Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS22427.roa
File:                     AS22427.roa (raw, json)
Hash identifier:          TTbEoHwyEP5++qftt7ZQcogzRppCS35/6BfA386aVHg=
Subject key identifier:   4B:7A:DB:ED:8A:A1:B0:AE:72:1C:7A:71:45:AC:C1:41:08:A1:A7:2E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1E5FA351CF711DBF1D21BFE9A58A7A947F90AF89
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS22427.roa
Signing time:             Wed 01 Oct 2025 08:27:42 +0000
ROA not before:           Wed 01 Oct 2025 08:22:42 +0000
ROA not after:            Wed 30 Sep 2026 08:27:42 +0000
asID:                     22427
IP address blocks:        143.20.76.0/24 maxlen: 24
                          143.20.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:5f:a3:51:cf:71:1d:bf:1d:21:bf:e9:a5:8a:7a:94:7f:90:af:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct  1 08:22:42 2025 GMT
            Not After : Sep 30 08:27:42 2026 GMT
        Subject: CN=4B7ADBED8AA1B0AE721C7A7145ACC14108A1A72E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a4:20:7c:4b:74:65:7d:19:fe:59:92:88:86:
                    7b:62:24:7b:7f:65:e1:a4:4d:4b:9c:43:06:bc:bd:
                    5d:e4:75:f8:7a:d7:15:59:4e:b6:84:bc:0e:dd:66:
                    20:cf:cf:db:81:79:92:91:df:97:66:36:65:ef:ac:
                    03:3e:dc:96:9a:27:07:e6:a6:93:b0:34:cd:c6:dc:
                    75:72:4e:f0:87:1b:9c:fe:d4:9a:db:64:e6:7d:7e:
                    fc:ac:b1:ca:bd:15:a3:40:f0:39:3f:c3:31:45:5c:
                    f6:05:93:db:9b:7c:16:a7:e0:39:90:af:af:c5:62:
                    e1:4a:44:98:27:52:9d:b9:85:74:69:0a:31:fb:c8:
                    d9:07:93:af:75:e0:a5:1f:bf:36:48:f4:a8:57:33:
                    93:0d:1a:b6:e3:31:0c:d9:f8:b2:ad:e7:69:32:2c:
                    6b:5a:03:b7:f1:47:41:6e:9d:0e:83:a0:5a:1a:45:
                    91:14:22:89:82:0f:24:26:75:f4:c1:13:25:cd:b4:
                    43:38:69:6f:62:a1:3a:cc:83:98:ff:c5:e4:e3:e0:
                    33:7d:29:d1:41:6e:be:f6:d7:8a:e4:42:71:46:e3:
                    57:21:8d:e9:ef:e2:bc:8d:5d:9f:b6:f0:4d:a7:24:
                    1b:ce:fa:4b:73:1e:5a:6c:a8:0e:b5:e3:af:44:16:
                    cc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7A:DB:ED:8A:A1:B0:AE:72:1C:7A:71:45:AC:C1:41:08:A1:A7:2E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS22427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.76.0/24
                  143.20.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:39:c3:d5:46:5b:2d:fe:4d:02:3b:81:bb:51:e5:85:bf:81:
         04:5a:76:ff:a1:f4:c1:ba:6e:21:4e:c4:8d:36:7d:6a:ee:95:
         c3:e6:f5:82:c0:81:83:cc:a0:f7:b3:11:5c:2e:8a:f6:5e:20:
         2b:98:58:cf:d4:af:c5:99:c5:68:45:d4:1d:fb:bd:f1:0f:b3:
         34:fc:9d:19:23:df:12:fb:15:ae:85:a5:79:c3:96:f0:d6:88:
         69:63:81:4b:e3:93:93:24:53:16:aa:c2:25:97:f1:27:c5:91:
         1a:c5:7f:5c:b6:f6:ab:22:3f:8b:99:5d:3c:66:15:11:e2:f4:
         ba:4a:8d:a0:af:16:92:c2:74:97:64:f6:26:25:e1:d2:3d:25:
         a8:0e:02:a2:f3:07:35:e0:46:b5:14:e7:d2:48:f0:83:e0:53:
         eb:c6:c2:cb:12:56:32:cf:e5:2f:45:72:cb:8a:fb:79:da:18:
         93:7e:14:57:df:90:06:ea:1f:c5:87:b3:48:95:23:e5:de:44:
         ff:40:4f:27:29:32:1c:51:6a:f8:47:a3:b0:86:60:22:44:36:
         ea:57:1d:fb:ee:92:7d:b9:6d:3b:81:23:af:a6:a6:3e:d5:10:
         95:c2:cb:68:ed:c5:d8:76:64:a7:85:f4:ad:1a:0e:02:c2:d2:
         83:89:5d:ec
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUHl+jUc9xHb8dIb/ppYp6lH+Qr4kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMDEwODIyNDJaFw0yNjA5MzAwODI3NDJaMDMxMTAvBgNV
BAMTKDRCN0FEQkVEOEFBMUIwQUU3MjFDN0E3MTQ1QUNDMTQxMDhBMUE3MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNpCB8S3RlfRn+WZKIhntiJHt/
ZeGkTUucQwa8vV3kdfh61xVZTraEvA7dZiDPz9uBeZKR35dmNmXvrAM+3JaaJwfm
ppOwNM3G3HVyTvCHG5z+1JrbZOZ9fvysscq9FaNA8Dk/wzFFXPYFk9ubfBan4DmQ
r6/FYuFKRJgnUp25hXRpCjH7yNkHk6914KUfvzZI9KhXM5MNGrbjMQzZ+LKt52ky
LGtaA7fxR0FunQ6DoFoaRZEUIomCDyQmdfTBEyXNtEM4aW9ioTrMg5j/xeTj4DN9
KdFBbr7214rkQnFG41chjenv4ryNXZ+28E2nJBvO+ktzHlpsqA61469EFszRAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUS3rb7YqhsK5yHHpxRazBQQihpy4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjI0Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFEwD
BACPFFwwDQYJKoZIhvcNAQELBQADggEBACc5w9VGWy3+TQI7gbtR5YW/gQRadv+h
9MG6biFOxI02fWrulcPm9YLAgYPMoPezEVwuivZeICuYWM/Ur8WZxWhF1B37vfEP
szT8nRkj3xL7Fa6FpXnDlvDWiGljgUvjk5MkUxaqwiWX8SfFkRrFf1y29qsiP4uZ
XTxmFRHi9LpKjaCvFpLCdJdk9iYl4dI9JagOAqLzBzXgRrUU59JI8IPgU+vGwssS
VjLP5S9FcsuK+3naGJN+FFffkAbqH8WHs0iVI+XeRP9ATycpMhxRavhHo7CGYCJE
NupXHfvukn25bTuBI6+mpj7VEJXCy2jtxdh2ZKeF9K0aDgLC0oOJXew=
-----END CERTIFICATE-----