Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209861.roa
File:                     AS209861.roa (raw, json)
Hash identifier:          wuzYyz7kiBykNM4M8N/OPWHkegHlTofj7mK+J0XKfmI=
Subject key identifier:   A9:5B:F3:0D:ED:1E:A6:12:3A:ED:7D:7F:56:36:9B:F5:C4:E8:F2:C0
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5760099E2069D724D07766C16720C15512205DCD
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209861.roa
Signing time:             Fri 26 Sep 2025 07:46:10 +0000
ROA not before:           Fri 26 Sep 2025 07:41:10 +0000
ROA not after:            Fri 25 Sep 2026 07:46:10 +0000
asID:                     209861
IP address blocks:        143.20.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:60:09:9e:20:69:d7:24:d0:77:66:c1:67:20:c1:55:12:20:5d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 26 07:41:10 2025 GMT
            Not After : Sep 25 07:46:10 2026 GMT
        Subject: CN=A95BF30DED1EA6123AED7D7F56369BF5C4E8F2C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3f:51:7d:1d:6a:22:25:85:93:56:84:cb:8e:
                    4a:55:04:1f:6c:c6:67:8c:78:cb:18:fe:7e:04:30:
                    b9:5c:07:24:de:83:35:13:00:f8:46:51:f2:cf:13:
                    43:36:47:30:21:96:16:90:e5:46:b5:70:9c:eb:24:
                    3f:2b:4f:71:cb:20:40:99:a1:5b:0b:21:30:56:a3:
                    b5:54:8e:28:15:69:a6:0f:67:bc:b7:22:ec:de:d9:
                    7d:d6:5b:de:90:74:59:58:81:38:c1:aa:9a:47:d8:
                    4a:c3:54:9b:11:7a:3d:66:ac:d0:a9:10:cf:3d:b4:
                    60:d6:e9:cf:79:f4:ce:9b:2a:d3:76:01:43:f6:a3:
                    9d:92:04:20:80:7d:d4:69:cd:4f:43:e9:36:5f:ff:
                    b3:79:ed:32:0b:e7:2e:0f:e2:74:54:b7:ca:a7:ef:
                    0e:f8:eb:8a:20:bb:cc:97:52:5d:d8:4d:2c:87:26:
                    ea:8a:31:c3:0b:76:ba:b3:5b:79:b9:51:b0:a2:bb:
                    e0:f6:45:29:bb:3b:8c:61:73:cc:9a:fe:da:38:84:
                    aa:49:a6:55:84:64:67:db:3c:04:32:08:ef:30:a0:
                    93:62:f5:22:45:cc:f8:cd:85:a8:f1:9c:bf:67:67:
                    67:40:51:65:51:36:69:7c:cb:90:d9:e7:aa:05:93:
                    e7:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:5B:F3:0D:ED:1E:A6:12:3A:ED:7D:7F:56:36:9B:F5:C4:E8:F2:C0
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209861.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:a2:20:ff:96:5b:c8:c0:ff:56:13:d8:51:bb:cf:95:24:3b:
         ea:71:2e:84:f4:58:8a:42:93:6e:b9:73:f1:48:19:2f:5d:5f:
         a1:6b:29:ef:c4:34:e8:91:55:45:d0:91:cd:4c:5c:ba:91:08:
         8c:8e:19:73:40:79:5a:9e:87:f2:bd:52:17:6f:f9:0d:4b:16:
         8d:d6:46:7e:9b:bd:14:a6:9a:ce:4f:1f:78:6d:d2:d0:4b:cf:
         15:c8:d9:a6:09:4d:50:ff:1e:19:fd:34:4d:04:76:df:33:ae:
         97:8e:16:a7:7f:86:0d:a7:9a:7c:e9:8d:a6:ca:b8:83:d2:4d:
         a2:87:a0:54:09:cc:23:85:a3:f3:14:e2:4e:87:50:6b:6a:d4:
         b6:1b:73:0f:50:8a:7e:1c:5f:ee:95:a1:0a:c3:0c:4d:67:83:
         f6:90:b2:b3:b2:c2:cb:3f:20:5e:f8:94:fb:1f:50:06:df:98:
         69:08:cf:41:52:64:94:c7:ad:fe:e4:39:4f:a1:1a:3a:fd:b6:
         a2:47:03:59:ec:26:4c:b9:ee:c4:06:8b:fe:f4:21:cd:c6:ca:
         c8:84:ab:06:1e:d8:b7:a7:aa:91:7d:51:a2:28:60:9a:51:9d:
         25:b9:82:8f:d4:6a:7a:a8:09:86:de:6c:f4:a0:86:f3:1a:27:
         3c:36:a4:c6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUV2AJniBp1yTQd2bBZyDBVRIgXc0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjYwNzQxMTBaFw0yNjA5MjUwNzQ2MTBaMDMxMTAvBgNV
BAMTKEE5NUJGMzBERUQxRUE2MTIzQUVEN0Q3RjU2MzY5QkY1QzRFOEYyQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTP1F9HWoiJYWTVoTLjkpVBB9s
xmeMeMsY/n4EMLlcByTegzUTAPhGUfLPE0M2RzAhlhaQ5Ua1cJzrJD8rT3HLIECZ
oVsLITBWo7VUjigVaaYPZ7y3Iuze2X3WW96QdFlYgTjBqppH2ErDVJsRej1mrNCp
EM89tGDW6c959M6bKtN2AUP2o52SBCCAfdRpzU9D6TZf/7N57TIL5y4P4nRUt8qn
7w7464ogu8yXUl3YTSyHJuqKMcMLdrqzW3m5UbCiu+D2RSm7O4xhc8ya/to4hKpJ
plWEZGfbPAQyCO8woJNi9SJFzPjNhajxnL9nZ2dAUWVRNml8y5DZ56oFk+fnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqVvzDe0ephI67X1/Vjab9cTo8sAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA5ODYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRL
MA0GCSqGSIb3DQEBCwUAA4IBAQDHoiD/llvIwP9WE9hRu8+VJDvqcS6E9FiKQpNu
uXPxSBkvXV+haynvxDTokVVF0JHNTFy6kQiMjhlzQHlanofyvVIXb/kNSxaN1kZ+
m70UpprOTx94bdLQS88VyNmmCU1Q/x4Z/TRNBHbfM66Xjhanf4YNp5p86Y2myriD
0k2ih6BUCcwjhaPzFOJOh1BratS2G3MPUIp+HF/ulaEKwwxNZ4P2kLKzssLLPyBe
+JT7H1AG35hpCM9BUmSUx63+5DlPoRo6/baiRwNZ7CZMue7EBov+9CHNxsrIhKsG
Hti3p6qRfVGiKGCaUZ0luYKP1Gp6qAmG3mz0oIbzGic8NqTG
-----END CERTIFICATE-----