Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          mP4EN6aBD2wuhZploERsyfBMRjtLx4McH8ozjre0Qik=
Subject key identifier:   D1:4D:97:94:25:CB:58:2D:08:79:D7:27:9A:EE:98:BA:C1:88:2A:DD
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2E9A34C140EB4417855C201635F201628A91D53B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214432.roa
Signing time:             Sun 28 Sep 2025 09:27:05 +0000
ROA not before:           Sun 28 Sep 2025 09:22:05 +0000
ROA not after:            Sun 27 Sep 2026 09:27:05 +0000
asID:                     214432
IP address blocks:        143.20.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:9a:34:c1:40:eb:44:17:85:5c:20:16:35:f2:01:62:8a:91:d5:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 28 09:22:05 2025 GMT
            Not After : Sep 27 09:27:05 2026 GMT
        Subject: CN=D14D979425CB582D0879D7279AEE98BAC1882ADD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1a:82:61:13:82:70:f1:a7:59:59:b8:6c:f6:
                    6b:0a:33:6b:16:f5:9d:18:14:df:f0:51:ce:59:f6:
                    8c:55:50:37:d3:23:bb:68:2e:9c:42:97:5f:7a:2a:
                    a6:37:22:db:71:49:fb:25:9b:fb:b3:3a:a6:02:16:
                    e1:43:57:d7:88:7a:62:6a:7c:40:a7:36:bc:9c:a7:
                    1a:9d:50:47:ab:94:49:6c:b9:c0:12:eb:9d:80:22:
                    54:83:30:f7:ec:d8:bd:0c:0f:1a:ef:68:e4:e1:ed:
                    40:df:e3:da:92:45:fb:7c:21:b3:c1:41:d9:0b:0f:
                    aa:79:8f:21:72:53:f2:4e:3a:48:b5:7f:ca:e7:49:
                    1d:19:de:f7:63:f3:3a:4e:8b:4a:6c:70:31:c9:b7:
                    dc:38:db:32:b9:d9:e5:48:c7:df:1e:78:cb:86:5b:
                    77:8b:d8:19:42:4c:c9:d2:91:7e:96:e4:cf:e2:a0:
                    76:5e:1f:a9:63:5e:ae:c0:36:09:cf:1d:72:9b:3e:
                    f3:df:69:36:79:ec:81:2f:40:a7:8f:46:6d:a2:a2:
                    aa:15:5e:9a:9f:cc:c3:35:58:ee:61:cd:e7:c0:0b:
                    5f:79:77:c3:62:8b:c8:0d:ea:47:31:78:4d:46:c1:
                    01:ce:40:df:a5:4d:21:f9:62:13:b5:5c:01:48:55:
                    8b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:4D:97:94:25:CB:58:2D:08:79:D7:27:9A:EE:98:BA:C1:88:2A:DD
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:69:a6:e8:85:be:00:6b:da:d0:3b:79:9f:a3:62:6a:1d:f7:
         8d:3a:6b:06:05:06:3c:f4:16:96:08:55:ff:52:03:79:70:d4:
         39:d7:a0:24:66:a8:a1:18:6b:5f:39:e0:53:ed:3f:60:d6:9f:
         5e:e3:21:8a:a6:86:00:78:03:61:65:77:7a:9e:cd:46:c0:7e:
         f2:4b:20:cd:19:5e:44:61:66:09:aa:95:0f:90:63:39:5e:e0:
         5b:81:49:46:e8:03:ee:80:50:a6:cb:f8:3d:3f:d2:ef:70:5e:
         ab:5c:34:d1:b0:a5:b3:9b:95:ab:7a:4f:73:8a:30:7a:e5:e3:
         25:4e:89:2c:be:27:ae:33:99:99:61:ce:67:f3:e6:35:db:cf:
         4d:cb:3e:11:07:5b:87:de:29:2b:27:ab:a5:38:40:80:1d:de:
         54:1c:ff:7f:87:6a:5b:fa:73:bf:25:f6:cc:e9:62:a7:55:5d:
         01:6a:e5:b6:1a:2e:96:a6:e1:71:07:2b:9c:08:a1:c5:89:3d:
         c6:ab:3e:7f:35:a5:d8:94:a2:b8:9a:c6:4f:24:6f:87:be:bf:
         4d:c4:d3:09:54:d4:05:83:b5:63:1e:dd:17:9c:89:2d:81:db:
         c9:9d:6b:bc:61:60:02:0b:ac:7e:ed:09:cb:50:bb:1f:49:8f:
         c7:31:62:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULpo0wUDrRBeFXCAWNfIBYoqR1TswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjgwOTIyMDVaFw0yNjA5MjcwOTI3MDVaMDMxMTAvBgNV
BAMTKEQxNEQ5Nzk0MjVDQjU4MkQwODc5RDcyNzlBRUU5OEJBQzE4ODJBREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGGoJhE4Jw8adZWbhs9msKM2sW
9Z0YFN/wUc5Z9oxVUDfTI7toLpxCl196KqY3IttxSfslm/uzOqYCFuFDV9eIemJq
fECnNrycpxqdUEerlElsucAS652AIlSDMPfs2L0MDxrvaOTh7UDf49qSRft8IbPB
QdkLD6p5jyFyU/JOOki1f8rnSR0Z3vdj8zpOi0pscDHJt9w42zK52eVIx98eeMuG
W3eL2BlCTMnSkX6W5M/ioHZeH6ljXq7ANgnPHXKbPvPfaTZ57IEvQKePRm2ioqoV
XpqfzMM1WO5hzefAC195d8Nii8gN6kcxeE1GwQHOQN+lTSH5YhO1XAFIVYt1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU0U2XlCXLWC0Iedcnmu6YusGIKt0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSI
MA0GCSqGSIb3DQEBCwUAA4IBAQBCaabohb4Aa9rQO3mfo2JqHfeNOmsGBQY89BaW
CFX/UgN5cNQ516AkZqihGGtfOeBT7T9g1p9e4yGKpoYAeANhZXd6ns1GwH7ySyDN
GV5EYWYJqpUPkGM5XuBbgUlG6APugFCmy/g9P9LvcF6rXDTRsKWzm5Wrek9zijB6
5eMlToksvieuM5mZYc5n8+Y1289Nyz4RB1uH3ikrJ6ulOECAHd5UHP9/h2pb+nO/
JfbM6WKnVV0BauW2Gi6WpuFxByucCKHFiT3Gqz5/NaXYlKK4msZPJG+Hvr9NxNMJ
VNQFg7VjHt0XnIktgdvJnWu8YWACC6x+7QnLULsfSY/HMWKs
-----END CERTIFICATE-----