Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa
File:                     AS207769.roa (raw, json)
Hash identifier:          VABmODvggoVDgs1V6aqDA9hmzSfT50pr//n52HHoD7g=
Subject key identifier:   1A:85:38:23:2B:39:4A:2B:1D:55:CD:AF:E5:C1:58:69:8B:62:FE:AE
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7AF80290489264F865A62D9939577A8388A197E1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa
Signing time:             Wed 01 Oct 2025 00:15:50 +0000
ROA not before:           Wed 01 Oct 2025 00:10:50 +0000
ROA not after:            Wed 30 Sep 2026 00:15:50 +0000
asID:                     207769
IP address blocks:        143.20.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:44:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:f8:02:90:48:92:64:f8:65:a6:2d:99:39:57:7a:83:88:a1:97:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct  1 00:10:50 2025 GMT
            Not After : Sep 30 00:15:50 2026 GMT
        Subject: CN=1A8538232B394A2B1D55CDAFE5C158698B62FEAE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0f:28:0f:32:ce:e4:20:47:c5:4b:7d:89:d0:
                    23:74:19:08:cf:65:85:a9:90:5f:8b:7d:4a:b2:51:
                    3d:db:fb:d1:e1:4a:9d:f3:30:d4:e1:da:7b:ec:07:
                    99:bd:98:9d:c6:40:65:19:2e:75:1f:31:c4:fa:03:
                    d2:79:3b:99:5f:8f:a3:03:13:d9:ca:3a:db:b5:60:
                    9a:16:d3:55:17:89:e2:23:60:a4:03:70:cd:dd:9a:
                    44:73:38:17:d7:2e:44:38:d6:38:fc:90:c6:78:25:
                    3e:31:b7:c8:3d:6d:7c:a2:57:e2:71:c1:69:08:68:
                    58:d3:55:ae:ea:44:ac:13:97:d2:0d:90:e9:44:1c:
                    8b:1d:b2:4a:55:fb:ed:1a:a1:92:87:bd:80:fe:76:
                    6c:c4:ed:75:36:17:01:e1:f0:ea:5f:92:ca:f1:6e:
                    55:e2:e5:ce:de:0e:11:03:45:65:9a:86:95:41:ea:
                    c2:53:a2:34:e3:2f:84:88:c9:ea:27:20:87:fa:60:
                    85:06:1e:04:38:fc:45:90:bc:92:85:3c:82:11:5a:
                    79:6f:43:db:f1:97:2e:ca:b4:53:db:f7:e4:67:ca:
                    9f:70:f2:4f:ac:cd:eb:3e:05:cb:e8:1d:cd:cf:f3:
                    75:67:3b:0e:91:bc:9f:30:b1:fa:f3:78:cb:88:31:
                    30:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:85:38:23:2B:39:4A:2B:1D:55:CD:AF:E5:C1:58:69:8B:62:FE:AE
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:29:1a:4c:c8:b2:05:18:81:72:09:37:cd:b6:21:39:44:c5:
         da:6d:1f:a5:0f:c4:e7:ce:db:6d:49:21:5e:26:f4:d5:a2:71:
         84:ff:ba:72:8e:ea:a0:c2:39:3d:25:e7:d1:77:cc:ff:75:c7:
         1f:d0:c4:42:cf:5d:b2:8c:53:e3:aa:4b:95:71:d0:cc:d4:2e:
         0e:bd:60:6c:6e:7d:23:82:4e:be:04:36:26:86:8f:c5:14:06:
         7f:78:4e:e0:26:5e:c7:ef:dc:ce:a1:c6:11:60:0e:b0:ee:f9:
         61:58:b2:01:cd:fc:35:36:b5:dc:bf:fa:b5:78:2f:eb:a7:2d:
         0d:21:70:a0:5a:22:19:10:db:b0:bb:04:53:1e:61:8e:50:79:
         66:45:47:f2:4c:13:ce:e1:f2:0d:2f:09:b6:91:d5:7b:14:f5:
         94:62:83:56:a7:15:e7:5f:07:b6:69:96:46:6d:46:a9:84:8c:
         22:5f:61:cc:e2:d7:82:95:fe:f6:98:bf:b6:c3:9f:1a:11:b3:
         72:68:5c:83:79:e8:d8:8e:82:db:54:2b:55:2e:a2:1d:a9:92:
         be:e3:19:9e:b9:f5:93:a5:e8:2f:03:30:00:7d:9d:af:37:8e:
         27:90:16:16:5d:2f:bb:e3:be:3f:04:5d:85:0a:bc:fd:f6:b9:
         b3:7d:3e:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUevgCkEiSZPhlpi2ZOVd6g4ihl+EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMDEwMDEwNTBaFw0yNjA5MzAwMDE1NTBaMDMxMTAvBgNV
BAMTKDFBODUzODIzMkIzOTRBMkIxRDU1Q0RBRkU1QzE1ODY5OEI2MkZFQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCODygPMs7kIEfFS32J0CN0GQjP
ZYWpkF+LfUqyUT3b+9HhSp3zMNTh2nvsB5m9mJ3GQGUZLnUfMcT6A9J5O5lfj6MD
E9nKOtu1YJoW01UXieIjYKQDcM3dmkRzOBfXLkQ41jj8kMZ4JT4xt8g9bXyiV+Jx
wWkIaFjTVa7qRKwTl9INkOlEHIsdskpV++0aoZKHvYD+dmzE7XU2FwHh8Opfksrx
blXi5c7eDhEDRWWahpVB6sJTojTjL4SIyeonIIf6YIUGHgQ4/EWQvJKFPIIRWnlv
Q9vxly7KtFPb9+Rnyp9w8k+szes+BcvoHc3P83VnOw6RvJ8wsfrzeMuIMTBxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGoU4Iys5SisdVc2v5cFYaYti/q4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3NzY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQy
MA0GCSqGSIb3DQEBCwUAA4IBAQA5KRpMyLIFGIFyCTfNtiE5RMXabR+lD8Tnzttt
SSFeJvTVonGE/7pyjuqgwjk9JefRd8z/dccf0MRCz12yjFPjqkuVcdDM1C4OvWBs
bn0jgk6+BDYmho/FFAZ/eE7gJl7H79zOocYRYA6w7vlhWLIBzfw1NrXcv/q1eC/r
py0NIXCgWiIZENuwuwRTHmGOUHlmRUfyTBPO4fINLwm2kdV7FPWUYoNWpxXnXwe2
aZZGbUaphIwiX2HM4teClf72mL+2w58aEbNyaFyDeejYjoLbVCtVLqIdqZK+4xme
ufWTpegvAzAAfZ2vN44nkBYWXS+7474/BF2FCrz99rmzfT4/
-----END CERTIFICATE-----