Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215143.roa
File:                     AS215143.roa (raw, json)
Hash identifier:          bEjfFcyU+3q7T13jj7lsCedjzKUz6Z9I3MKDFSpq1ks=
Subject key identifier:   F7:E6:6E:22:7B:11:99:01:CE:C7:C5:7A:04:DE:22:35:BE:03:46:AA
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       31971072EA174334393E2D82F7A595443D81CC42
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215143.roa
Signing time:             Tue 16 Sep 2025 09:24:07 +0000
ROA not before:           Tue 16 Sep 2025 09:19:07 +0000
ROA not after:            Tue 15 Sep 2026 09:24:07 +0000
asID:                     215143
IP address blocks:        143.20.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:97:10:72:ea:17:43:34:39:3e:2d:82:f7:a5:95:44:3d:81:cc:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 16 09:19:07 2025 GMT
            Not After : Sep 15 09:24:07 2026 GMT
        Subject: CN=F7E66E227B119901CEC7C57A04DE2235BE0346AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:99:06:65:9d:6c:d0:01:c1:2c:7a:47:07:c8:
                    15:59:63:38:6f:85:53:3f:99:6e:3e:dd:24:84:ae:
                    e4:1b:e3:1e:d4:90:60:19:59:34:4e:7c:ca:1d:92:
                    07:e9:cc:dc:47:46:40:a3:3e:6c:73:8a:ac:44:47:
                    e3:a2:53:07:38:11:57:50:2b:49:d3:70:8a:50:c3:
                    5d:86:fd:40:c1:d3:b4:ba:aa:c6:e2:2b:67:52:b5:
                    93:9b:b6:e2:61:dd:95:50:8c:ff:24:07:9b:94:b8:
                    7b:b9:7d:5b:9a:0e:dc:c8:9d:7d:d3:37:e9:bb:f7:
                    6f:5f:32:f3:a5:bd:9c:ae:d9:46:8f:97:7d:d5:30:
                    01:81:1a:69:5a:aa:1a:44:3b:2e:34:f4:7b:ea:28:
                    8d:7d:3f:af:3d:46:06:c6:45:eb:8a:93:5e:3f:8a:
                    98:e9:5c:19:84:4a:8e:02:c8:8d:7d:14:a6:f9:f8:
                    e4:7c:56:50:16:e6:a0:83:28:db:31:ee:b6:01:e0:
                    40:38:4a:4b:53:20:02:31:5a:1a:f9:d4:d4:f2:18:
                    88:2c:f3:e3:8f:32:34:68:df:6d:df:7c:29:0b:8c:
                    dd:5c:3d:0a:70:2e:66:70:d3:e0:f6:41:e8:f8:b6:
                    cd:a4:e8:d7:34:4f:18:8e:08:52:cb:ee:de:05:12:
                    17:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:E6:6E:22:7B:11:99:01:CE:C7:C5:7A:04:DE:22:35:BE:03:46:AA
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215143.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:92:ca:00:d4:d9:27:cc:bf:e6:00:8a:e3:fc:81:96:50:32:
         98:4f:75:33:d6:b7:44:98:62:e5:d8:ac:11:95:81:a5:c8:7d:
         d6:6b:ac:8b:5e:cd:f9:1a:49:74:3b:2d:14:69:b0:24:22:b0:
         8f:d9:83:b4:3e:ad:43:2b:15:4b:10:dc:15:ce:35:6b:cf:3f:
         3f:0a:eb:f6:84:0c:ca:a1:67:06:6f:06:20:c9:14:e0:3e:40:
         a4:b9:93:89:c0:5b:8b:46:4e:e3:1b:c6:04:cc:07:88:e1:a6:
         37:42:a6:e8:12:10:05:51:27:68:32:46:d5:58:42:84:38:e4:
         e2:3a:b5:63:a5:85:a3:95:63:74:4b:ab:7e:d8:cb:d5:e2:cc:
         7f:79:1d:89:35:e4:28:40:09:ec:1f:2d:96:8e:d6:b2:6b:f5:
         52:af:8e:e3:da:85:db:5b:44:8d:d7:60:67:69:da:94:8a:53:
         ce:f5:3c:76:a5:bc:61:72:6b:90:b9:54:13:49:8d:16:0e:98:
         03:c4:01:8e:d9:0b:3c:5c:8f:e7:5c:93:c6:9f:c5:bd:0e:cd:
         05:2d:b0:76:68:76:74:59:26:61:3a:92:a2:d1:e4:a5:04:d3:
         dd:00:e3:25:e8:99:47:22:7a:e8:31:4e:2b:6b:db:e4:25:3f:
         5e:47:29:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMZcQcuoXQzQ5Pi2C96WVRD2BzEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MTYwOTE5MDdaFw0yNjA5MTUwOTI0MDdaMDMxMTAvBgNV
BAMTKEY3RTY2RTIyN0IxMTk5MDFDRUM3QzU3QTA0REUyMjM1QkUwMzQ2QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCimQZlnWzQAcEsekcHyBVZYzhv
hVM/mW4+3SSEruQb4x7UkGAZWTROfModkgfpzNxHRkCjPmxziqxER+OiUwc4EVdQ
K0nTcIpQw12G/UDB07S6qsbiK2dStZObtuJh3ZVQjP8kB5uUuHu5fVuaDtzInX3T
N+m7929fMvOlvZyu2UaPl33VMAGBGmlaqhpEOy409HvqKI19P689RgbGReuKk14/
ipjpXBmESo4CyI19FKb5+OR8VlAW5qCDKNsx7rYB4EA4SktTIAIxWhr51NTyGIgs
8+OPMjRo323ffCkLjN1cPQpwLmZw0+D2Qej4ts2k6Nc0TxiOCFLL7t4FEhchAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9+ZuInsRmQHOx8V6BN4iNb4DRqowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE1MTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSE
MA0GCSqGSIb3DQEBCwUAA4IBAQCgksoA1NknzL/mAIrj/IGWUDKYT3Uz1rdEmGLl
2KwRlYGlyH3Wa6yLXs35Gkl0Oy0UabAkIrCP2YO0Pq1DKxVLENwVzjVrzz8/Cuv2
hAzKoWcGbwYgyRTgPkCkuZOJwFuLRk7jG8YEzAeI4aY3QqboEhAFUSdoMkbVWEKE
OOTiOrVjpYWjlWN0S6t+2MvV4sx/eR2JNeQoQAnsHy2Wjtaya/VSr47j2oXbW0SN
12BnadqUilPO9Tx2pbxhcmuQuVQTSY0WDpgDxAGO2Qs8XI/nXJPGn8W9Ds0FLbB2
aHZ0WSZhOpKi0eSlBNPdAOMl6JlHInroMU4ra9vkJT9eRynk
-----END CERTIFICATE-----