Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208063.roa
File:                     AS208063.roa (raw, json)
Hash identifier:          x8KlHpzsvdj9XyamLy3D2TdEt0MMNNMOIu8TFzQSP+4=
Subject key identifier:   58:19:67:86:22:57:21:87:68:66:C7:40:75:1C:67:51:91:11:8B:A7
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5A8918CF76D992EA42C6560A3BC2942533C5A943
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208063.roa
Signing time:             Thu 19 Jun 2025 11:48:45 +0000
ROA not before:           Thu 19 Jun 2025 11:43:45 +0000
ROA not after:            Thu 18 Jun 2026 11:48:45 +0000
asID:                     208063
IP address blocks:        143.20.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:89:18:cf:76:d9:92:ea:42:c6:56:0a:3b:c2:94:25:33:c5:a9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 19 11:43:45 2025 GMT
            Not After : Jun 18 11:48:45 2026 GMT
        Subject: CN=58196786225721876866C740751C675191118BA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:40:b1:92:2b:ec:19:3d:75:94:5d:2a:29:ce:
                    9f:e9:d3:2f:24:d2:c4:36:fb:87:91:0c:13:c5:ef:
                    88:4c:e5:ee:a3:1e:97:59:ab:06:d6:7a:36:b6:c7:
                    af:83:1a:d9:0b:a5:6a:79:b5:80:f6:e3:d7:d5:6e:
                    54:33:c2:f6:42:54:8b:61:06:14:5d:46:7b:54:6d:
                    b6:25:28:4d:d5:0c:cd:9f:28:5c:69:17:8b:05:d1:
                    9e:55:35:7a:fa:b3:56:e0:77:66:1d:c7:46:6a:a2:
                    79:e9:c4:e7:ee:2c:66:7c:b4:e3:f9:29:dd:4f:2b:
                    0e:8b:a2:29:80:49:5b:87:29:32:55:7f:2a:20:58:
                    13:f5:d7:b6:99:eb:9e:b0:83:b9:cb:ca:00:15:bc:
                    9d:11:b6:a9:c1:8f:23:12:2f:13:a5:e2:0b:e1:41:
                    bc:14:01:10:48:10:b9:fa:3e:03:02:aa:e8:84:44:
                    7d:4e:78:a6:c8:b0:95:0b:03:61:e1:2b:54:1f:27:
                    1c:0c:e9:35:54:06:f2:11:ad:b1:4d:5d:03:a7:e7:
                    b0:cb:89:ee:f7:82:78:63:3a:b0:13:67:21:7a:21:
                    40:02:92:40:89:a0:6e:ac:52:ad:eb:6f:b9:b2:62:
                    58:71:ee:16:ed:71:c6:a9:4b:d3:a6:f1:02:2c:b0:
                    76:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:19:67:86:22:57:21:87:68:66:C7:40:75:1C:67:51:91:11:8B:A7
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208063.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:71:00:8d:f6:23:f5:3b:89:6a:4f:75:46:23:57:a2:7a:46:
         35:95:ee:3b:a6:c8:3d:60:95:4d:b7:1c:d7:60:8f:f8:f4:45:
         99:6a:bd:c6:d8:2a:94:45:e2:b0:ee:c1:14:4e:f7:dd:0e:84:
         9d:4b:89:59:be:14:22:44:4a:91:53:0e:47:55:52:06:37:49:
         26:5d:b5:ae:12:89:cb:66:2f:aa:5a:03:81:c2:89:5b:13:de:
         cc:fd:f7:c8:6b:73:e0:d6:4e:09:e6:21:7b:2c:7e:14:55:fe:
         7a:df:9d:e5:73:5e:48:c6:b0:0d:59:5d:38:19:ac:22:ee:9f:
         89:4f:2d:03:c7:1a:ff:24:56:6e:6b:74:79:e2:1b:93:97:e9:
         bf:c3:bd:0d:17:0d:5d:19:42:54:30:a3:a8:7f:da:b4:30:12:
         31:dc:89:e6:df:56:0c:a1:b4:79:47:97:c5:f9:17:0f:86:90:
         6f:aa:df:69:36:64:d5:53:b9:d2:37:fd:67:73:4b:66:3e:c9:
         f3:c1:10:dd:55:ec:fe:dc:d2:06:a8:bd:a8:04:bd:46:db:cc:
         e0:a7:31:1d:59:f7:f3:ae:e1:a8:94:60:6f:1f:79:e7:80:7c:
         39:4c:8f:04:a1:58:07:3b:95:42:33:40:db:76:ad:55:58:f2:
         61:55:62:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWokYz3bZkupCxlYKO8KUJTPFqUMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTkxMTQzNDVaFw0yNjA2MTgxMTQ4NDVaMDMxMTAvBgNV
BAMTKDU4MTk2Nzg2MjI1NzIxODc2ODY2Qzc0MDc1MUM2NzUxOTExMThCQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzQLGSK+wZPXWUXSopzp/p0y8k
0sQ2+4eRDBPF74hM5e6jHpdZqwbWeja2x6+DGtkLpWp5tYD249fVblQzwvZCVIth
BhRdRntUbbYlKE3VDM2fKFxpF4sF0Z5VNXr6s1bgd2Ydx0ZqonnpxOfuLGZ8tOP5
Kd1PKw6LoimASVuHKTJVfyogWBP117aZ656wg7nLygAVvJ0RtqnBjyMSLxOl4gvh
QbwUARBIELn6PgMCquiERH1OeKbIsJULA2HhK1QfJxwM6TVUBvIRrbFNXQOn57DL
ie73gnhjOrATZyF6IUACkkCJoG6sUq3rb7myYlhx7hbtccapS9Om8QIssHbdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWBlnhiJXIYdoZsdAdRxnUZERi6cwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA4MDYzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRn
MA0GCSqGSIb3DQEBCwUAA4IBAQBPcQCN9iP1O4lqT3VGI1eiekY1le47psg9YJVN
txzXYI/49EWZar3G2CqUReKw7sEUTvfdDoSdS4lZvhQiREqRUw5HVVIGN0kmXbWu
EonLZi+qWgOBwolbE97M/ffIa3Pg1k4J5iF7LH4UVf56353lc15IxrANWV04Gawi
7p+JTy0Dxxr/JFZua3R54huTl+m/w70NFw1dGUJUMKOof9q0MBIx3Inm31YMobR5
R5fF+RcPhpBvqt9pNmTVU7nSN/1nc0tmPsnzwRDdVez+3NIGqL2oBL1G28zgpzEd
WffzruGolGBvH3nngHw5TI8EoVgHO5VCM0Dbdq1VWPJhVWLf
-----END CERTIFICATE-----