Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209101.roa
File:                     AS209101.roa (raw, json)
Hash identifier:          lLG0PVZra80DjUb21zjvn/xskHtV3t+n60KB7GuaozI=
Subject key identifier:   3A:A8:18:79:43:A3:0B:CF:BF:EB:17:77:C6:53:93:FA:0E:2D:9D:71
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3ECB4725F8F37B2B74293D362A6E8B58F0C9DD2A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209101.roa
Signing time:             Thu 02 Oct 2025 11:53:54 +0000
ROA not before:           Thu 02 Oct 2025 11:48:54 +0000
ROA not after:            Thu 01 Oct 2026 11:53:54 +0000
asID:                     209101
IP address blocks:        143.20.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:cb:47:25:f8:f3:7b:2b:74:29:3d:36:2a:6e:8b:58:f0:c9:dd:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct  2 11:48:54 2025 GMT
            Not After : Oct  1 11:53:54 2026 GMT
        Subject: CN=3AA8187943A30BCFBFEB1777C65393FA0E2D9D71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0f:99:2c:c8:4f:77:f8:7b:a0:9f:36:05:41:
                    fc:ab:c8:11:c6:a4:f4:d3:95:b4:e9:b5:29:72:46:
                    11:0d:10:4a:95:c0:e1:e5:3f:86:b8:ca:67:41:a6:
                    a5:33:cf:11:32:e8:6e:d2:96:d8:39:cb:3a:9e:56:
                    0f:b8:b0:1e:dd:db:50:3d:b6:46:c0:bc:94:05:ea:
                    0e:f1:64:73:56:c3:72:e1:9c:a6:9b:be:91:ea:89:
                    67:d9:c0:41:1f:0d:37:72:cc:39:0c:bd:16:80:a6:
                    51:59:0b:22:e6:bc:e8:ce:21:87:76:ac:a1:ae:01:
                    35:9f:c5:a8:47:ba:40:1e:92:f4:03:dd:08:dd:79:
                    0a:b9:79:3b:93:50:3e:48:f3:13:87:da:9f:a6:fe:
                    13:34:78:4f:ba:8a:4b:1c:3c:d4:2e:b4:4e:62:b6:
                    a2:02:64:5e:35:8f:52:ff:3e:2d:57:16:32:99:fc:
                    5f:27:ef:bf:5f:80:5f:e9:b1:91:1f:3f:ca:8b:4b:
                    29:1e:3b:09:be:35:71:69:d4:39:84:fb:e0:dd:1f:
                    35:0f:7f:43:77:58:57:6e:2b:39:32:53:b1:a0:a8:
                    8e:c6:87:5c:6f:67:c4:fb:1f:5b:a0:01:10:35:0c:
                    d3:ff:e8:0b:90:f6:9f:d6:c0:9b:be:83:c2:4d:5f:
                    e3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:A8:18:79:43:A3:0B:CF:BF:EB:17:77:C6:53:93:FA:0E:2D:9D:71
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209101.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:64:4c:d8:cf:36:93:77:38:e6:95:b2:dd:0b:9d:ca:a0:41:
         b7:27:e7:96:91:c9:e8:af:c8:f2:51:b2:7f:1b:97:5a:33:86:
         69:32:98:05:33:5b:85:40:8d:d5:e4:31:6f:45:ed:1e:e3:fb:
         87:fb:55:77:55:6b:81:06:dc:e0:52:b7:69:fc:12:84:de:ff:
         c9:72:cc:99:a0:0d:fc:8f:ea:9f:97:d3:87:61:09:67:f1:49:
         5e:cc:e4:2c:aa:f3:04:cb:13:7d:e8:20:21:9f:09:40:4d:cd:
         a9:5d:f0:91:33:b9:a4:95:cb:ab:1e:d6:df:d9:8a:ef:20:69:
         0c:8e:7a:7c:e7:24:6b:4d:a6:6f:1d:0e:d6:cd:d8:01:11:e0:
         55:6e:bf:e8:67:cd:1c:f2:bf:92:6a:dd:c9:4b:2c:93:66:37:
         12:59:46:b1:13:22:4c:2f:7a:56:de:8f:cb:3d:05:45:8d:e0:
         39:bc:6e:87:18:4a:fa:30:db:e6:49:3c:4b:76:c4:8a:6d:6f:
         ae:d1:0c:2e:99:b7:29:66:ba:36:21:cb:d6:78:dc:6e:fd:0e:
         ed:c4:44:6f:f1:2f:94:b2:d5:de:b9:54:38:42:b8:2d:20:da:
         e4:0a:f3:27:e9:93:3b:ef:20:36:0f:6a:2e:7f:4e:11:05:5a:
         88:a2:a1:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPstHJfjzeyt0KT02Km6LWPDJ3SowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMDIxMTQ4NTRaFw0yNjEwMDExMTUzNTRaMDMxMTAvBgNV
BAMTKDNBQTgxODc5NDNBMzBCQ0ZCRkVCMTc3N0M2NTM5M0ZBMEUyRDlENzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTD5ksyE93+HugnzYFQfyryBHG
pPTTlbTptSlyRhENEEqVwOHlP4a4ymdBpqUzzxEy6G7Sltg5yzqeVg+4sB7d21A9
tkbAvJQF6g7xZHNWw3LhnKabvpHqiWfZwEEfDTdyzDkMvRaAplFZCyLmvOjOIYd2
rKGuATWfxahHukAekvQD3QjdeQq5eTuTUD5I8xOH2p+m/hM0eE+6ikscPNQutE5i
tqICZF41j1L/Pi1XFjKZ/F8n779fgF/psZEfP8qLSykeOwm+NXFp1DmE++DdHzUP
f0N3WFduKzkyU7GgqI7Gh1xvZ8T7H1ugARA1DNP/6AuQ9p/WwJu+g8JNX+PNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOqgYeUOjC8+/6xd3xlOT+g4tnXEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA5MTAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSM
MA0GCSqGSIb3DQEBCwUAA4IBAQAwZEzYzzaTdzjmlbLdC53KoEG3J+eWkcnor8jy
UbJ/G5daM4ZpMpgFM1uFQI3V5DFvRe0e4/uH+1V3VWuBBtzgUrdp/BKE3v/JcsyZ
oA38j+qfl9OHYQln8UlezOQsqvMEyxN96CAhnwlATc2pXfCRM7mklcurHtbf2Yrv
IGkMjnp85yRrTaZvHQ7WzdgBEeBVbr/oZ80c8r+Sat3JSyyTZjcSWUaxEyJML3pW
3o/LPQVFjeA5vG6HGEr6MNvmSTxLdsSKbW+u0QwumbcpZro2IcvWeNxu/Q7txERv
8S+UstXeuVQ4QrgtINrkCvMn6ZM77yA2D2ouf04RBVqIoqFH
-----END CERTIFICATE-----