNivFKOZei7GymCFNja6CQKsZvfL9P2dhQyqBYPyKFquobuRfCYGhuFJ7
t0U63gC7DQuNUDlhInVf9+fe2CO+HN/KtRJAkA/rRzKCD/IGqb9b4FRuL6UjUzu0
OZ8I/zefhS2L8Bv6LcPsaDx3uBnA79jFR2O9GhX+TmcdqgY88fsmaxRNXkRrQ5r8
q1mbw5KnSNFe3BQUtgoZCrg+ka0we7h5v7bxk+jJ5ja5uenv
-----END CERTIFICATE-----