Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS205886.roa
File:                     AS205886.roa (raw, json)
Hash identifier:          ej6PQ0MJgjnDkEcDzzRzN2cgjhPqVz4t76B9a9KgK7Q=
Subject key identifier:   F3:A5:F5:AD:23:F6:E1:1F:34:14:1D:EB:FB:70:7A:9F:EA:9D:7F:3D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       15C7F1AC71B75E15B59E0C7EF62C866F350A57B1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS205886.roa
Signing time:             Mon 29 Sep 2025 07:20:54 +0000
ROA not before:           Mon 29 Sep 2025 07:15:54 +0000
ROA not after:            Mon 28 Sep 2026 07:20:54 +0000
asID:                     205886
IP address blocks:        143.20.139.0/24 maxlen: 24
                          143.20.179.0/24 maxlen: 24
                          143.20.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:c7:f1:ac:71:b7:5e:15:b5:9e:0c:7e:f6:2c:86:6f:35:0a:57:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 29 07:15:54 2025 GMT
            Not After : Sep 28 07:20:54 2026 GMT
        Subject: CN=F3A5F5AD23F6E11F34141DEBFB707A9FEA9D7F3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e8:76:83:d4:06:2a:3d:c0:ad:41:10:12:c3:
                    2a:41:fb:be:2b:a6:d6:d5:a0:a6:08:f7:1c:ef:fe:
                    4c:9b:4d:b6:df:82:91:b5:6c:cc:d8:e2:58:c4:ef:
                    da:63:af:7f:f6:33:07:4f:8c:62:a6:a8:ad:1f:91:
                    fa:de:d6:5c:d4:d8:c7:7c:74:be:74:62:f2:11:e8:
                    68:fe:f4:d2:88:4b:e1:78:0e:d3:ca:d5:ec:3c:f6:
                    a9:78:6d:e7:96:88:ee:38:ad:b0:d8:e7:4d:64:63:
                    71:72:e9:1f:b1:aa:66:0b:f1:27:1b:be:82:5e:1b:
                    bd:ad:f0:bc:07:7d:6f:3c:a4:55:d5:40:b1:df:10:
                    22:66:4d:8e:19:c4:18:d7:99:bf:57:6f:bd:a8:f7:
                    36:62:15:6e:1b:16:52:63:da:a1:dc:b8:1b:78:0d:
                    34:de:f8:3e:a2:53:38:39:24:19:6e:f2:76:53:89:
                    eb:4b:34:12:97:95:e8:24:b6:f5:2e:cd:1f:65:6b:
                    4e:4c:d5:22:96:0f:d2:a3:be:b6:ea:bb:8c:88:d0:
                    f1:5a:cd:2c:03:bd:8b:de:5e:6e:5a:41:ae:32:84:
                    e1:74:59:cb:8c:c3:15:15:0e:3c:b9:07:78:43:72:
                    45:9a:b1:75:aa:52:05:75:e3:ef:41:a6:de:82:79:
                    29:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:A5:F5:AD:23:F6:E1:1F:34:14:1D:EB:FB:70:7A:9F:EA:9D:7F:3D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS205886.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.139.0/24
                  143.20.179.0/24
                  143.20.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:2a:6b:d9:18:db:0e:98:35:31:80:01:4a:7b:d0:7f:e1:d4:
         c2:cc:a7:44:25:ce:bb:1b:6f:22:55:32:fd:82:09:e4:55:ac:
         bf:a3:f3:07:ec:be:2e:cf:0b:b5:c9:b6:8d:a2:5c:69:fc:d4:
         a9:46:b6:36:61:e3:78:f0:07:6f:64:27:73:a4:49:85:c1:6b:
         66:4c:08:59:02:46:e8:f1:c5:6a:fd:7e:7d:ab:b5:01:2d:c8:
         df:13:8c:0f:e3:7b:a7:b2:0d:cf:67:e7:74:b9:e8:b0:08:e2:
         43:1a:36:b6:c5:a0:92:68:b7:b4:1d:39:1a:ae:7c:d6:96:2c:
         b6:b5:f6:28:ec:6f:ef:b4:f4:8a:d5:4f:32:45:e5:9c:fe:57:
         22:80:66:54:a2:1b:2b:3f:43:96:68:45:bc:53:b5:1c:7e:64:
         01:d6:3a:66:39:bf:92:f5:51:d8:6d:b3:5a:2f:d1:ef:04:89:
         47:74:83:24:c2:ab:cb:ef:78:d8:b7:8f:da:98:25:5b:f9:12:
         7f:ac:b9:72:1f:e6:45:4c:f8:a6:e9:9d:a9:64:a1:0c:fa:bc:
         88:66:ba:52:a7:f9:c3:9e:62:f5:97:b0:b5:ab:5b:72:0b:cf:
         7d:3d:0e:c6:3f:14:14:6c:1b:0e:3e:d0:88:1f:3e:05:2f:0f:
         d5:57:ad:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUFcfxrHG3XhW1ngx+9iyGbzUKV7EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjkwNzE1NTRaFw0yNjA5MjgwNzIwNTRaMDMxMTAvBgNV
BAMTKEYzQTVGNUFEMjNGNkUxMUYzNDE0MURFQkZCNzA3QTlGRUE5RDdGM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ6HaD1AYqPcCtQRASwypB+74r
ptbVoKYI9xzv/kybTbbfgpG1bMzY4ljE79pjr3/2MwdPjGKmqK0fkfre1lzU2Md8
dL50YvIR6Gj+9NKIS+F4DtPK1ew89ql4beeWiO44rbDY501kY3Fy6R+xqmYL8Scb
voJeG72t8LwHfW88pFXVQLHfECJmTY4ZxBjXmb9Xb72o9zZiFW4bFlJj2qHcuBt4
DTTe+D6iUzg5JBlu8nZTietLNBKXlegktvUuzR9la05M1SKWD9Kjvrbqu4yI0PFa
zSwDvYveXm5aQa4yhOF0WcuMwxUVDjy5B3hDckWasXWqUgV14+9Bpt6CeSlTAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU86X1rSP24R80FB3r+3B6n+qdfz0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA1ODg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxSL
AwQAjxSzAwQAjxTdMA0GCSqGSIb3DQEBCwUAA4IBAQAFKmvZGNsOmDUxgAFKe9B/
4dTCzKdEJc67G28iVTL9ggnkVay/o/MH7L4uzwu1ybaNolxp/NSpRrY2YeN48Adv
ZCdzpEmFwWtmTAhZAkbo8cVq/X59q7UBLcjfE4wP43unsg3PZ+d0ueiwCOJDGja2
xaCSaLe0HTkarnzWliy2tfYo7G/vtPSK1U8yReWc/lcigGZUohsrP0OWaEW8U7Uc
fmQB1jpmOb+S9VHYbbNaL9HvBIlHdIMkwqvL73jYt4/amCVb+RJ/rLlyH+ZFTPim
6Z2pZKEM+ryIZrpSp/nDnmL1l7C1q1tyC899PQ7GPxQUbBsOPtCIHz4FLw/VV61Q
-----END CERTIFICATE-----