Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS26141.roa
File:                     AS26141.roa (raw, json)
Hash identifier:          xtXMbDwT9PNfewFLNhbrpHSi5UfbdzPo0QdkxoyC6sQ=
Subject key identifier:   83:BF:12:B5:19:5C:76:7F:2D:DA:A1:98:B1:46:68:14:F3:47:27:10
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       12D7E145E74CF8C5B6C5C136A4700A41376C4BF7
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS26141.roa
Signing time:             Wed 15 Oct 2025 09:30:14 +0000
ROA not before:           Wed 15 Oct 2025 09:25:14 +0000
ROA not after:            Wed 14 Oct 2026 09:30:14 +0000
asID:                     26141
IP address blocks:        143.20.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:d7:e1:45:e7:4c:f8:c5:b6:c5:c1:36:a4:70:0a:41:37:6c:4b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 15 09:25:14 2025 GMT
            Not After : Oct 14 09:30:14 2026 GMT
        Subject: CN=83BF12B5195C767F2DDAA198B1466814F3472710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:02:6e:4e:dc:7c:2e:06:f3:ef:eb:2c:fb:42:
                    3a:9b:79:3f:4a:8a:5c:f1:a3:c2:f9:9c:95:84:36:
                    65:18:d3:7c:60:72:12:0a:cb:e9:be:2a:3a:dd:ec:
                    89:8e:b3:a0:e2:19:da:cf:0f:40:62:dd:1b:1a:ef:
                    29:bb:d6:ca:91:1b:91:c5:1f:28:c3:12:18:25:74:
                    c2:7e:c2:e4:7c:85:47:52:aa:2a:a7:3a:fd:77:8e:
                    67:43:ee:3a:6c:32:41:80:92:b1:26:2e:e7:04:88:
                    96:b5:d1:ac:13:3f:35:38:79:70:1f:8b:5c:bb:72:
                    e6:cb:95:4f:fd:94:b1:9f:93:61:c6:02:ed:1c:9e:
                    54:b2:65:13:3e:bf:ef:40:29:a7:8c:a7:8b:2a:4f:
                    99:0f:cf:af:96:00:89:d8:49:be:65:2f:e2:f5:78:
                    8a:d8:99:a6:f9:59:95:bd:f2:04:8e:b4:b9:39:3b:
                    b2:67:33:9c:ab:d0:07:db:ef:e7:e2:1d:67:6e:87:
                    e4:5a:1c:f4:ee:89:b2:62:d5:20:b2:83:4f:37:9d:
                    32:bf:c0:d0:3b:66:24:9e:49:ae:cf:89:6c:dd:42:
                    94:87:c7:6d:c9:88:ab:36:31:be:57:c2:89:2a:24:
                    16:ad:39:67:89:dd:9d:67:7d:fc:62:15:22:ad:80:
                    45:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BF:12:B5:19:5C:76:7F:2D:DA:A1:98:B1:46:68:14:F3:47:27:10
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS26141.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:d9:64:a4:3b:8e:25:ce:ab:eb:9b:a3:0f:6d:3e:33:ff:82:
         e1:38:d7:cb:65:e5:8c:71:6f:90:19:93:f7:8f:51:f3:6a:72:
         3f:7c:89:20:6f:3d:86:c6:86:f6:22:46:03:ce:9b:9a:7b:2b:
         04:76:4a:6b:29:65:88:81:b2:ab:89:62:e2:4c:22:bb:09:8d:
         2b:17:76:7c:b3:f3:88:7c:aa:9f:9d:4d:d9:33:fa:e3:b2:fe:
         09:be:59:46:d6:7f:24:34:fb:df:bd:a4:16:54:fb:4f:b8:ce:
         aa:bf:d2:1b:35:33:fc:6e:a7:db:10:a2:ad:48:f7:3f:f3:37:
         9d:f2:b4:d5:aa:97:a9:ed:29:bf:8c:43:8e:eb:3f:3c:ce:3f:
         c4:cb:06:c7:7a:6d:27:e2:d6:80:be:55:2f:c4:2f:8a:d8:4c:
         ad:4b:42:69:d4:ba:1a:97:04:9f:39:a5:72:d2:b8:a1:71:08:
         c0:a6:42:0d:55:e6:98:19:00:cb:f2:fe:7b:d1:47:1a:3c:0c:
         44:d9:8a:e3:a5:80:f6:6b:be:32:07:55:35:1a:c9:a0:ae:49:
         9a:42:fb:4d:e4:36:cb:17:0d:9c:c5:9f:2d:32:96:d9:28:d0:
         7e:da:02:41:e6:4b:47:34:07:3d:78:98:d6:da:05:44:2e:c3:
         2a:ee:bd:a6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEtfhRedM+MW2xcE2pHAKQTdsS/cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMTUwOTI1MTRaFw0yNjEwMTQwOTMwMTRaMDMxMTAvBgNV
BAMTKDgzQkYxMkI1MTk1Qzc2N0YyRERBQTE5OEIxNDY2ODE0RjM0NzI3MTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTAm5O3HwuBvPv6yz7QjqbeT9K
ilzxo8L5nJWENmUY03xgchIKy+m+Kjrd7ImOs6DiGdrPD0Bi3Rsa7ym71sqRG5HF
HyjDEhgldMJ+wuR8hUdSqiqnOv13jmdD7jpsMkGAkrEmLucEiJa10awTPzU4eXAf
i1y7cubLlU/9lLGfk2HGAu0cnlSyZRM+v+9AKaeMp4sqT5kPz6+WAInYSb5lL+L1
eIrYmab5WZW98gSOtLk5O7JnM5yr0Afb7+fiHWduh+RaHPTuibJi1SCyg083nTK/
wNA7ZiSeSa7PiWzdQpSHx23JiKs2Mb5XwokqJBatOWeJ3Z1nffxiFSKtgEWlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUg78StRlcdn8t2qGYsUZoFPNHJxAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjYxNDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFMww
DQYJKoZIhvcNAQELBQADggEBAAHZZKQ7jiXOq+ubow9tPjP/guE418tl5Yxxb5AZ
k/ePUfNqcj98iSBvPYbGhvYiRgPOm5p7KwR2SmspZYiBsquJYuJMIrsJjSsXdnyz
84h8qp+dTdkz+uOy/gm+WUbWfyQ0+9+9pBZU+0+4zqq/0hs1M/xup9sQoq1I9z/z
N53ytNWql6ntKb+MQ47rPzzOP8TLBsd6bSfi1oC+VS/EL4rYTK1LQmnUuhqXBJ85
pXLSuKFxCMCmQg1V5pgZAMvy/nvRRxo8DETZiuOlgPZrvjIHVTUayaCuSZpC+03k
NssXDZzFny0yltko0H7aAkHmS0c0Bz14mNbaBUQuwyruvaY=
-----END CERTIFICATE-----