Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214939.roa
File:                     AS214939.roa (raw, json)
Hash identifier:          rM4MT0yS7zBMDHC/ZYa92KRDYudH0NMHla7lrW/lKAU=
Subject key identifier:   B6:AA:C8:6E:15:08:4C:30:E6:1B:93:93:9E:61:CF:48:7B:84:65:A1
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       300E85FFCC0F9416C3DBD86DA2CB2B948EAEED11
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214939.roa
Signing time:             Fri 20 Jun 2025 14:27:30 +0000
ROA not before:           Fri 20 Jun 2025 14:22:30 +0000
ROA not after:            Fri 19 Jun 2026 14:27:30 +0000
asID:                     214939
IP address blocks:        143.20.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:0e:85:ff:cc:0f:94:16:c3:db:d8:6d:a2:cb:2b:94:8e:ae:ed:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 20 14:22:30 2025 GMT
            Not After : Jun 19 14:27:30 2026 GMT
        Subject: CN=B6AAC86E15084C30E61B93939E61CF487B8465A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b3:2e:c2:fe:e5:b7:96:c7:4c:6e:d5:7b:62:
                    f9:63:29:2b:72:7c:81:3b:0f:5e:5d:b1:2c:f8:b9:
                    b8:a2:0c:10:31:4a:7d:ef:99:c8:be:d7:f0:a5:54:
                    d3:a9:b4:12:39:bf:54:45:6c:f0:5d:6b:47:b6:13:
                    98:5e:b8:f9:83:61:d5:d3:45:fe:80:af:37:1b:7e:
                    25:fe:77:bb:d2:ce:80:2a:3e:7f:dc:be:d6:98:b3:
                    01:4b:e1:04:f1:dc:9d:a1:5f:f5:7b:1a:d7:05:9e:
                    80:a1:e1:c6:ad:9f:1d:88:69:e9:af:e8:eb:f1:f3:
                    fd:b7:1b:1a:f9:05:e9:7f:9b:fa:de:27:19:4f:98:
                    99:05:bd:6b:b3:b3:0d:5e:5d:a3:3c:17:d8:55:b1:
                    a7:9d:11:cd:d8:46:f9:29:16:42:cc:85:c1:ab:18:
                    9f:fa:9b:59:ca:76:e1:db:46:92:28:9f:57:a4:c7:
                    82:08:3b:03:8e:11:8d:6c:15:9d:11:27:92:58:36:
                    3c:3e:3e:62:06:05:5d:6a:66:84:11:f7:45:34:67:
                    98:51:c6:55:ee:f7:4a:c3:53:a1:39:c5:ad:56:e4:
                    7f:d7:33:90:d7:85:6c:d3:bd:cf:25:bb:d6:25:89:
                    69:b6:e0:a8:f5:37:4a:6d:ad:8d:fa:1a:14:e9:06:
                    2a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:AA:C8:6E:15:08:4C:30:E6:1B:93:93:9E:61:CF:48:7B:84:65:A1
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:7b:6d:d4:24:07:19:d1:34:54:fc:31:3f:69:4b:a6:b0:11:
         79:57:ff:48:7f:0b:e7:48:62:7b:4c:8a:be:a2:cb:9d:42:29:
         34:4f:36:c6:08:ed:21:f9:e7:98:36:54:ef:6b:49:4f:2a:fb:
         4e:5a:d9:04:11:cd:c1:e3:1d:23:df:e7:69:93:8b:de:ac:6b:
         82:bf:56:25:46:16:48:40:8e:70:9e:5b:bd:71:96:71:af:e9:
         5c:bd:4f:72:af:fb:8e:62:a8:7a:11:3e:26:16:cd:bf:54:2d:
         94:aa:81:1a:41:e1:c0:fd:91:84:40:f7:ee:63:fa:83:23:fb:
         4a:e0:8b:96:bb:d0:49:2e:57:58:f3:08:c6:95:3d:77:44:7f:
         3d:45:d3:f3:e1:7e:00:c1:a9:c7:f4:81:2b:d6:ae:9b:03:67:
         a3:df:a4:af:c2:a7:34:8f:4c:20:36:8b:9d:bd:06:97:a3:f9:
         74:05:be:0c:9e:27:1f:2e:6a:58:a8:5e:4b:bf:aa:3f:bb:dc:
         a8:69:87:94:50:d5:80:6a:55:07:50:a8:68:51:3d:70:b9:7b:
         7e:5a:c6:a5:0a:4e:f2:7c:b6:35:36:7e:3d:fe:c5:9c:b1:6f:
         32:82:0c:fb:e5:55:22:76:e0:fd:11:38:a0:69:aa:f5:b1:76:
         29:99:7b:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMA6F/8wPlBbD29htossrlI6u7REwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjAxNDIyMzBaFw0yNjA2MTkxNDI3MzBaMDMxMTAvBgNV
BAMTKEI2QUFDODZFMTUwODRDMzBFNjFCOTM5MzlFNjFDRjQ4N0I4NDY1QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDasy7C/uW3lsdMbtV7YvljKSty
fIE7D15dsSz4ubiiDBAxSn3vmci+1/ClVNOptBI5v1RFbPBda0e2E5heuPmDYdXT
Rf6ArzcbfiX+d7vSzoAqPn/cvtaYswFL4QTx3J2hX/V7GtcFnoCh4catnx2Iaemv
6Ovx8/23Gxr5Bel/m/reJxlPmJkFvWuzsw1eXaM8F9hVsaedEc3YRvkpFkLMhcGr
GJ/6m1nKduHbRpIon1ekx4IIOwOOEY1sFZ0RJ5JYNjw+PmIGBV1qZoQR90U0Z5hR
xlXu90rDU6E5xa1W5H/XM5DXhWzTvc8lu9YliWm24Kj1N0ptrY36GhTpBiqHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtqrIbhUITDDmG5OTnmHPSHuEZaEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0OTM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRw
MA0GCSqGSIb3DQEBCwUAA4IBAQB1e23UJAcZ0TRU/DE/aUumsBF5V/9IfwvnSGJ7
TIq+osudQik0TzbGCO0h+eeYNlTva0lPKvtOWtkEEc3B4x0j3+dpk4verGuCv1Yl
RhZIQI5wnlu9cZZxr+lcvU9yr/uOYqh6ET4mFs2/VC2UqoEaQeHA/ZGEQPfuY/qD
I/tK4IuWu9BJLldY8wjGlT13RH89RdPz4X4AwanH9IEr1q6bA2ej36Svwqc0j0wg
NoudvQaXo/l0Bb4MnicfLmpYqF5Lv6o/u9yoaYeUUNWAalUHUKhoUT1wuXt+Wsal
Ck7yfLY1Nn49/sWcsW8yggz75VUiduD9ETigaar1sXYpmXs2
-----END CERTIFICATE-----