Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          gsLBOI4zyjX/7GZLAFYEHxBIrUYzVRbMSxYSdyn2SUI=
Subject key identifier:   D2:17:04:A7:8C:53:86:B9:B9:0E:48:EF:25:C1:51:1D:EF:D7:95:B4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1DCCBAC2996FADF43BCA96EA255A24B7B47E36C7
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214432.roa
Signing time:             Tue 17 Jun 2025 02:39:29 +0000
ROA not before:           Tue 17 Jun 2025 02:34:29 +0000
ROA not after:            Tue 16 Jun 2026 02:39:29 +0000
asID:                     214432
IP address blocks:        143.20.11.0/24 maxlen: 24
                          143.20.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:cc:ba:c2:99:6f:ad:f4:3b:ca:96:ea:25:5a:24:b7:b4:7e:36:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 17 02:34:29 2025 GMT
            Not After : Jun 16 02:39:29 2026 GMT
        Subject: CN=D21704A78C5386B9B90E48EF25C1511DEFD795B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0e:e5:cb:3a:9f:58:3e:70:b8:9a:f4:fb:a0:
                    a7:cd:83:7d:e6:bf:17:6a:e7:2a:43:b2:f0:14:7f:
                    90:c5:d7:df:50:a1:c1:cc:2d:14:3a:a9:78:ce:79:
                    73:76:f9:3b:89:3d:61:eb:b2:63:43:04:38:57:8b:
                    e0:e3:92:c7:a8:90:c0:58:a0:02:ae:cc:a6:d7:a2:
                    53:89:0d:81:76:90:f1:9b:88:04:a9:50:87:33:a2:
                    b5:15:68:9b:45:13:44:fb:cf:72:7d:89:49:5b:4f:
                    f0:49:7a:28:2b:a1:37:43:47:3d:f5:6c:91:48:3e:
                    75:01:a8:30:1b:bd:cb:78:cf:52:e3:e6:2d:8b:b3:
                    cf:c7:ae:f7:db:8f:98:d2:f3:6c:8a:b4:c7:54:7e:
                    dd:96:12:67:8e:48:51:ed:2b:d6:d8:b0:93:73:dd:
                    55:63:d5:8d:01:a1:87:d3:dd:0d:1a:18:86:df:0f:
                    ce:ad:89:04:2d:32:d6:e0:0e:6b:df:27:82:b8:eb:
                    a3:0e:4f:f8:d9:b1:21:b0:f2:79:7f:3d:02:67:a4:
                    36:c2:1a:43:3f:08:83:0d:1f:96:b5:62:90:e3:61:
                    78:e2:50:2c:c7:c9:60:a3:af:72:78:ea:3e:78:8e:
                    03:de:74:1f:3f:e9:e0:9f:bd:eb:55:09:22:0a:ca:
                    c7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:17:04:A7:8C:53:86:B9:B9:0E:48:EF:25:C1:51:1D:EF:D7:95:B4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.11.0/24
                  143.20.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:a3:5a:e5:3e:b3:45:b2:d2:ba:e9:8c:f2:1d:ec:cf:20:73:
         ce:aa:06:a2:28:95:60:34:a4:58:e0:13:72:c1:89:b2:1c:3c:
         db:58:2b:28:b3:cb:0b:ab:0a:96:af:e6:e7:e6:99:31:30:d9:
         95:3f:32:ef:8f:6c:cc:ad:53:a4:6b:50:92:20:e7:73:a3:6a:
         20:9c:3c:87:8e:8d:2c:61:43:a0:b8:f1:3c:f4:6e:b6:30:23:
         9b:22:f9:e9:b5:fc:4b:b8:b5:83:60:4b:b9:33:ed:5d:89:4c:
         41:a9:42:21:69:4e:a0:f0:4f:6c:a3:7d:af:bd:c8:ba:c3:89:
         6e:2c:1a:ff:dd:59:31:57:fd:18:c1:ad:12:1b:24:dc:0a:12:
         de:42:19:eb:65:be:d3:27:2a:b9:5b:56:58:02:c7:54:de:48:
         c5:31:db:a4:c9:29:f0:cd:29:c5:3f:c0:02:ee:d6:41:d2:fe:
         da:40:67:56:de:d5:6d:cc:1f:39:c5:e4:5a:72:b5:51:87:51:
         ab:f4:b7:12:11:14:46:ad:c6:5d:9e:a8:ea:5b:64:63:74:ba:
         31:07:f9:d4:a5:f1:f0:2a:20:13:dd:ef:52:49:c2:b6:18:f4:
         3e:71:80:6f:33:ed:d4:5f:56:84:63:e5:c3:26:2a:d6:83:44:
         0f:ed:25:6a
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUHcy6wplvrfQ7ypbqJVokt7R+NscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTcwMjM0MjlaFw0yNjA2MTYwMjM5MjlaMDMxMTAvBgNV
BAMTKEQyMTcwNEE3OEM1Mzg2QjlCOTBFNDhFRjI1QzE1MTFERUZENzk1QjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DuXLOp9YPnC4mvT7oKfNg33m
vxdq5ypDsvAUf5DF199QocHMLRQ6qXjOeXN2+TuJPWHrsmNDBDhXi+DjkseokMBY
oAKuzKbXolOJDYF2kPGbiASpUIczorUVaJtFE0T7z3J9iUlbT/BJeigroTdDRz31
bJFIPnUBqDAbvct4z1Lj5i2Ls8/Hrvfbj5jS82yKtMdUft2WEmeOSFHtK9bYsJNz
3VVj1Y0BoYfT3Q0aGIbfD86tiQQtMtbgDmvfJ4K466MOT/jZsSGw8nl/PQJnpDbC
GkM/CIMNH5a1YpDjYXjiUCzHyWCjr3J46j54jgPedB8/6eCfvetVCSIKysc3AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU0hcEp4xThrm5DkjvJcFRHe/XlbQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQL
AwQAjxR3MA0GCSqGSIb3DQEBCwUAA4IBAQAPo1rlPrNFstK66YzyHezPIHPOqgai
KJVgNKRY4BNywYmyHDzbWCsos8sLqwqWr+bn5pkxMNmVPzLvj2zMrVOka1CSIOdz
o2ognDyHjo0sYUOguPE89G62MCObIvnptfxLuLWDYEu5M+1diUxBqUIhaU6g8E9s
o32vvci6w4luLBr/3VkxV/0Ywa0SGyTcChLeQhnrZb7TJyq5W1ZYAsdU3kjFMduk
ySnwzSnFP8AC7tZB0v7aQGdW3tVtzB85xeRacrVRh1Gr9LcSERRGrcZdnqjqW2Rj
dLoxB/nUpfHwKiAT3e9SScK2GPQ+cYBvM+3UX1aEY+XDJirWg0QP7SVq
-----END CERTIFICATE-----