Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211094.roa
File:                     AS211094.roa (raw, json)
Hash identifier:          6O7AUtm8HS7FoPvdIcX+gZ4D+fmV+OtgTY8LxNKgCtw=
Subject key identifier:   8F:55:5E:EA:18:3E:B7:1E:AF:A3:F3:B3:0A:A3:62:0C:B8:EC:3F:54
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7C6236B0229504C6426BA083A1F405DC0AEC6717
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211094.roa
Signing time:             Mon 16 Jun 2025 16:02:17 +0000
ROA not before:           Mon 16 Jun 2025 15:57:17 +0000
ROA not after:            Mon 15 Jun 2026 16:02:17 +0000
asID:                     211094
IP address blocks:        143.20.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:62:36:b0:22:95:04:c6:42:6b:a0:83:a1:f4:05:dc:0a:ec:67:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 16 15:57:17 2025 GMT
            Not After : Jun 15 16:02:17 2026 GMT
        Subject: CN=8F555EEA183EB71EAFA3F3B30AA3620CB8EC3F54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:dd:b5:15:14:30:69:74:6f:11:d1:37:46:9a:
                    ea:8e:a7:fe:aa:bd:76:eb:a9:2c:0f:8a:db:3e:e9:
                    3e:be:0c:fa:ea:72:30:52:7b:cb:4a:d4:9c:61:2a:
                    81:52:3a:2d:84:9c:ab:e0:90:88:7a:4a:c3:df:82:
                    a8:41:6f:bc:57:46:aa:5d:ea:68:40:ee:de:6a:2c:
                    03:24:93:2b:16:0c:7f:5e:f6:be:04:ca:67:65:ab:
                    55:e9:5d:a8:5f:25:9d:73:1e:c0:e9:4b:ad:f6:ef:
                    7d:19:7b:42:ae:f9:9b:cd:0f:71:4e:99:d0:08:e3:
                    ae:b0:32:fe:85:13:0c:9a:83:03:57:7c:2b:f6:b2:
                    b1:f3:1b:0d:af:5e:44:1f:2e:21:98:92:7c:bc:92:
                    42:04:e1:f4:99:cc:4b:24:e7:10:9c:c8:2d:df:54:
                    d1:69:9c:9a:4f:96:b3:80:ce:11:29:48:c1:14:f7:
                    c4:cf:11:f9:7e:0b:6b:89:25:29:4f:39:3c:a9:d6:
                    fa:54:50:24:cb:75:ae:09:9f:f1:ec:95:8b:80:ba:
                    6a:b8:6f:95:02:70:58:b4:d1:6f:89:d7:1e:df:cb:
                    6b:80:e0:e2:e5:3b:9f:29:29:70:bb:f3:3a:d1:d1:
                    43:dc:8f:c6:b4:6e:6b:c0:c1:cd:12:d0:da:31:51:
                    79:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:55:5E:EA:18:3E:B7:1E:AF:A3:F3:B3:0A:A3:62:0C:B8:EC:3F:54
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211094.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:ef:6a:7c:d3:2b:f4:5f:ce:b6:76:43:25:68:2f:5a:29:bf:
         fd:8b:9e:15:1b:91:59:d5:50:c7:35:18:3e:3e:55:f2:e6:23:
         3b:0d:a0:bc:32:18:d7:43:68:0d:79:6b:53:07:60:af:4d:05:
         6e:89:58:c5:d1:91:36:5a:4f:e0:0b:a2:bc:09:ed:8c:dd:42:
         5d:35:3e:47:1b:da:3b:95:64:37:09:62:4a:c4:ed:0a:60:91:
         af:22:1f:e1:e8:bf:18:1b:7e:55:51:15:e4:8e:f7:25:46:ce:
         3b:87:a2:72:92:8b:05:ee:d4:e4:53:25:9f:eb:dd:5a:93:6d:
         97:4c:23:ba:fe:97:06:26:ba:93:21:a5:89:2e:3d:a8:d8:34:
         d0:74:fc:86:c5:eb:1a:05:05:77:6d:16:c0:05:35:d7:c1:12:
         6a:d6:33:25:6f:cc:e9:76:20:6f:6d:d2:50:e4:71:6d:29:95:
         09:e3:fd:65:ec:8a:f0:22:6d:82:f9:29:03:a0:56:76:43:a6:
         32:0a:76:d2:cb:9f:35:22:c8:f9:63:ab:3c:a2:eb:5f:1b:f9:
         79:77:ef:97:ee:7c:2b:19:10:89:dd:6d:5d:70:c0:9a:1a:aa:
         c2:2d:39:f0:3e:1a:d5:4e:b1:4f:c5:be:97:ca:6d:6c:fa:d4:
         4b:38:34:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfGI2sCKVBMZCa6CDofQF3ArsZxcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTYxNTU3MTdaFw0yNjA2MTUxNjAyMTdaMDMxMTAvBgNV
BAMTKDhGNTU1RUVBMTgzRUI3MUVBRkEzRjNCMzBBQTM2MjBDQjhFQzNGNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW3bUVFDBpdG8R0TdGmuqOp/6q
vXbrqSwPits+6T6+DPrqcjBSe8tK1JxhKoFSOi2EnKvgkIh6SsPfgqhBb7xXRqpd
6mhA7t5qLAMkkysWDH9e9r4Eymdlq1XpXahfJZ1zHsDpS632730Ze0Ku+ZvND3FO
mdAI466wMv6FEwyagwNXfCv2srHzGw2vXkQfLiGYkny8kkIE4fSZzEsk5xCcyC3f
VNFpnJpPlrOAzhEpSMEU98TPEfl+C2uJJSlPOTyp1vpUUCTLda4Jn/HslYuAumq4
b5UCcFi00W+J1x7fy2uA4OLlO58pKXC78zrR0UPcj8a0bmvAwc0S0NoxUXkFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUj1Ve6hg+tx6vo/OzCqNiDLjsP1QwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjExMDk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQo
MA0GCSqGSIb3DQEBCwUAA4IBAQDC72p80yv0X862dkMlaC9aKb/9i54VG5FZ1VDH
NRg+PlXy5iM7DaC8MhjXQ2gNeWtTB2CvTQVuiVjF0ZE2Wk/gC6K8Ce2M3UJdNT5H
G9o7lWQ3CWJKxO0KYJGvIh/h6L8YG35VURXkjvclRs47h6JykosF7tTkUyWf691a
k22XTCO6/pcGJrqTIaWJLj2o2DTQdPyGxesaBQV3bRbABTXXwRJq1jMlb8zpdiBv
bdJQ5HFtKZUJ4/1l7IrwIm2C+SkDoFZ2Q6YyCnbSy581Isj5Y6s8outfG/l5d++X
7nwrGRCJ3W1dcMCaGqrCLTnwPhrVTrFPxb6Xym1s+tRLODQj
-----END CERTIFICATE-----