Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212969.roa
File:                     AS212969.roa (raw, json)
Hash identifier:          3beMg2BUYgwWhgAQOlOd/EIEno/PJJacuq7bs9Vc+a8=
Subject key identifier:   34:32:88:8A:6E:5B:FF:DD:7C:34:8F:42:65:94:A0:FE:7F:5A:36:8C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7D3604DD9E8FF6B69082E6DDB09E009F2A5D288A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212969.roa
Signing time:             Thu 19 Jun 2025 17:16:04 +0000
ROA not before:           Thu 19 Jun 2025 17:11:04 +0000
ROA not after:            Thu 18 Jun 2026 17:16:04 +0000
asID:                     212969
IP address blocks:        143.20.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:36:04:dd:9e:8f:f6:b6:90:82:e6:dd:b0:9e:00:9f:2a:5d:28:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 19 17:11:04 2025 GMT
            Not After : Jun 18 17:16:04 2026 GMT
        Subject: CN=3432888A6E5BFFDD7C348F426594A0FE7F5A368C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:66:22:cf:e4:42:48:39:bf:ca:e0:42:72:0f:
                    c6:51:1e:53:e1:55:c8:04:03:9d:03:c9:3d:46:74:
                    72:55:ab:c6:2d:78:f0:bd:0d:3f:f5:0f:d5:be:c3:
                    c9:81:d0:f4:35:71:fa:44:cd:13:20:16:3f:93:3e:
                    28:e1:5e:34:93:45:49:33:83:a6:28:fb:c5:60:a2:
                    82:c8:04:32:1e:b2:63:68:13:75:94:9a:44:f5:34:
                    59:08:3c:f5:a1:b7:3e:a7:91:83:04:61:73:b1:f3:
                    5f:b6:ed:94:e2:6b:35:27:e7:cb:36:5d:69:35:b7:
                    b6:0e:b4:d9:26:27:b0:c1:a2:31:57:e1:86:0f:18:
                    a6:d5:de:68:13:d8:33:ca:a7:e4:25:8a:75:77:e5:
                    8e:19:7e:f0:64:19:53:c7:c3:88:ed:97:18:2e:9e:
                    4e:2e:75:ba:f9:6a:ba:a7:33:d1:57:fd:96:56:67:
                    69:b5:8c:2c:a1:c0:b8:2e:6f:ea:15:dd:33:79:36:
                    6f:51:42:23:e5:ce:c3:ad:12:0b:e0:35:35:ff:d9:
                    0a:fc:40:7d:df:72:be:86:11:aa:7b:06:a8:be:82:
                    fa:c6:76:c5:fe:a2:ab:bc:de:f5:36:f7:f3:fc:09:
                    26:5a:8a:cd:23:fa:d5:74:e1:10:7b:22:6d:98:ca:
                    b4:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:32:88:8A:6E:5B:FF:DD:7C:34:8F:42:65:94:A0:FE:7F:5A:36:8C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212969.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:38:78:08:5c:2a:ca:0a:ed:e7:6f:d8:bd:23:7e:f2:63:91:
         9a:6a:dd:4a:d6:18:3a:93:51:c7:c5:17:f5:fd:f9:1b:a6:06:
         80:04:83:d6:0f:aa:69:7e:db:f9:cd:2a:d6:50:d5:4a:42:a0:
         72:97:04:a9:25:5f:eb:64:7f:55:39:4c:5c:ee:55:cd:fe:2e:
         bd:17:60:6d:86:d9:7b:d9:44:db:90:bf:d2:eb:e7:4e:df:76:
         73:d9:c8:26:c7:64:93:08:87:9d:99:e5:e5:98:1d:8f:15:ec:
         15:a4:b1:e9:3e:49:98:ea:84:83:f9:4a:99:32:05:bc:2c:b1:
         c0:23:70:37:2a:c5:09:a8:22:4a:11:fd:5b:2e:a6:5a:a2:3f:
         0a:50:f3:83:08:ab:e7:e5:be:6a:f8:10:99:61:dc:9d:b0:e9:
         0e:06:56:63:db:85:82:07:b9:aa:dc:d9:6f:74:5b:16:5f:0c:
         5e:4f:65:6e:31:d2:ff:41:e8:53:e2:0a:3e:ae:41:0d:2c:30:
         32:0c:1f:6d:81:0d:1f:08:04:ea:38:27:11:30:3f:f5:4d:bd:
         d4:bb:77:50:ec:c5:86:73:46:72:0e:4e:7d:92:77:15:3f:70:
         38:b0:ff:7f:aa:9d:10:21:f2:dc:72:a3:fa:c7:01:d7:7c:04:
         46:6e:7b:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfTYE3Z6P9raQgubdsJ4AnypdKIowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTkxNzExMDRaFw0yNjA2MTgxNzE2MDRaMDMxMTAvBgNV
BAMTKDM0MzI4ODhBNkU1QkZGREQ3QzM0OEY0MjY1OTRBMEZFN0Y1QTM2OEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChZiLP5EJIOb/K4EJyD8ZRHlPh
VcgEA50DyT1GdHJVq8YtePC9DT/1D9W+w8mB0PQ1cfpEzRMgFj+TPijhXjSTRUkz
g6Yo+8VgooLIBDIesmNoE3WUmkT1NFkIPPWhtz6nkYMEYXOx81+27ZTiazUn58s2
XWk1t7YOtNkmJ7DBojFX4YYPGKbV3mgT2DPKp+QlinV35Y4ZfvBkGVPHw4jtlxgu
nk4udbr5arqnM9FX/ZZWZ2m1jCyhwLgub+oV3TN5Nm9RQiPlzsOtEgvgNTX/2Qr8
QH3fcr6GEap7Bqi+gvrGdsX+oqu83vU29/P8CSZais0j+tV04RB7Im2YyrS3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNDKIim5b/918NI9CZZSg/n9aNowwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEyOTY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQB
MA0GCSqGSIb3DQEBCwUAA4IBAQBJOHgIXCrKCu3nb9i9I37yY5Gaat1K1hg6k1HH
xRf1/fkbpgaABIPWD6ppftv5zSrWUNVKQqBylwSpJV/rZH9VOUxc7lXN/i69F2Bt
htl72UTbkL/S6+dO33Zz2cgmx2STCIedmeXlmB2PFewVpLHpPkmY6oSD+UqZMgW8
LLHAI3A3KsUJqCJKEf1bLqZaoj8KUPODCKvn5b5q+BCZYdydsOkOBlZj24WCB7mq
3NlvdFsWXwxeT2VuMdL/QehT4go+rkENLDAyDB9tgQ0fCATqOCcRMD/1Tb3Uu3dQ
7MWGc0ZyDk59kncVP3A4sP9/qp0QIfLccqP6xwHXfARGbntn
-----END CERTIFICATE-----