Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213920.roa
File:                     AS213920.roa (raw, json)
Hash identifier:          EIlobh33hAJrpkmSPOB2ltOOhfA0RPnSCzop6uzqiGo=
Subject key identifier:   85:63:07:C5:99:F5:B6:1E:8A:8F:F3:79:39:3D:4A:5C:89:C6:41:D8
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6EDE6B1308AC40111EDF688FE1010EF138FF253D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213920.roa
Signing time:             Thu 07 May 2026 17:47:11 +0000
ROA not before:           Thu 07 May 2026 17:42:11 +0000
ROA not after:            Thu 06 May 2027 17:47:11 +0000
asID:                     213920
IP address blocks:        143.20.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:de:6b:13:08:ac:40:11:1e:df:68:8f:e1:01:0e:f1:38:ff:25:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  7 17:42:11 2026 GMT
            Not After : May  6 17:47:11 2027 GMT
        Subject: CN=856307C599F5B61E8A8FF379393D4A5C89C641D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:64:59:b7:c0:c9:c1:51:0c:62:e0:bc:0b:1d:
                    3b:75:29:82:1f:49:3b:56:44:3c:f4:58:48:df:61:
                    c0:07:9d:a5:fd:cb:26:93:05:4a:c0:0e:41:91:4c:
                    e4:7e:15:0a:c5:57:ac:cf:ab:41:ef:ee:9d:59:22:
                    b1:ef:26:3d:88:59:04:46:e1:f6:d1:37:54:b3:d4:
                    3a:6f:88:9c:69:7a:ec:44:c1:89:a4:58:6c:0a:dd:
                    c1:06:79:f3:b4:87:13:44:69:a5:cc:ec:03:b8:08:
                    7f:94:86:3f:b5:e8:87:d5:ba:8a:8e:71:4c:fd:3e:
                    83:07:6b:01:66:55:1b:78:99:ff:12:35:89:c1:1d:
                    6a:a0:88:15:ca:e8:61:51:e6:f7:a8:30:91:4b:6f:
                    71:81:b4:92:3b:a4:54:77:9a:09:ba:e7:d9:f1:4b:
                    88:08:32:70:06:d8:dd:0e:82:de:88:a5:94:f3:29:
                    21:9e:36:60:fd:71:b6:01:91:27:73:17:f7:77:f7:
                    95:16:cc:e0:01:56:b5:4a:a1:28:19:a2:27:ff:81:
                    af:6c:e3:44:26:24:15:b8:66:84:bd:6d:1b:a8:d1:
                    01:98:e4:21:6a:13:3f:fd:be:f6:3d:d3:1d:a8:9f:
                    a8:10:e0:49:a3:db:b8:11:0e:a2:f1:f6:f6:11:4c:
                    f5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:63:07:C5:99:F5:B6:1E:8A:8F:F3:79:39:3D:4A:5C:89:C6:41:D8
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213920.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:b9:b4:a8:09:24:df:29:7b:76:f8:b5:79:61:9c:99:ec:a1:
         2f:cf:f9:d7:fa:9a:16:99:ad:41:fe:9b:ba:d9:6f:d8:0b:76:
         fe:81:7f:e6:9c:da:5b:bb:4f:76:84:43:98:b5:9b:81:b3:d5:
         2b:4b:b4:7f:42:00:ed:82:a4:79:0d:d8:44:29:10:46:d2:cd:
         46:64:23:02:c1:eb:88:4e:c0:b4:33:86:1f:49:f0:ba:77:53:
         01:14:e9:e9:4e:11:4b:3e:df:cb:39:e0:ab:f9:20:92:e3:ab:
         1e:60:13:42:d6:85:86:a2:21:dc:bc:bf:48:40:15:3a:86:f8:
         ef:ba:fc:8c:5e:fc:98:a9:1a:ac:ea:6d:6e:f8:f8:54:b9:43:
         60:be:60:d2:06:81:2f:a4:97:3e:36:f4:47:b1:3e:46:9e:88:
         50:c3:fb:23:89:87:7e:35:1e:f6:1f:0a:b0:58:6f:22:48:36:
         de:22:de:92:5b:3c:d3:e2:e0:f9:ba:e6:d0:6a:0b:62:7c:f6:
         91:d8:40:ae:7f:4d:d9:93:9b:c7:34:b2:34:fb:29:35:2f:9c:
         48:e6:eb:d8:e1:64:06:6a:8e:f4:ae:f1:d3:ac:1f:44:2e:cc:
         16:ba:6d:c7:d8:6d:ba:e2:06:ed:1f:ed:49:45:5e:02:11:b5:
         d5:46:12:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbt5rEwisQBEe32iP4QEO8Tj/JT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MDcxNzQyMTFaFw0yNzA1MDYxNzQ3MTFaMDMxMTAvBgNV
BAMTKDg1NjMwN0M1OTlGNUI2MUU4QThGRjM3OTM5M0Q0QTVDODlDNjQxRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYZFm3wMnBUQxi4LwLHTt1KYIf
STtWRDz0WEjfYcAHnaX9yyaTBUrADkGRTOR+FQrFV6zPq0Hv7p1ZIrHvJj2IWQRG
4fbRN1Sz1DpviJxpeuxEwYmkWGwK3cEGefO0hxNEaaXM7AO4CH+Uhj+16IfVuoqO
cUz9PoMHawFmVRt4mf8SNYnBHWqgiBXK6GFR5veoMJFLb3GBtJI7pFR3mgm659nx
S4gIMnAG2N0Ogt6IpZTzKSGeNmD9cbYBkSdzF/d395UWzOABVrVKoSgZoif/ga9s
40QmJBW4ZoS9bRuo0QGY5CFqEz/9vvY90x2on6gQ4Emj27gRDqLx9vYRTPWDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhWMHxZn1th6Kj/N5OT1KXInGQdgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEzOTIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQA
MA0GCSqGSIb3DQEBCwUAA4IBAQCcubSoCSTfKXt2+LV5YZyZ7KEvz/nX+poWma1B
/pu62W/YC3b+gX/mnNpbu092hEOYtZuBs9UrS7R/QgDtgqR5DdhEKRBG0s1GZCMC
weuITsC0M4YfSfC6d1MBFOnpThFLPt/LOeCr+SCS46seYBNC1oWGoiHcvL9IQBU6
hvjvuvyMXvyYqRqs6m1u+PhUuUNgvmDSBoEvpJc+NvRHsT5GnohQw/sjiYd+NR72
HwqwWG8iSDbeIt6SWzzT4uD5uubQagtifPaR2ECuf03Zk5vHNLI0+yk1L5xI5uvY
4WQGao70rvHTrB9ELswWum3H2G264gbtH+1JRV4CEbXVRhKB
-----END CERTIFICATE-----