Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          cHf31p6kaks1ZNOPG6yERSE+2SnfdMhvBqXjSyDjOPA=
Subject key identifier:   84:CD:E0:A1:7B:4B:BA:70:5D:FB:05:C8:3D:E7:54:48:63:DA:B6:1B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       62C46174D725E0B964A18F5D1F35BA0D5C8955D5
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa
Signing time:             Wed 25 Jun 2025 23:38:55 +0000
ROA not before:           Wed 25 Jun 2025 23:33:55 +0000
ROA not after:            Wed 24 Jun 2026 23:38:55 +0000
asID:                     212238
IP address blocks:        143.20.43.0/24 maxlen: 24
                          143.20.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:c4:61:74:d7:25:e0:b9:64:a1:8f:5d:1f:35:ba:0d:5c:89:55:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 25 23:33:55 2025 GMT
            Not After : Jun 24 23:38:55 2026 GMT
        Subject: CN=84CDE0A17B4BBA705DFB05C83DE7544863DAB61B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:81:90:ce:5b:aa:eb:e1:0a:2a:fa:c8:b1:83:
                    23:06:f0:11:55:3b:c1:7c:3c:96:06:fc:b8:70:4e:
                    88:6c:d7:12:01:cf:bc:b7:e1:c2:fc:10:16:0c:ed:
                    6e:a9:bb:31:bf:cb:06:12:5d:1a:60:62:85:53:3a:
                    f5:d6:89:73:74:bc:69:28:f2:f3:1b:8d:66:5e:61:
                    39:45:22:74:b3:4b:26:59:bb:47:cf:ff:83:2f:6a:
                    83:76:cb:46:da:51:3d:a3:0c:92:c6:d0:28:51:0c:
                    ea:2c:fa:71:7b:ba:38:55:39:1e:97:d2:2e:ee:72:
                    ca:d9:a9:c7:b1:3a:33:18:bb:9e:18:7d:ef:68:f6:
                    ee:a8:f8:f1:0f:e5:62:c2:36:9c:f1:01:36:c7:e0:
                    ee:f1:cd:8b:ba:1c:11:a2:07:ce:0f:3a:2d:fb:17:
                    5f:95:1c:a3:f7:f4:d6:18:5f:77:70:19:fc:b9:f3:
                    40:fb:86:a7:64:d9:3f:53:16:a6:69:ac:a0:7b:2f:
                    0a:1e:91:04:03:fa:ba:41:17:bc:fb:95:98:9a:11:
                    e7:97:c9:e1:0d:4a:e3:ba:db:a7:11:1a:be:01:f8:
                    93:87:b2:33:54:23:1b:df:5f:5a:ca:5c:49:d4:f9:
                    52:c3:15:f0:54:f5:ea:49:c0:e4:a9:83:c2:50:47:
                    60:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:CD:E0:A1:7B:4B:BA:70:5D:FB:05:C8:3D:E7:54:48:63:DA:B6:1B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.43.0/24
                  143.20.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:b9:ed:41:05:1d:62:ee:a0:4f:d7:59:ba:a1:ce:78:66:92:
         10:05:85:ca:b3:63:3b:e6:3e:96:fd:29:02:dd:92:c8:1f:e9:
         4e:a6:3d:f5:f1:70:9b:4e:48:55:98:2e:a3:e9:42:3e:bd:6b:
         7e:09:9e:51:ee:55:a4:79:16:35:49:c2:57:a1:4a:3d:9b:62:
         4e:09:3a:c8:b4:2d:a3:67:c4:9f:e6:43:fb:fd:05:6a:38:4f:
         4f:ee:b2:ab:ca:97:b9:1a:92:ff:34:bf:01:0a:aa:39:9c:d0:
         3c:79:99:fa:ea:50:8a:27:79:39:28:d7:a3:d9:60:77:9a:e7:
         4a:0b:6d:ef:cc:28:db:36:70:da:32:cc:9e:42:bc:fb:2b:ea:
         85:46:cc:ca:3f:f5:55:ed:47:dc:7b:56:5e:82:2d:be:9f:0d:
         e9:4d:89:52:4f:af:c1:b5:df:fb:62:0d:79:f7:ee:4e:7f:29:
         c8:97:98:b8:8c:ca:53:3b:e6:17:8d:8b:03:66:0a:23:7a:99:
         99:40:4a:c2:18:97:f2:ee:9e:56:05:5f:69:15:ee:6e:bf:33:
         af:58:82:6b:44:9b:f3:a0:7d:e6:db:78:87:f1:ef:39:19:e5:
         a3:0c:a8:f5:01:ba:f5:57:62:55:31:6a:15:b5:7f:7c:41:06:
         25:e8:1a:7a
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUYsRhdNcl4LlkoY9dHzW6DVyJVdUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjUyMzMzNTVaFw0yNjA2MjQyMzM4NTVaMDMxMTAvBgNV
BAMTKDg0Q0RFMEExN0I0QkJBNzA1REZCMDVDODNERTc1NDQ4NjNEQUI2MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGgZDOW6rr4Qoq+sixgyMG8BFV
O8F8PJYG/LhwTohs1xIBz7y34cL8EBYM7W6puzG/ywYSXRpgYoVTOvXWiXN0vGko
8vMbjWZeYTlFInSzSyZZu0fP/4MvaoN2y0baUT2jDJLG0ChRDOos+nF7ujhVOR6X
0i7ucsrZqcexOjMYu54Yfe9o9u6o+PEP5WLCNpzxATbH4O7xzYu6HBGiB84POi37
F1+VHKP39NYYX3dwGfy580D7hqdk2T9TFqZprKB7LwoekQQD+rpBF7z7lZiaEeeX
yeENSuO626cRGr4B+JOHsjNUIxvfX1rKXEnU+VLDFfBU9epJwOSpg8JQR2C3AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUhM3goXtLunBd+wXIPedUSGPathswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQr
AwQAjxQxMA0GCSqGSIb3DQEBCwUAA4IBAQDZue1BBR1i7qBP11m6oc54ZpIQBYXK
s2M75j6W/SkC3ZLIH+lOpj318XCbTkhVmC6j6UI+vWt+CZ5R7lWkeRY1ScJXoUo9
m2JOCTrItC2jZ8Sf5kP7/QVqOE9P7rKrype5GpL/NL8BCqo5nNA8eZn66lCKJ3k5
KNej2WB3mudKC23vzCjbNnDaMsyeQrz7K+qFRszKP/VV7Ufce1Zegi2+nw3pTYlS
T6/Btd/7Yg159+5OfynIl5i4jMpTO+YXjYsDZgojepmZQErCGJfy7p5WBV9pFe5u
vzOvWIJrRJvzoH3m23iH8e85GeWjDKj1Abr1V2JVMWoVtX98QQYl6Bp6
-----END CERTIFICATE-----