Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207590.roa
File:                     AS207590.roa (raw, json)
Hash identifier:          Va3euFt0Vsc5j7crhocZvH/37spQtJC/qlnJ7UWZxFI=
Subject key identifier:   B7:CA:65:B3:AD:D8:F7:1B:AA:47:6B:AE:09:EB:C9:42:DB:25:1A:66
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       21B4EB796AB987C86D5D4B95E619837A0A82C275
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207590.roa
Signing time:             Fri 22 Aug 2025 13:28:05 +0000
ROA not before:           Fri 22 Aug 2025 13:23:05 +0000
ROA not after:            Fri 21 Aug 2026 13:28:05 +0000
asID:                     207590
IP address blocks:        143.20.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:b4:eb:79:6a:b9:87:c8:6d:5d:4b:95:e6:19:83:7a:0a:82:c2:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 22 13:23:05 2025 GMT
            Not After : Aug 21 13:28:05 2026 GMT
        Subject: CN=B7CA65B3ADD8F71BAA476BAE09EBC942DB251A66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:5b:1f:78:1a:da:c0:3c:9c:21:53:ba:59:6f:
                    d8:a7:a9:51:0f:4f:16:7a:ff:43:70:69:b1:5c:84:
                    6a:2c:e2:dc:66:18:44:3a:4f:12:81:39:96:fb:37:
                    a8:b2:f6:b5:86:d1:bd:dc:87:17:74:43:f8:63:3c:
                    c9:fa:30:26:fd:06:23:7d:32:6b:01:29:f6:30:66:
                    b7:be:28:42:6e:a4:81:c8:31:d9:96:ff:28:1b:48:
                    9c:24:9f:e8:3f:cf:cf:09:2b:84:bc:db:2d:2c:36:
                    07:f4:6d:94:56:02:19:2a:68:3a:78:4f:f1:3f:fb:
                    7a:aa:03:49:93:70:e0:02:99:00:10:81:07:25:1e:
                    86:d6:4f:3c:68:ad:9b:6c:b4:b0:69:44:05:8d:f2:
                    fb:b7:9a:fe:50:20:76:ec:fa:7f:3c:0f:b9:c6:7b:
                    3a:17:d6:9e:19:69:0b:44:49:66:67:76:0b:74:bd:
                    95:da:63:14:27:f4:ec:fb:05:51:6a:42:06:3a:f7:
                    df:59:b0:e6:b3:1e:ac:be:90:89:e6:45:7e:29:c2:
                    d9:d1:01:4b:2e:1c:38:85:b9:3c:95:71:74:9a:6b:
                    c8:6d:70:a5:fd:58:8b:0d:35:8f:52:8c:79:4a:2b:
                    7c:de:16:67:d8:a1:06:67:ab:11:1a:2f:d8:e2:14:
                    2c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:CA:65:B3:AD:D8:F7:1B:AA:47:6B:AE:09:EB:C9:42:DB:25:1A:66
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207590.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:d0:56:4c:3d:3c:09:12:ae:4c:01:10:3e:1d:55:c5:de:6b:
         f2:e9:9a:35:83:ed:c8:b5:f2:f1:2b:f6:c6:67:1c:08:5d:c6:
         aa:70:5a:8e:c3:21:b7:3e:88:18:5b:e5:d7:c6:65:3f:6c:89:
         6c:9b:8c:3a:ea:17:6a:44:c6:8c:0c:da:74:8e:5a:c7:65:92:
         50:7b:e5:7d:88:04:ab:ba:6c:a3:13:3a:05:c3:18:ed:3a:a3:
         9e:2b:ee:7e:e4:0c:44:ca:86:4e:80:83:f0:02:75:17:9d:68:
         8b:70:b0:49:71:f2:0d:c3:8b:59:34:23:ae:73:8b:d7:b8:f4:
         d2:aa:41:fe:25:ac:24:e1:bd:ef:60:9b:bb:80:fd:d4:2a:0c:
         e0:fa:c0:07:bb:48:a5:85:c5:f1:20:10:30:f0:a3:3b:6f:43:
         49:9e:12:fa:e1:27:42:fe:83:e1:bd:31:a3:9d:fb:a8:2b:ad:
         9a:7f:34:e2:e3:c1:8f:fe:e2:0a:ef:f6:ba:5a:f8:c9:87:2b:
         9d:b8:10:86:23:50:fd:d4:0c:af:05:99:33:78:b2:db:a6:7f:
         3d:15:45:2a:8b:75:db:8b:4d:be:8f:a4:3e:2c:23:fd:49:b6:
         83:20:ef:b5:b2:a6:60:5b:f5:76:f8:47:20:08:ce:e9:ac:bf:
         42:c3:90:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIbTreWq5h8htXUuV5hmDegqCwnUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MjIxMzIzMDVaFw0yNjA4MjExMzI4MDVaMDMxMTAvBgNV
BAMTKEI3Q0E2NUIzQUREOEY3MUJBQTQ3NkJBRTA5RUJDOTQyREIyNTFBNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVWx94GtrAPJwhU7pZb9inqVEP
TxZ6/0NwabFchGos4txmGEQ6TxKBOZb7N6iy9rWG0b3chxd0Q/hjPMn6MCb9BiN9
MmsBKfYwZre+KEJupIHIMdmW/ygbSJwkn+g/z88JK4S82y0sNgf0bZRWAhkqaDp4
T/E/+3qqA0mTcOACmQAQgQclHobWTzxorZtstLBpRAWN8vu3mv5QIHbs+n88D7nG
ezoX1p4ZaQtESWZndgt0vZXaYxQn9Oz7BVFqQgY6999ZsOazHqy+kInmRX4pwtnR
AUsuHDiFuTyVcXSaa8htcKX9WIsNNY9SjHlKK3zeFmfYoQZnqxEaL9jiFCz1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUt8pls63Y9xuqR2uuCevJQtslGmYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3NTkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRw
MA0GCSqGSIb3DQEBCwUAA4IBAQAn0FZMPTwJEq5MARA+HVXF3mvy6Zo1g+3ItfLx
K/bGZxwIXcaqcFqOwyG3PogYW+XXxmU/bIlsm4w66hdqRMaMDNp0jlrHZZJQe+V9
iASrumyjEzoFwxjtOqOeK+5+5AxEyoZOgIPwAnUXnWiLcLBJcfINw4tZNCOuc4vX
uPTSqkH+Jawk4b3vYJu7gP3UKgzg+sAHu0ilhcXxIBAw8KM7b0NJnhL64SdC/oPh
vTGjnfuoK62afzTi48GP/uIK7/a6WvjJhyuduBCGI1D91AyvBZkzeLLbpn89FUUq
i3Xbi02+j6Q+LCP9SbaDIO+1sqZgW/V2+EcgCM7prL9Cw5C2
-----END CERTIFICATE-----