Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa
File:                     AS214677.roa (raw, json)
Hash identifier:          n215ZvortJS162eLpQ42gAjG0xcQmhimFd3cJ93I+UA=
Subject key identifier:   47:BF:7F:B8:B6:B8:63:B2:AF:73:F5:56:C2:18:C5:0B:4A:26:89:6F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3D547AC3A1A01004189B56B59FD361484EAFCF46
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa
Signing time:             Thu 19 Jun 2025 15:36:27 +0000
ROA not before:           Thu 19 Jun 2025 15:31:27 +0000
ROA not after:            Thu 18 Jun 2026 15:36:27 +0000
asID:                     214677
IP address blocks:        143.20.79.0/24 maxlen: 24
                          143.20.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:54:7a:c3:a1:a0:10:04:18:9b:56:b5:9f:d3:61:48:4e:af:cf:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 19 15:31:27 2025 GMT
            Not After : Jun 18 15:36:27 2026 GMT
        Subject: CN=47BF7FB8B6B863B2AF73F556C218C50B4A26896F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:43:5c:29:81:86:b4:2a:0b:f5:c1:58:f6:ef:
                    ae:4f:89:01:24:2a:19:ce:38:a6:8b:8d:3f:98:51:
                    73:2b:0d:28:bb:1c:88:fe:c6:13:a1:a3:99:1f:64:
                    77:0a:6d:69:00:46:1d:7b:b6:0e:4f:af:80:74:dc:
                    11:7e:92:b6:40:b4:c4:fb:10:24:8e:7c:2d:87:0c:
                    08:1d:54:de:a2:5e:be:f9:88:60:f7:5f:81:0b:24:
                    76:c6:20:31:fb:54:6c:55:86:b4:1c:4f:cd:99:52:
                    c1:17:21:59:7f:60:52:87:10:d9:ba:28:82:73:2e:
                    fc:5d:85:88:d5:5e:d8:b0:81:63:49:42:c0:35:e6:
                    e2:fb:b9:e5:67:4f:89:96:eb:fa:31:fc:10:0b:38:
                    37:2f:59:e9:32:d0:3c:48:0b:b7:3c:10:b0:c2:b4:
                    3d:53:75:80:d6:58:99:16:47:a9:50:04:2b:3b:4b:
                    45:fb:51:1c:e5:9b:16:a3:c0:06:fb:4d:e3:0c:13:
                    4f:39:72:e3:c4:88:c6:47:66:03:09:08:44:c5:2a:
                    04:ff:fc:0b:58:4d:de:92:48:fc:0a:24:a2:c4:73:
                    3e:51:9f:f4:d4:e2:e4:1c:7f:c6:10:2a:4a:f7:ad:
                    05:56:09:a2:f4:fc:20:0e:32:0e:48:69:8f:f3:b4:
                    59:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BF:7F:B8:B6:B8:63:B2:AF:73:F5:56:C2:18:C5:0B:4A:26:89:6F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.79.0/24
                  143.20.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:af:4c:ee:50:c7:74:0d:3a:76:9d:6a:56:7c:d5:1d:92:f4:
         ce:9a:85:8f:ce:86:f7:66:7e:03:cf:d8:27:c5:55:13:13:f5:
         f6:22:67:60:cf:14:1e:87:9c:ae:44:95:64:1d:ef:52:1e:05:
         6c:04:07:5b:c5:61:64:0e:62:59:09:56:3b:26:d1:0f:c5:8b:
         aa:37:50:ca:25:cc:26:43:94:44:06:b1:60:5a:9c:6f:b1:37:
         f3:ff:a5:c9:ee:f2:0f:5d:d5:c4:d1:b6:72:9b:5a:c6:7d:b0:
         bb:fa:1d:bf:39:e7:76:b8:6e:90:e3:a0:fb:88:95:82:68:ea:
         93:b5:cf:74:5f:9a:76:a1:5b:24:b2:b0:15:a1:77:d0:35:db:
         94:2d:95:7f:01:c7:55:3e:7a:52:b0:77:0a:82:ac:3f:74:0c:
         3e:61:1c:7e:cd:7a:f2:b0:cb:c7:3e:46:45:83:6f:b8:98:41:
         e7:4e:ce:79:d6:58:c4:a1:92:0e:4e:4d:e5:1f:09:0d:9e:bb:
         e8:ef:fd:2f:80:3f:66:dd:10:01:ef:e4:ff:64:8c:c3:ac:52:
         01:c7:2e:1b:f7:d5:a3:f8:e1:a7:2d:33:5b:e1:73:ad:1b:21:
         8f:20:0e:e0:fa:17:8b:f8:50:c8:b0:b5:90:24:f0:b8:f3:79:
         df:ee:fc:39
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUPVR6w6GgEAQYm1a1n9NhSE6vz0YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTkxNTMxMjdaFw0yNjA2MTgxNTM2MjdaMDMxMTAvBgNV
BAMTKDQ3QkY3RkI4QjZCODYzQjJBRjczRjU1NkMyMThDNTBCNEEyNjg5NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqQ1wpgYa0Kgv1wVj2765PiQEk
KhnOOKaLjT+YUXMrDSi7HIj+xhOho5kfZHcKbWkARh17tg5Pr4B03BF+krZAtMT7
ECSOfC2HDAgdVN6iXr75iGD3X4ELJHbGIDH7VGxVhrQcT82ZUsEXIVl/YFKHENm6
KIJzLvxdhYjVXtiwgWNJQsA15uL7ueVnT4mW6/ox/BALODcvWeky0DxIC7c8ELDC
tD1TdYDWWJkWR6lQBCs7S0X7URzlmxajwAb7TeMME085cuPEiMZHZgMJCETFKgT/
/AtYTd6SSPwKJKLEcz5Rn/TU4uQcf8YQKkr3rQVWCaL0/CAOMg5IaY/ztFkTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUR79/uLa4Y7Kvc/VWwhjFC0omiW8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0Njc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRP
AwQAjxR0MA0GCSqGSIb3DQEBCwUAA4IBAQC1r0zuUMd0DTp2nWpWfNUdkvTOmoWP
zob3Zn4Dz9gnxVUTE/X2ImdgzxQeh5yuRJVkHe9SHgVsBAdbxWFkDmJZCVY7JtEP
xYuqN1DKJcwmQ5REBrFgWpxvsTfz/6XJ7vIPXdXE0bZym1rGfbC7+h2/Oed2uG6Q
46D7iJWCaOqTtc90X5p2oVsksrAVoXfQNduULZV/AcdVPnpSsHcKgqw/dAw+YRx+
zXrysMvHPkZFg2+4mEHnTs551ljEoZIOTk3lHwkNnrvo7/0vgD9m3RAB7+T/ZIzD
rFIBxy4b99Wj+OGnLTNb4XOtGyGPIA7g+heL+FDIsLWQJPC483nf7vw5
-----END CERTIFICATE-----