Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212384.roa
File:                     AS212384.roa (raw, json)
Hash identifier:          u9lOhgQU6qSdN6WOtNcgN9XezYY3fexj4d/BWwuBI0E=
Subject key identifier:   DF:70:45:02:84:CC:62:FC:DA:7E:CE:DC:D6:9A:D4:C0:42:EF:76:07
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       615D930593F4AC6B4B6BC3FC5C4E0BC34D7AACB7
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212384.roa
Signing time:             Thu 19 Jun 2025 13:27:06 +0000
ROA not before:           Thu 19 Jun 2025 13:22:06 +0000
ROA not after:            Thu 18 Jun 2026 13:27:06 +0000
asID:                     212384
IP address blocks:        143.20.4.0/24 maxlen: 24
                          143.20.51.0/24 maxlen: 24
                          143.20.126.0/24 maxlen: 24
                          143.20.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:5d:93:05:93:f4:ac:6b:4b:6b:c3:fc:5c:4e:0b:c3:4d:7a:ac:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 19 13:22:06 2025 GMT
            Not After : Jun 18 13:27:06 2026 GMT
        Subject: CN=DF70450284CC62FCDA7ECEDCD69AD4C042EF7607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:09:26:c2:2b:8a:a9:f9:5a:cc:02:91:d7:da:
                    0a:b3:66:e8:39:f7:1e:27:99:57:9c:61:98:03:cf:
                    c7:54:48:ea:cc:7d:b9:04:48:8f:b6:4f:c6:72:29:
                    1e:a9:2e:87:3c:ce:e0:0e:b9:08:fe:c1:fe:11:0b:
                    0c:06:83:f8:4b:16:9b:22:5c:e2:1d:ca:97:f4:bb:
                    ae:5d:48:cb:1b:41:10:4c:d7:ee:89:b7:53:d9:70:
                    45:4f:eb:4c:85:02:a8:74:02:95:c7:d3:ff:38:7d:
                    bc:fa:15:92:22:53:58:74:84:5b:d2:b0:0c:94:c0:
                    34:ef:7a:a0:96:6b:7a:c2:24:8c:9a:e3:d0:36:1b:
                    da:a8:18:c7:8c:f8:ff:bd:1d:b8:a1:da:8a:ad:16:
                    aa:d8:ae:08:1a:50:bc:51:28:0c:b9:e2:b3:d4:6e:
                    a6:67:6e:99:6b:09:aa:79:94:e9:36:d5:c4:58:f3:
                    aa:1c:09:3a:4c:11:22:c5:a7:77:d4:cf:72:74:a9:
                    23:eb:b7:28:f0:ab:1d:c6:e9:94:ae:3c:ea:04:45:
                    67:0e:56:b5:fd:7d:86:79:a7:cb:d6:28:a3:ff:ac:
                    93:58:78:00:f4:30:5e:bc:1f:13:ce:0f:81:97:40:
                    4d:1f:98:a5:e9:67:7e:22:54:11:cc:9c:ab:a6:ad:
                    5b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:70:45:02:84:CC:62:FC:DA:7E:CE:DC:D6:9A:D4:C0:42:EF:76:07
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212384.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.4.0/24
                  143.20.51.0/24
                  143.20.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:f0:f0:f6:87:4c:ec:8f:47:a4:58:3f:56:ad:04:a2:33:ed:
         f5:0b:9c:a6:1d:ec:25:88:48:10:d8:78:4e:cf:69:cb:f2:11:
         b8:eb:2d:e1:8f:56:d1:7c:48:7f:f8:3a:ff:fa:ba:a2:d5:e0:
         59:54:88:23:92:8f:c6:69:ff:e9:f0:34:34:1b:c6:c2:c5:f4:
         a4:48:f2:da:7a:db:aa:02:be:75:6c:a2:62:78:50:dd:3d:d9:
         0d:01:30:b1:65:f2:71:38:de:2f:94:c1:8e:67:33:2f:02:ac:
         66:33:a0:96:80:40:c2:5c:d1:bf:94:b1:d2:00:47:06:0f:bc:
         c8:cc:4b:7e:bf:f9:81:df:90:22:e2:ae:dc:5d:53:e6:59:d0:
         c4:b5:ad:af:9c:50:9d:b7:44:bd:d3:f0:29:4c:c6:b5:3c:e0:
         ec:b9:3a:0c:d2:e4:81:db:97:09:47:9b:e9:41:e9:ec:c5:db:
         3e:90:5f:e9:cb:40:d5:0f:36:bc:86:4a:2e:5f:2a:d3:02:c6:
         8b:e1:c8:f7:77:6a:a1:23:c6:59:79:d9:f7:80:43:a5:6d:06:
         20:59:fa:09:d3:31:a9:1b:15:ed:40:a0:17:68:97:6d:ef:63:
         33:87:30:ba:12:48:ac:cd:3b:8c:7b:a3:e0:f0:7d:f4:fc:c7:
         be:08:e5:e5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUYV2TBZP0rGtLa8P8XE4Lw016rLcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTkxMzIyMDZaFw0yNjA2MTgxMzI3MDZaMDMxMTAvBgNV
BAMTKERGNzA0NTAyODRDQzYyRkNEQTdFQ0VEQ0Q2OUFENEMwNDJFRjc2MDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiCSbCK4qp+VrMApHX2gqzZug5
9x4nmVecYZgDz8dUSOrMfbkESI+2T8ZyKR6pLoc8zuAOuQj+wf4RCwwGg/hLFpsi
XOIdypf0u65dSMsbQRBM1+6Jt1PZcEVP60yFAqh0ApXH0/84fbz6FZIiU1h0hFvS
sAyUwDTveqCWa3rCJIya49A2G9qoGMeM+P+9Hbih2oqtFqrYrggaULxRKAy54rPU
bqZnbplrCap5lOk21cRY86ocCTpMESLFp3fUz3J0qSPrtyjwqx3G6ZSuPOoERWcO
VrX9fYZ5p8vWKKP/rJNYeAD0MF68HxPOD4GXQE0fmKXpZ34iVBHMnKumrVu9AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU33BFAoTMYvzafs7c1prUwELvdgcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEyMzg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxQE
AwQAjxQzAwQBjxR+MA0GCSqGSIb3DQEBCwUAA4IBAQC58PD2h0zsj0ekWD9WrQSi
M+31C5ymHewliEgQ2HhOz2nL8hG46y3hj1bRfEh/+Dr/+rqi1eBZVIgjko/Gaf/p
8DQ0G8bCxfSkSPLaetuqAr51bKJieFDdPdkNATCxZfJxON4vlMGOZzMvAqxmM6CW
gEDCXNG/lLHSAEcGD7zIzEt+v/mB35Ai4q7cXVPmWdDEta2vnFCdt0S90/ApTMa1
PODsuToM0uSB25cJR5vpQensxds+kF/py0DVDza8hkouXyrTAsaL4cj3d2qhI8ZZ
edn3gEOlbQYgWfoJ0zGpGxXtQKAXaJdt72MzhzC6EkiszTuMe6Pg8H30/Me+COXl
-----END CERTIFICATE-----