Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214402.roa
File:                     AS214402.roa (raw, json)
Hash identifier:          h3co/v9KPGAdCPrLvRuEHRaC3jpFFwV09LTrKr6qLBQ=
Subject key identifier:   02:E7:62:32:21:C2:0F:2A:61:5B:A8:BC:A9:B9:A5:8D:52:A5:6F:1E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       603223DC0BF75DE40EE0555B861E9778DBB5AD2A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214402.roa
Signing time:             Wed 18 Jun 2025 16:44:16 +0000
ROA not before:           Wed 18 Jun 2025 16:39:16 +0000
ROA not after:            Wed 17 Jun 2026 16:44:16 +0000
asID:                     214402
IP address blocks:        143.20.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:32:23:dc:0b:f7:5d:e4:0e:e0:55:5b:86:1e:97:78:db:b5:ad:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 18 16:39:16 2025 GMT
            Not After : Jun 17 16:44:16 2026 GMT
        Subject: CN=02E7623221C20F2A615BA8BCA9B9A58D52A56F1E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:03:d0:5a:70:20:f0:bc:c8:9b:89:8b:8b:16:
                    ac:80:37:50:45:b1:93:88:69:87:f8:76:d9:a1:4a:
                    fa:80:4a:bc:33:4d:61:4e:a1:74:4e:b3:ac:09:4f:
                    84:b2:ce:e4:98:55:da:09:6f:2a:54:ad:fe:b5:6b:
                    e7:46:3b:2b:35:bf:5c:6c:f6:c8:33:50:80:7e:f4:
                    55:42:80:11:40:cd:e5:b2:3b:a4:7a:1a:4a:59:f2:
                    1c:0a:a8:e1:b3:ed:5e:2a:ec:88:a2:be:b2:49:c9:
                    0b:55:a0:94:12:0d:74:35:03:2c:45:9d:bc:25:c9:
                    88:a9:2d:61:2d:04:a9:c8:cd:8e:de:f2:60:39:0b:
                    d7:38:e9:49:b4:49:b9:87:8c:61:00:cc:53:18:92:
                    ca:50:51:d6:6e:c1:5b:2a:63:5b:ff:26:b6:4e:f0:
                    e1:55:96:5e:f1:b3:85:76:30:00:19:fe:0b:0c:31:
                    5e:b4:c2:dc:27:80:19:15:db:ee:37:1d:89:c2:46:
                    cd:01:53:ab:b6:7a:a5:16:4b:f2:c2:d8:6e:03:86:
                    89:f1:fe:6b:36:b8:8b:06:fa:d0:41:93:3f:cc:d6:
                    f6:2d:09:2c:14:35:77:8b:0e:db:79:8c:8d:2a:70:
                    1f:1e:19:16:43:36:61:90:e5:aa:d7:70:fb:67:5c:
                    c1:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E7:62:32:21:C2:0F:2A:61:5B:A8:BC:A9:B9:A5:8D:52:A5:6F:1E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:27:74:b7:2a:39:ff:ff:7a:d8:37:52:38:6a:99:f3:92:aa:
         0a:19:ae:a8:28:59:9e:08:f0:48:b8:24:d9:2e:d3:e2:15:73:
         ca:48:42:bb:db:ce:26:67:43:8e:e8:3e:c1:3d:a1:67:7d:da:
         cc:8f:30:2d:e3:a8:a4:67:07:17:bc:37:ce:b3:da:2c:d4:eb:
         91:4d:0c:90:94:dd:28:57:5a:e6:c2:f8:2d:91:5a:1c:99:20:
         d3:3b:0b:08:b2:53:1b:6a:79:24:ce:d1:d1:0a:c9:e5:58:6e:
         1f:7a:05:50:d8:10:57:65:97:24:c4:f1:1b:76:78:fa:d8:29:
         5e:e9:e9:b5:7f:46:62:79:25:15:a7:ed:2c:28:ae:2b:5f:e5:
         db:ea:e6:89:22:54:a7:5f:7e:66:35:60:14:04:41:7b:1b:40:
         d9:6b:fa:5a:0a:ec:92:f2:be:be:52:1f:37:6a:e2:e3:bb:9e:
         25:96:97:b9:66:bb:52:2e:bc:ac:5b:60:62:3e:9c:6d:db:71:
         5a:7c:0d:75:f6:b5:ac:dd:87:e2:ca:21:f0:96:84:11:b3:0e:
         1c:83:e8:16:27:c5:f7:4c:9d:3a:b9:3b:97:94:67:51:ae:07:
         9b:44:48:7a:1c:91:e0:ed:a9:47:4d:c2:03:d7:a8:df:c0:01:
         76:0e:62:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYDIj3Av3XeQO4FVbhh6XeNu1rSowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTgxNjM5MTZaFw0yNjA2MTcxNjQ0MTZaMDMxMTAvBgNV
BAMTKDAyRTc2MjMyMjFDMjBGMkE2MTVCQThCQ0E5QjlBNThENTJBNTZGMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5A9BacCDwvMibiYuLFqyAN1BF
sZOIaYf4dtmhSvqASrwzTWFOoXROs6wJT4SyzuSYVdoJbypUrf61a+dGOys1v1xs
9sgzUIB+9FVCgBFAzeWyO6R6GkpZ8hwKqOGz7V4q7IiivrJJyQtVoJQSDXQ1AyxF
nbwlyYipLWEtBKnIzY7e8mA5C9c46Um0SbmHjGEAzFMYkspQUdZuwVsqY1v/JrZO
8OFVll7xs4V2MAAZ/gsMMV60wtwngBkV2+43HYnCRs0BU6u2eqUWS/LC2G4Dhonx
/ms2uIsG+tBBkz/M1vYtCSwUNXeLDtt5jI0qcB8eGRZDNmGQ5arXcPtnXMGLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAudiMiHCDyphW6i8qbmljVKlbx4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQK
MA0GCSqGSIb3DQEBCwUAA4IBAQBhJ3S3Kjn//3rYN1I4apnzkqoKGa6oKFmeCPBI
uCTZLtPiFXPKSEK7284mZ0OO6D7BPaFnfdrMjzAt46ikZwcXvDfOs9os1OuRTQyQ
lN0oV1rmwvgtkVocmSDTOwsIslMbankkztHRCsnlWG4fegVQ2BBXZZckxPEbdnj6
2Cle6em1f0ZieSUVp+0sKK4rX+Xb6uaJIlSnX35mNWAUBEF7G0DZa/paCuyS8r6+
Uh83auLju54llpe5ZrtSLrysW2BiPpxt23FafA119rWs3YfiyiHwloQRsw4cg+gW
J8X3TJ06uTuXlGdRrgebREh6HJHg7alHTcID16jfwAF2DmIS
-----END CERTIFICATE-----