Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214209.roa
File:                     AS214209.roa (raw, json)
Hash identifier:          1CBD9uHBiVs72sqkdHgL0c+eP3mWWCVDIJkECnSfns0=
Subject key identifier:   51:83:84:A5:0F:76:74:48:38:95:60:14:47:9D:EE:22:89:B9:03:ED
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1BC494C67134A605AA1B5B5BA7D10ACC3247DB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214209.roa
Signing time:             Sun 05 Oct 2025 15:41:11 +0000
ROA not before:           Sun 05 Oct 2025 15:36:11 +0000
ROA not after:            Sun 04 Oct 2026 15:41:11 +0000
asID:                     214209
IP address blocks:        143.20.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:c4:94:c6:71:34:a6:05:aa:1b:5b:5b:a7:d1:0a:cc:32:47:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct  5 15:36:11 2025 GMT
            Not After : Oct  4 15:41:11 2026 GMT
        Subject: CN=518384A50F76744838956014479DEE2289B903ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:40:96:d2:0e:80:10:46:0f:f0:19:34:75:5f:
                    66:ac:f3:30:8b:a5:70:1f:e7:d0:1c:e7:2f:a4:d7:
                    dd:81:93:2b:72:f9:ff:d6:1a:ac:7d:59:df:ad:55:
                    29:55:11:27:eb:8a:47:ba:03:84:e0:23:b3:24:ca:
                    99:e1:8a:34:97:82:b7:48:3a:51:28:f8:d1:0c:4e:
                    2e:cf:75:91:17:ba:63:c3:00:d0:2f:c1:40:52:01:
                    4b:73:71:f3:53:17:b6:d9:59:11:04:8f:c9:38:f5:
                    86:42:54:b4:c2:dc:2c:96:b6:0b:5c:a2:56:23:f6:
                    d6:9a:d1:7c:06:41:27:ec:8b:56:cf:c6:bb:3c:00:
                    f4:b2:a5:f5:ee:62:39:51:cd:b7:60:2e:7f:f3:14:
                    ab:78:86:b4:87:f4:95:d8:05:82:9e:75:5c:e0:d2:
                    94:21:8f:ac:29:48:d3:ac:a5:96:0d:5b:6c:d7:80:
                    d4:4b:c4:1e:a9:b9:88:48:1c:b5:eb:71:e9:18:5d:
                    12:62:14:4e:bd:2c:84:b3:8b:bc:e2:49:7d:82:64:
                    c9:f6:04:ca:af:c7:47:8c:bb:5a:bb:d9:65:b5:21:
                    9b:df:10:05:3b:18:37:86:b4:94:57:5b:38:a8:c6:
                    6f:91:60:17:d9:c0:62:73:ad:37:e8:60:d5:ed:62:
                    f9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:83:84:A5:0F:76:74:48:38:95:60:14:47:9D:EE:22:89:B9:03:ED
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214209.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:8f:f8:c3:23:27:ae:39:bd:0e:2d:4f:5d:ff:6f:5b:45:c6:
         c7:0e:42:c7:30:f3:b9:00:c6:78:4f:b6:45:ef:5b:9e:cf:6c:
         16:5f:95:44:ab:c2:79:26:b5:f6:60:e8:84:73:0e:8b:d4:e0:
         52:82:22:bb:84:9b:a3:5d:cf:74:87:f0:38:2c:9f:c8:11:c2:
         47:58:e5:3c:40:91:35:0f:58:7f:ba:65:86:dc:72:15:e4:dc:
         14:2d:a7:14:87:9f:ed:56:52:10:90:cd:90:a7:38:5a:8a:4f:
         9b:c7:88:eb:84:d9:ad:5f:ef:7e:3c:64:50:c4:ea:a7:11:80:
         b3:23:f1:b6:8a:2a:eb:c9:94:4f:47:87:3a:52:f6:33:06:e7:
         65:a5:33:c9:1f:c2:dd:b5:7b:5f:3c:92:12:bc:dd:60:e0:a8:
         45:be:19:2f:a0:90:5f:dd:5a:66:5e:dd:b1:f9:57:5a:6b:98:
         3f:74:6d:e6:03:49:22:17:1c:b9:e1:6d:06:c8:2a:d7:c3:b2:
         b4:1a:fc:c2:69:2f:b0:35:22:d4:14:3e:66:82:95:28:0d:fb:
         62:8d:db:80:ee:eb:f5:5c:cb:45:53:be:ac:25:89:02:9d:99:
         d4:b9:62:5e:b1:53:84:88:56:62:19:3d:ac:28:21:b4:0b:e7:
         ea:ae:f1:6a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgITG8SUxnE0pgWqG1tbp9EKzDJH2zANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg4OGMxNGVjMDJhZGJmMDgzMTM4ZWRkZDQ3ODcxMTc2ZGRl
YjkzZDlkMB4XDTI1MTAwNTE1MzYxMVoXDTI2MTAwNDE1NDExMVowMzExMC8GA1UE
AxMoNTE4Mzg0QTUwRjc2NzQ0ODM4OTU2MDE0NDc5REVFMjI4OUI5MDNFRDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALFAltIOgBBGD/AZNHVfZqzzMIul
cB/n0BznL6TX3YGTK3L5/9YarH1Z361VKVURJ+uKR7oDhOAjsyTKmeGKNJeCt0g6
USj40QxOLs91kRe6Y8MA0C/BQFIBS3Nx81MXttlZEQSPyTj1hkJUtMLcLJa2C1yi
ViP21prRfAZBJ+yLVs/GuzwA9LKl9e5iOVHNt2Auf/MUq3iGtIf0ldgFgp51XODS
lCGPrClI06yllg1bbNeA1EvEHqm5iEgctetx6RhdEmIUTr0shLOLvOJJfYJkyfYE
yq/HR4y7WrvZZbUhm98QBTsYN4a0lFdbOKjGb5FgF9nAYnOtN+hg1e1i+fECAwEA
AaOCAgowggIGMB0GA1UdDgQWBBRRg4SlD3Z0SDiVYBRHne4iibkD7TAfBgNVHSME
GDAWgBSIwU7AKtvwgxOO3dR4cRdt3rk9nTAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS9jNDA5ZDdiMi1lZTY0LTQ5ZjEtYWQ4MS04ZTRhMTA3ZDYy
ZTAvMC84OEMxNEVDMDJBREJGMDgzMTM4RURERDQ3ODcxMTc2RERFQjkzRDlELmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvaU1GT3dDcmI4SU1UanQzVWVIRVhiZDY1
UFowLmNlcjB7BggrBgEFBQcBCwRvMG0wawYIKwYBBQUHMAuGX3JzeW5jOi8vcnN5
bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00
OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvQVMyMTQyMDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFLkw
DQYJKoZIhvcNAQELBQADggEBACaP+MMjJ645vQ4tT13/b1tFxscOQscw87kAxnhP
tkXvW57PbBZflUSrwnkmtfZg6IRzDovU4FKCIruEm6Ndz3SH8Dgsn8gRwkdY5TxA
kTUPWH+6ZYbcchXk3BQtpxSHn+1WUhCQzZCnOFqKT5vHiOuE2a1f7348ZFDE6qcR
gLMj8baKKuvJlE9HhzpS9jMG52WlM8kfwt21e188khK83WDgqEW+GS+gkF/dWmZe
3bH5V1prmD90beYDSSIXHLnhbQbIKtfDsrQa/MJpL7A1ItQUPmaClSgN+2KN24Du
6/Vcy0VTvqwliQKdmdS5Yl6xU4SIVmIZPawoIbQL5+qu8Wo=
-----END CERTIFICATE-----