Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209861.roa
File:                     AS209861.roa (raw, json)
Hash identifier:          fmhbzqeK+PuO1C678zofuhWcoHSX+xqZmTDhX7Qqoxw=
Subject key identifier:   6B:75:E7:6C:49:96:AD:15:BD:0D:EF:79:6A:12:1D:34:B2:64:E9:7A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       348690ED9B20C9A4A974A600EC8BC03D94FD0D19
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209861.roa
Signing time:             Tue 19 Aug 2025 10:19:53 +0000
ROA not before:           Tue 19 Aug 2025 10:14:53 +0000
ROA not after:            Tue 18 Aug 2026 10:19:53 +0000
asID:                     209861
IP address blocks:        143.20.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:86:90:ed:9b:20:c9:a4:a9:74:a6:00:ec:8b:c0:3d:94:fd:0d:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 19 10:14:53 2025 GMT
            Not After : Aug 18 10:19:53 2026 GMT
        Subject: CN=6B75E76C4996AD15BD0DEF796A121D34B264E97A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8b:96:0f:25:fa:50:68:1e:3e:13:b6:eb:b1:
                    fd:d4:70:1e:33:ed:bc:42:87:34:bc:c9:e6:44:2e:
                    2e:1f:23:f4:11:00:64:5e:be:1b:03:ad:11:7d:46:
                    1a:ad:b7:35:ad:9a:44:54:66:4b:4f:93:db:0c:de:
                    8f:a8:49:cd:5d:08:77:ab:15:86:13:19:36:19:e9:
                    cb:e3:eb:ac:dc:21:91:db:b5:d8:f2:fa:af:82:29:
                    f9:27:f2:d8:b9:55:a7:d7:51:cd:83:05:cf:a3:1e:
                    54:e8:84:4b:cf:02:55:f2:3b:3e:58:6e:ec:45:f3:
                    5b:70:8d:07:4b:86:f8:62:34:6e:e8:4c:a5:91:95:
                    a6:1d:ff:ed:19:77:cf:e4:47:5b:92:e2:c7:a2:24:
                    73:0c:af:3f:b6:f8:ed:d0:09:99:62:20:39:99:24:
                    d9:23:15:a2:25:a4:5d:3f:ad:af:97:67:cd:cf:62:
                    b9:2e:ab:ec:e3:a7:9c:40:66:b4:84:16:92:33:22:
                    8b:10:34:8d:d5:d5:c3:49:84:c2:63:ab:92:02:7f:
                    34:b9:01:50:c7:1b:15:d2:3b:7c:a5:df:5a:d8:fe:
                    aa:f5:b7:8e:fc:64:6d:e5:63:22:e5:91:2e:b5:4d:
                    cd:10:2e:ca:dc:3b:81:22:c3:7d:28:3b:de:f2:d2:
                    35:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:75:E7:6C:49:96:AD:15:BD:0D:EF:79:6A:12:1D:34:B2:64:E9:7A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209861.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:8f:ac:2b:7b:ab:92:89:04:9e:5d:cc:b0:76:17:db:1f:92:
         27:3e:0f:8b:1c:be:81:cf:23:b4:65:1b:92:e7:f3:cf:13:ff:
         08:9a:1f:b8:71:3b:ee:c9:c1:da:6d:ae:d1:5f:a5:39:b2:ca:
         34:5c:bb:09:d7:4e:3e:54:3b:ed:c7:10:d8:d6:60:d2:04:b2:
         35:2f:a8:be:92:97:83:4e:72:86:10:6f:05:46:b9:79:09:ee:
         3a:3f:46:d3:83:71:b2:c0:63:95:fc:86:ab:8f:1d:63:39:ea:
         71:76:86:da:47:50:91:74:5d:1d:6d:6f:59:46:76:f3:e3:ba:
         79:80:72:4a:6e:16:22:07:57:46:a3:d8:bb:7f:56:ad:34:67:
         d7:d6:71:0f:69:d7:38:3f:a1:47:bb:d8:ca:e5:cf:58:ff:47:
         40:14:a9:85:78:e2:36:aa:17:21:f5:6d:04:c5:25:53:b2:f1:
         44:46:47:ab:b6:8a:32:47:c0:f3:fb:fb:d0:f2:48:ba:01:3c:
         48:49:b3:10:8b:a2:1d:a6:d2:db:a6:a5:57:aa:ff:f9:71:a6:
         43:57:4f:b6:0d:9a:e3:9b:43:3c:bb:86:95:6d:ed:9e:0a:db:
         2b:ac:0c:50:ae:74:61:0e:6d:64:24:32:ad:d9:16:4e:88:9e:
         86:05:2c:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNIaQ7ZsgyaSpdKYA7IvAPZT9DRkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MTkxMDE0NTNaFw0yNjA4MTgxMDE5NTNaMDMxMTAvBgNV
BAMTKDZCNzVFNzZDNDk5NkFEMTVCRDBERUY3OTZBMTIxRDM0QjI2NEU5N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKi5YPJfpQaB4+E7brsf3UcB4z
7bxChzS8yeZELi4fI/QRAGRevhsDrRF9RhqttzWtmkRUZktPk9sM3o+oSc1dCHer
FYYTGTYZ6cvj66zcIZHbtdjy+q+CKfkn8ti5VafXUc2DBc+jHlTohEvPAlXyOz5Y
buxF81twjQdLhvhiNG7oTKWRlaYd/+0Zd8/kR1uS4seiJHMMrz+2+O3QCZliIDmZ
JNkjFaIlpF0/ra+XZ83PYrkuq+zjp5xAZrSEFpIzIosQNI3V1cNJhMJjq5ICfzS5
AVDHGxXSO3yl31rY/qr1t478ZG3lYyLlkS61Tc0QLsrcO4Eiw30oO97y0jWfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUa3XnbEmWrRW9De95ahIdNLJk6XowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA5ODYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRL
MA0GCSqGSIb3DQEBCwUAA4IBAQDAj6wre6uSiQSeXcywdhfbH5InPg+LHL6BzyO0
ZRuS5/PPE/8Imh+4cTvuycHaba7RX6U5sso0XLsJ104+VDvtxxDY1mDSBLI1L6i+
kpeDTnKGEG8FRrl5Ce46P0bTg3GywGOV/Iarjx1jOepxdobaR1CRdF0dbW9ZRnbz
47p5gHJKbhYiB1dGo9i7f1atNGfX1nEPadc4P6FHu9jK5c9Y/0dAFKmFeOI2qhch
9W0ExSVTsvFERkertooyR8Dz+/vQ8ki6ATxISbMQi6IdptLbpqVXqv/5caZDV0+2
DZrjm0M8u4aVbe2eCtsrrAxQrnRhDm1kJDKt2RZOiJ6GBSwo
-----END CERTIFICATE-----