Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS205886.roa
File:                     AS205886.roa (raw, json)
Hash identifier:          8kvUduxZw3pK6sqYcriFIiGFD2eskhbKdM8Pbv+KF6I=
Subject key identifier:   AE:4A:66:DB:AC:85:83:C8:65:5E:F0:F4:FD:0B:F5:8A:41:99:45:61
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       059DC7DD3C73ABB11BFA92AD479B89EAF95D0FE0
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS205886.roa
Signing time:             Thu 21 Aug 2025 03:29:43 +0000
ROA not before:           Thu 21 Aug 2025 03:24:43 +0000
ROA not after:            Thu 20 Aug 2026 03:29:43 +0000
asID:                     205886
IP address blocks:        143.20.179.0/24 maxlen: 24
                          143.20.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:9d:c7:dd:3c:73:ab:b1:1b:fa:92:ad:47:9b:89:ea:f9:5d:0f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 21 03:24:43 2025 GMT
            Not After : Aug 20 03:29:43 2026 GMT
        Subject: CN=AE4A66DBAC8583C8655EF0F4FD0BF58A41994561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f5:c8:ea:c5:f0:45:d6:1e:d4:97:ed:05:02:
                    f5:b4:63:ae:fd:55:82:58:8f:e2:ca:31:55:4f:b2:
                    a7:2b:ed:ca:0f:fd:c3:d2:19:33:7d:c3:fe:1f:a8:
                    73:de:16:81:3d:5a:0c:0d:11:a5:a2:7c:13:87:db:
                    06:13:05:ef:d1:16:c4:1d:cd:22:84:77:5f:57:b9:
                    68:1f:2f:71:d7:6b:bb:a0:8b:9c:a6:dc:0a:57:69:
                    80:6d:00:38:c5:e8:63:ea:f5:d6:7a:be:40:8f:77:
                    2e:20:27:5a:cd:71:2f:cd:d5:c8:a4:9a:e6:29:67:
                    a6:49:cf:33:24:f8:24:ed:58:04:55:ab:20:a4:f2:
                    bc:5b:e4:05:26:14:94:af:cc:95:9e:8d:d1:56:f8:
                    d8:f7:18:bf:2c:0a:a2:c3:60:8f:63:31:7f:99:dd:
                    4d:05:a1:91:aa:01:77:bf:c5:55:32:c0:ce:6e:a5:
                    37:47:e7:6e:99:bc:cb:11:9f:27:77:4e:84:df:8c:
                    c6:39:d9:e1:60:92:6c:8c:fd:e9:bc:32:0a:ab:dc:
                    4e:de:0f:b6:b4:5e:1b:55:30:d0:07:57:e9:a4:c6:
                    17:2e:75:b1:a3:eb:bf:6a:f6:1b:9f:41:8f:2d:75:
                    33:1f:bc:21:e3:e1:65:f3:1c:eb:b1:3d:91:28:08:
                    da:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:4A:66:DB:AC:85:83:C8:65:5E:F0:F4:FD:0B:F5:8A:41:99:45:61
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS205886.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.179.0/24
                  143.20.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:54:82:97:a2:b9:d4:4f:3b:38:c8:28:d3:9c:cb:af:33:86:
         01:62:d7:aa:74:47:90:c8:48:0f:03:d2:6e:2b:00:77:6c:fc:
         b9:5c:86:8e:31:01:6d:b7:8c:d3:74:2f:09:94:63:c4:65:b8:
         a4:13:c1:dd:7b:55:77:13:b5:5f:73:25:1e:c3:67:6c:ac:21:
         fb:5d:03:30:12:24:c7:d0:d1:a4:a5:92:26:09:27:2b:e3:3e:
         13:ff:df:9a:8b:23:f6:cb:8a:5a:16:f0:81:de:24:a1:da:4a:
         4b:33:2f:83:71:38:f1:8c:e4:3f:26:ba:d0:32:19:3b:56:15:
         4e:68:21:b8:0a:56:d3:9a:c3:30:29:6b:12:5e:5c:42:03:c9:
         59:14:cc:cd:75:83:c9:72:67:49:b1:7b:24:7b:f0:ab:c5:cf:
         d1:9f:bf:c2:30:58:3d:d7:bc:4e:11:63:ae:68:8f:8a:12:c3:
         1d:34:06:75:ab:72:0c:7c:84:7e:91:4f:40:95:66:6e:b9:fc:
         f2:5b:af:9c:0f:55:b6:b3:a6:c0:75:41:8b:c4:ff:ae:fb:29:
         42:7b:c0:c7:46:db:23:70:cb:8d:90:3b:05:2f:1c:d4:cf:69:
         cf:e3:97:31:c6:91:ad:2a:0b:45:03:08:fd:d6:09:fa:20:95:
         99:20:cb:1f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUBZ3H3Txzq7Eb+pKtR5uJ6vldD+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MjEwMzI0NDNaFw0yNjA4MjAwMzI5NDNaMDMxMTAvBgNV
BAMTKEFFNEE2NkRCQUM4NTgzQzg2NTVFRjBGNEZEMEJGNThBNDE5OTQ1NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU9cjqxfBF1h7Ul+0FAvW0Y679
VYJYj+LKMVVPsqcr7coP/cPSGTN9w/4fqHPeFoE9WgwNEaWifBOH2wYTBe/RFsQd
zSKEd19XuWgfL3HXa7ugi5ym3ApXaYBtADjF6GPq9dZ6vkCPdy4gJ1rNcS/N1cik
muYpZ6ZJzzMk+CTtWARVqyCk8rxb5AUmFJSvzJWejdFW+Nj3GL8sCqLDYI9jMX+Z
3U0FoZGqAXe/xVUywM5upTdH526ZvMsRnyd3ToTfjMY52eFgkmyM/em8Mgqr3E7e
D7a0XhtVMNAHV+mkxhcudbGj679q9hufQY8tdTMfvCHj4WXzHOuxPZEoCNrhAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUrkpm26yFg8hlXvD0/Qv1ikGZRWEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA1ODg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxSz
AwQAjxTdMA0GCSqGSIb3DQEBCwUAA4IBAQACVIKXornUTzs4yCjTnMuvM4YBYteq
dEeQyEgPA9JuKwB3bPy5XIaOMQFtt4zTdC8JlGPEZbikE8Hde1V3E7VfcyUew2ds
rCH7XQMwEiTH0NGkpZImCScr4z4T/9+aiyP2y4paFvCB3iSh2kpLMy+DcTjxjOQ/
JrrQMhk7VhVOaCG4ClbTmsMwKWsSXlxCA8lZFMzNdYPJcmdJsXske/Crxc/Rn7/C
MFg917xOEWOuaI+KEsMdNAZ1q3IMfIR+kU9AlWZuufzyW6+cD1W2s6bAdUGLxP+u
+ylCe8DHRtsjcMuNkDsFLxzUz2nP45cxxpGtKgtFAwj91gn6IJWZIMsf
-----END CERTIFICATE-----