Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20648.roa
File:                     AS20648.roa (raw, json)
Hash identifier:          T/Gx7EOpBe4tTzzykmC8ReJydr5D+7kFU4+CNFR6sfA=
Subject key identifier:   24:48:E6:AF:EE:10:35:44:0E:BE:29:BA:A3:6A:46:31:13:C6:7B:5F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       CD4F5B6792FDE65E4EDDC3A0276AEAEBB8E767
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20648.roa
Signing time:             Mon 29 Sep 2025 07:44:42 +0000
ROA not before:           Mon 29 Sep 2025 07:39:42 +0000
ROA not after:            Mon 28 Sep 2026 07:44:42 +0000
asID:                     20648
IP address blocks:        143.20.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            cd:4f:5b:67:92:fd:e6:5e:4e:dd:c3:a0:27:6a:ea:eb:b8:e7:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 29 07:39:42 2025 GMT
            Not After : Sep 28 07:44:42 2026 GMT
        Subject: CN=2448E6AFEE1035440EBE29BAA36A463113C67B5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:26:16:7a:98:4b:e5:45:10:9e:dc:22:6d:1b:
                    9b:20:0d:1c:c3:27:8f:26:a2:76:b9:f1:c0:83:ee:
                    4d:25:88:cb:b6:02:2e:6d:84:e1:ba:7e:8f:c5:80:
                    79:d2:3f:a5:b4:bc:63:27:36:8a:21:6a:ed:bc:d7:
                    40:48:65:b5:24:3e:13:93:79:28:91:f8:f0:8d:78:
                    33:f7:7e:01:5f:fa:95:2d:f3:89:e6:7b:55:cf:93:
                    e3:f4:4a:07:30:d9:eb:f1:cd:81:25:2e:e9:7d:e8:
                    fd:f5:d5:c0:86:96:68:59:0f:f7:55:b4:d9:6d:eb:
                    67:47:98:26:74:f3:f3:3a:13:68:6a:7c:c3:f2:2b:
                    ce:83:4a:d8:9d:d4:8e:50:e4:e7:79:2e:56:56:f4:
                    0f:0a:36:e4:a6:b5:ec:d1:b6:3b:4a:a8:d0:e7:0f:
                    75:e0:3b:8a:fa:46:28:a5:21:6e:f6:12:46:c8:1d:
                    ca:7f:2a:77:04:98:c3:8e:60:cc:f5:25:4e:d2:40:
                    1f:98:a0:4e:78:88:24:09:88:e4:72:9c:9b:fc:7a:
                    7d:b7:93:ea:fd:eb:48:0b:eb:bf:7a:7f:f8:c2:7c:
                    fd:98:62:7a:f4:94:5e:a8:97:e6:74:73:4e:fb:04:
                    a2:95:fd:51:ba:7b:fb:51:e5:92:20:68:88:74:4f:
                    21:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:48:E6:AF:EE:10:35:44:0E:BE:29:BA:A3:6A:46:31:13:C6:7B:5F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:3f:7f:d2:4f:c1:ac:15:c7:35:bf:c4:69:a2:fc:a2:f5:0d:
         d3:4f:15:b3:d6:3a:b9:1a:43:c1:53:91:58:ff:73:27:8c:29:
         21:74:e1:1a:01:62:76:35:9f:a6:d8:92:61:5b:54:f8:9e:39:
         fa:1d:f1:8f:47:7b:41:59:68:48:8e:f7:23:b7:13:16:ff:b4:
         6c:f4:5f:ba:17:69:48:e3:95:10:86:ad:bd:03:db:cf:58:9e:
         4a:8b:23:8d:d9:c7:2e:3d:1d:d2:10:76:7f:d9:dd:47:32:ac:
         0e:3d:9b:8c:d3:c2:32:cf:a8:70:32:a0:1b:5f:04:bb:73:f9:
         07:9b:1e:fd:86:59:64:25:fe:86:57:c8:f9:18:f3:ba:17:16:
         81:91:7b:df:95:c9:97:2b:61:27:4d:e3:61:fe:d8:39:c8:ca:
         74:c6:59:ae:58:62:96:d6:7c:15:0e:45:cf:04:9a:08:43:9c:
         d6:56:0b:d7:16:da:1c:5a:9a:f0:f2:85:51:66:48:54:7c:f4:
         18:d0:28:94:25:0d:cc:d5:9d:b5:da:27:c4:39:45:e4:25:a0:
         0e:20:4a:e8:d7:32:f2:1f:be:ad:f2:a6:55:9a:7a:94:e0:4b:
         a5:54:c7:5b:af:69:21:e5:68:83:5c:9f:26:46:1a:6c:e5:8f:
         eb:2d:39:43
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUAM1PW2eS/eZeTt3DoCdq6uu452cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjkwNzM5NDJaFw0yNjA5MjgwNzQ0NDJaMDMxMTAvBgNV
BAMTKDI0NDhFNkFGRUUxMDM1NDQwRUJFMjlCQUEzNkE0NjMxMTNDNjdCNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIJhZ6mEvlRRCe3CJtG5sgDRzD
J48mona58cCD7k0liMu2Ai5thOG6fo/FgHnSP6W0vGMnNoohau2810BIZbUkPhOT
eSiR+PCNeDP3fgFf+pUt84nme1XPk+P0Sgcw2evxzYElLul96P311cCGlmhZD/dV
tNlt62dHmCZ08/M6E2hqfMPyK86DStid1I5Q5Od5LlZW9A8KNuSmtezRtjtKqNDn
D3XgO4r6RiilIW72EkbIHcp/KncEmMOOYMz1JU7SQB+YoE54iCQJiORynJv8en23
k+r960gL6796f/jCfP2YYnr0lF6ol+Z0c077BKKV/VG6e/tR5ZIgaIh0TyGbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUJEjmr+4QNUQOvim6o2pGMRPGe18wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA2NDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFIow
DQYJKoZIhvcNAQELBQADggEBAHo/f9JPwawVxzW/xGmi/KL1DdNPFbPWOrkaQ8FT
kVj/cyeMKSF04RoBYnY1n6bYkmFbVPieOfod8Y9He0FZaEiO9yO3Exb/tGz0X7oX
aUjjlRCGrb0D289YnkqLI43Zxy49HdIQdn/Z3UcyrA49m4zTwjLPqHAyoBtfBLtz
+QebHv2GWWQl/oZXyPkY87oXFoGRe9+VyZcrYSdN42H+2DnIynTGWa5YYpbWfBUO
Rc8EmghDnNZWC9cW2hxamvDyhVFmSFR89BjQKJQlDczVnbXaJ8Q5ReQloA4gSujX
MvIfvq3yplWaepTgS6VUx1uvaSHlaINcnyZGGmzlj+stOUM=
-----END CERTIFICATE-----