Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214669.roa
File:                     AS214669.roa (raw, json)
Hash identifier:          LccdaGZn+ptg81TJjwaPk8R9Uy7OnYxEo5Fdk/KWp6Y=
Subject key identifier:   F8:8D:76:E9:09:B8:68:11:A7:3F:8E:9D:54:FD:67:E4:CF:3F:81:33
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3B6C9A95C6D1796E671C70505CB69A7999EFFEC4
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214669.roa
Signing time:             Wed 01 Oct 2025 09:47:22 +0000
ROA not before:           Wed 01 Oct 2025 09:42:22 +0000
ROA not after:            Wed 30 Sep 2026 09:47:22 +0000
asID:                     214669
IP address blocks:        143.20.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:6c:9a:95:c6:d1:79:6e:67:1c:70:50:5c:b6:9a:79:99:ef:fe:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct  1 09:42:22 2025 GMT
            Not After : Sep 30 09:47:22 2026 GMT
        Subject: CN=F88D76E909B86811A73F8E9D54FD67E4CF3F8133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:75:f8:0a:83:3e:47:94:90:8e:b9:80:d0:3a:
                    af:7c:ff:91:9b:69:b2:cd:55:92:dd:ed:c5:76:b4:
                    86:32:8f:2d:ef:bf:ae:3f:4d:bd:be:8b:37:d4:4a:
                    f8:ef:e0:be:4d:83:3d:ab:54:45:a5:75:f5:68:11:
                    51:78:9d:43:cb:03:4f:cb:76:3d:53:f7:c4:30:01:
                    56:2d:be:31:25:0b:85:97:99:38:c3:ea:2e:47:e7:
                    a8:3a:64:52:03:42:4b:2a:2c:f0:21:7c:7e:78:82:
                    71:00:a1:88:72:ef:fe:af:6e:4e:04:d6:f2:c3:4a:
                    15:49:b1:91:f0:10:20:07:bd:5b:11:98:62:89:eb:
                    2f:9d:68:49:04:8b:79:03:cc:8e:ab:3b:68:f7:c6:
                    a0:a1:8d:65:c3:4d:d3:26:03:a0:95:32:57:83:e9:
                    32:2b:67:82:11:9f:5b:04:08:9a:18:bd:48:d7:2d:
                    52:97:0a:c1:a1:69:18:e1:f3:0c:64:50:67:4c:f8:
                    e9:3d:8c:a9:aa:5c:89:61:d4:3a:1d:eb:76:b3:77:
                    21:34:16:c4:93:93:0b:82:33:5a:24:e3:ab:c0:b7:
                    2f:ab:95:a1:05:17:c7:b8:1c:d2:c5:bf:21:d3:d0:
                    0a:af:bc:27:14:15:a6:4e:a4:1c:be:81:7e:7c:d4:
                    37:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:8D:76:E9:09:B8:68:11:A7:3F:8E:9D:54:FD:67:E4:CF:3F:81:33
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214669.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:62:bb:a3:ee:92:79:7d:5d:3b:cd:2c:c7:74:8d:56:8f:42:
         cf:e2:cd:37:98:dc:6f:d5:1a:27:63:59:7b:d9:c7:0c:dd:45:
         3b:16:21:87:86:01:ba:99:f1:e4:d2:d2:04:48:68:58:6a:e9:
         f7:93:82:35:9b:4d:37:8c:ca:58:00:ef:cb:10:ad:8e:56:4a:
         32:cf:83:c2:0c:f8:4a:8a:7a:cc:6c:40:e1:c3:47:82:b4:ff:
         81:09:5c:02:a7:bb:c1:37:01:4b:7a:ee:e5:68:05:99:b4:fb:
         2a:87:99:e9:f9:86:5e:13:81:6e:8b:4f:a9:b6:0d:ae:ca:84:
         27:60:3a:d5:a0:a0:64:3e:5e:9e:a6:5f:c0:3b:56:8d:34:9f:
         4e:03:3b:fc:50:41:8b:10:ea:65:62:bc:3b:6c:8d:05:7c:ab:
         7f:63:f7:16:3c:48:22:da:ff:da:27:6a:76:11:1f:83:80:b7:
         19:d7:79:18:bb:e9:5f:bd:cd:b4:f2:e1:4a:90:27:a0:98:79:
         37:98:5a:b9:2d:56:60:8e:6f:5a:a9:9a:47:91:22:c9:34:ad:
         ad:4a:23:7d:95:c9:ea:93:9a:77:39:4e:82:be:2f:31:b4:b8:
         02:ba:99:1f:59:42:fb:49:41:69:6e:01:2b:09:e1:7d:76:b2:
         a5:a1:89:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUO2yalcbReW5nHHBQXLaaeZnv/sQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMDEwOTQyMjJaFw0yNjA5MzAwOTQ3MjJaMDMxMTAvBgNV
BAMTKEY4OEQ3NkU5MDlCODY4MTFBNzNGOEU5RDU0RkQ2N0U0Q0YzRjgxMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsdfgKgz5HlJCOuYDQOq98/5Gb
abLNVZLd7cV2tIYyjy3vv64/Tb2+izfUSvjv4L5Ngz2rVEWldfVoEVF4nUPLA0/L
dj1T98QwAVYtvjElC4WXmTjD6i5H56g6ZFIDQksqLPAhfH54gnEAoYhy7/6vbk4E
1vLDShVJsZHwECAHvVsRmGKJ6y+daEkEi3kDzI6rO2j3xqChjWXDTdMmA6CVMleD
6TIrZ4IRn1sECJoYvUjXLVKXCsGhaRjh8wxkUGdM+Ok9jKmqXIlh1Dod63azdyE0
FsSTkwuCM1ok46vAty+rlaEFF8e4HNLFvyHT0AqvvCcUFaZOpBy+gX581DezAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+I126Qm4aBGnP46dVP1n5M8/gTMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NjY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRR
MA0GCSqGSIb3DQEBCwUAA4IBAQDWYruj7pJ5fV07zSzHdI1Wj0LP4s03mNxv1Ron
Y1l72ccM3UU7FiGHhgG6mfHk0tIESGhYaun3k4I1m003jMpYAO/LEK2OVkoyz4PC
DPhKinrMbEDhw0eCtP+BCVwCp7vBNwFLeu7laAWZtPsqh5np+YZeE4Fui0+ptg2u
yoQnYDrVoKBkPl6epl/AO1aNNJ9OAzv8UEGLEOplYrw7bI0FfKt/Y/cWPEgi2v/a
J2p2ER+DgLcZ13kYu+lfvc208uFKkCegmHk3mFq5LVZgjm9aqZpHkSLJNK2tSiN9
lcnqk5p3OU6Cvi8xtLgCupkfWUL7SUFpbgErCeF9drKloYl1
-----END CERTIFICATE-----