Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213738.roa
File:                     AS213738.roa (raw, json)
Hash identifier:          Zjg1Z0eWsdtoE1H1wix/eW48AqEx9URZgYp/TNdeSUI=
Subject key identifier:   AA:31:A9:53:AF:D5:12:E7:66:56:A9:77:E6:F5:FC:5D:6F:35:34:DA
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5E72F5076288D20E26A8BEDA1B43D55CE884FF15
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213738.roa
Signing time:             Tue 12 Aug 2025 12:16:59 +0000
ROA not before:           Tue 12 Aug 2025 12:11:59 +0000
ROA not after:            Tue 11 Aug 2026 12:16:59 +0000
asID:                     213738
IP address blocks:        143.20.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:72:f5:07:62:88:d2:0e:26:a8:be:da:1b:43:d5:5c:e8:84:ff:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 12 12:11:59 2025 GMT
            Not After : Aug 11 12:16:59 2026 GMT
        Subject: CN=AA31A953AFD512E76656A977E6F5FC5D6F3534DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:70:70:20:1f:c4:52:a1:2c:6c:9b:ae:8f:20:
                    0a:3b:5c:b7:c7:1a:45:0d:98:82:a8:65:e0:29:21:
                    22:1e:e4:d2:2e:e9:32:e9:38:1e:5c:46:8d:75:7f:
                    a3:3c:49:12:35:2c:52:26:59:c5:f6:b1:04:f4:99:
                    c5:05:25:05:18:0f:59:1d:b3:30:d5:60:32:26:13:
                    f3:d7:18:ad:38:04:22:f2:da:22:1f:a9:21:dd:01:
                    1d:45:c7:45:bc:18:75:c9:86:e1:19:56:93:ca:14:
                    cc:91:71:92:5c:b8:56:4d:0a:9d:f9:da:32:f0:4e:
                    e5:d4:72:46:be:ae:d6:fb:68:91:40:2c:04:93:9f:
                    9b:ce:32:89:7b:cc:b3:6a:9c:6f:b2:55:e4:4d:04:
                    2c:e4:29:41:be:5d:88:a9:f7:69:36:f7:63:fe:e4:
                    d8:21:c8:81:b7:13:c0:27:d0:d0:e6:0b:0e:96:1d:
                    4b:10:db:11:88:9f:5c:ff:89:07:ec:45:c5:d6:4f:
                    26:ac:75:55:20:b3:b9:82:47:8f:7c:e4:0d:82:7a:
                    36:30:0c:ff:aa:ad:74:83:5d:27:d1:1c:8a:27:08:
                    cc:e4:e3:03:ff:a2:6e:ef:81:e4:41:71:65:e7:64:
                    78:fd:45:2d:e5:ba:f2:4a:e6:13:a7:47:52:18:8d:
                    fd:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:31:A9:53:AF:D5:12:E7:66:56:A9:77:E6:F5:FC:5D:6F:35:34:DA
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:64:a3:c9:0a:dd:82:69:d1:3c:34:f2:92:38:b4:33:7a:ed:
         92:46:68:48:5b:3e:9e:ec:b4:34:80:da:3a:51:19:c3:72:05:
         af:0b:3d:d3:e4:90:55:05:71:4a:c0:74:4b:63:e5:f4:69:6f:
         c5:15:d3:7c:d7:97:94:e0:8b:7e:81:aa:8a:f4:ae:e0:50:72:
         e4:e3:6e:39:a3:14:96:d7:c7:fc:0a:e5:96:74:b3:2c:15:44:
         74:09:61:e2:2d:52:bc:ff:7f:37:84:e9:29:cd:b1:a4:a6:c0:
         88:7a:aa:00:f1:21:bd:6d:30:79:23:d0:fd:2c:e7:e8:84:cc:
         8f:64:fb:da:5c:4e:f5:39:a6:fb:7b:4a:fc:95:da:90:0b:97:
         39:fb:09:8a:64:8c:24:c0:a4:e6:55:a6:a5:6a:71:e4:49:92:
         71:73:80:c3:ad:81:5f:c5:d1:54:1d:cb:59:11:59:23:85:42:
         0b:7b:67:16:b3:71:45:21:de:1c:f9:e9:fe:26:37:63:78:90:
         ca:56:96:8e:09:cc:55:ec:80:d6:52:ec:c3:dd:08:4b:71:0e:
         9a:04:6e:ad:5c:15:7a:2a:14:bb:a8:c1:fa:16:23:ce:32:55:
         6a:76:56:7c:88:05:b1:03:66:a3:59:61:94:3c:fa:9c:3b:aa:
         45:55:88:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXnL1B2KI0g4mqL7aG0PVXOiE/xUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MTIxMjExNTlaFw0yNjA4MTExMjE2NTlaMDMxMTAvBgNV
BAMTKEFBMzFBOTUzQUZENTEyRTc2NjU2QTk3N0U2RjVGQzVENkYzNTM0REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRcHAgH8RSoSxsm66PIAo7XLfH
GkUNmIKoZeApISIe5NIu6TLpOB5cRo11f6M8SRI1LFImWcX2sQT0mcUFJQUYD1kd
szDVYDImE/PXGK04BCLy2iIfqSHdAR1Fx0W8GHXJhuEZVpPKFMyRcZJcuFZNCp35
2jLwTuXUcka+rtb7aJFALASTn5vOMol7zLNqnG+yVeRNBCzkKUG+XYip92k292P+
5NghyIG3E8An0NDmCw6WHUsQ2xGIn1z/iQfsRcXWTyasdVUgs7mCR4985A2CejYw
DP+qrXSDXSfRHIonCMzk4wP/om7vgeRBcWXnZHj9RS3luvJK5hOnR1IYjf19AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqjGpU6/VEudmVql35vX8XW81NNowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEzNzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxT/
MA0GCSqGSIb3DQEBCwUAA4IBAQAzZKPJCt2CadE8NPKSOLQzeu2SRmhIWz6e7LQ0
gNo6URnDcgWvCz3T5JBVBXFKwHRLY+X0aW/FFdN815eU4It+gaqK9K7gUHLk4245
oxSW18f8CuWWdLMsFUR0CWHiLVK8/383hOkpzbGkpsCIeqoA8SG9bTB5I9D9LOfo
hMyPZPvaXE71Oab7e0r8ldqQC5c5+wmKZIwkwKTmVaalanHkSZJxc4DDrYFfxdFU
HctZEVkjhUILe2cWs3FFId4c+en+JjdjeJDKVpaOCcxV7IDWUuzD3QhLcQ6aBG6t
XBV6KhS7qMH6FiPOMlVqdlZ8iAWxA2ajWWGUPPqcO6pFVYhI
-----END CERTIFICATE-----