Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS396856.roa
File:                     AS396856.roa (raw, json)
Hash identifier:          2bI3a4zxlo46jXQV1rgKaGIKD8gfwtYXbMTtw0iMmpY=
Subject key identifier:   4F:D3:FC:8C:8C:38:73:93:D1:87:32:4D:83:A1:BC:6F:55:28:88:FA
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       79CBF26C602B0F779F0B712A8D60A8237266C857
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS396856.roa
Signing time:             Tue 17 Jun 2025 04:34:28 +0000
ROA not before:           Tue 17 Jun 2025 04:29:28 +0000
ROA not after:            Tue 16 Jun 2026 04:34:28 +0000
asID:                     396856
IP address blocks:        143.20.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:cb:f2:6c:60:2b:0f:77:9f:0b:71:2a:8d:60:a8:23:72:66:c8:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 17 04:29:28 2025 GMT
            Not After : Jun 16 04:34:28 2026 GMT
        Subject: CN=4FD3FC8C8C387393D187324D83A1BC6F552888FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e4:ef:56:4e:91:b5:12:4f:d3:9a:83:72:47:
                    56:48:41:87:21:67:86:e2:d2:ac:14:c8:fd:e6:72:
                    bf:2d:bc:84:4e:7e:91:6e:d5:5c:e9:f9:7f:75:af:
                    46:9f:69:e1:f1:cb:3a:42:44:21:9f:44:5d:5b:b1:
                    b5:bc:e7:00:8d:26:ea:78:79:d2:e9:8a:91:0e:24:
                    82:b2:97:e6:cb:c2:82:0c:5d:1b:7b:e5:01:73:08:
                    18:a2:2e:8f:7e:8d:5b:cf:99:63:10:2f:5b:37:f0:
                    81:59:52:18:d6:d9:7c:79:58:44:30:83:1b:f0:7d:
                    87:af:f3:07:41:d1:03:3d:26:82:17:60:45:8c:12:
                    e9:34:a7:a0:70:c5:dd:af:65:62:7f:49:18:ff:c0:
                    7f:a2:b5:a9:4b:10:db:c3:69:74:92:07:62:a7:22:
                    96:1a:4e:b1:74:67:ce:5d:50:fe:35:d0:e2:a1:89:
                    07:2e:58:80:65:ae:5a:75:1b:4b:b8:af:b5:3a:1f:
                    01:cb:02:fd:5c:2f:8a:60:fe:94:ef:ba:50:47:6a:
                    42:97:61:68:47:9d:9d:2b:56:cf:cc:0b:9b:cf:af:
                    64:d0:fd:07:4f:f9:a5:cc:45:e2:a0:47:fc:84:ed:
                    fe:c3:d2:ea:d2:66:cb:1a:78:3b:14:24:39:76:fc:
                    22:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D3:FC:8C:8C:38:73:93:D1:87:32:4D:83:A1:BC:6F:55:28:88:FA
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS396856.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:dd:f6:28:76:02:88:8a:dd:ec:9e:62:23:c1:cb:c2:55:f0:
         21:05:bb:64:34:4f:2c:4e:8d:75:3f:f8:15:6a:86:ef:c0:1c:
         23:a9:07:f4:ce:e1:79:73:68:e0:66:bb:32:8f:83:72:87:75:
         7e:08:c6:e8:a6:b8:40:c4:93:4c:f3:a5:bd:11:bf:7c:c1:e7:
         b8:24:02:ab:71:9a:c6:e5:5d:0f:cb:d4:3d:6f:7f:5a:25:ae:
         eb:4f:a7:be:0b:30:82:ed:a1:01:ac:4d:2b:84:c7:e9:63:08:
         4f:69:33:7a:b2:8c:10:2c:2d:98:32:85:cc:8b:f8:55:e2:7c:
         6f:38:6a:34:f4:44:d0:66:60:f5:f5:da:84:3a:91:ff:9e:65:
         71:5d:ad:a3:ff:68:7d:c0:2a:75:ed:85:6e:16:2b:d3:20:42:
         eb:ce:30:55:b1:61:98:17:32:00:06:0c:31:59:c4:1f:7d:59:
         13:4d:54:d2:5b:69:a7:dc:f4:f2:93:60:7b:ee:3b:d0:37:79:
         4a:83:2c:8c:a7:df:c0:b8:b1:02:7f:bc:bb:a3:2c:a8:f5:61:
         8e:c4:04:99:33:aa:fd:52:27:0e:a0:67:79:75:d3:8b:15:21:
         14:60:d8:98:fb:ea:b9:95:df:3a:d8:ef:b5:b9:a9:bb:4c:50:
         9d:a5:f2:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUecvybGArD3efC3EqjWCoI3JmyFcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTcwNDI5MjhaFw0yNjA2MTYwNDM0MjhaMDMxMTAvBgNV
BAMTKDRGRDNGQzhDOEMzODczOTNEMTg3MzI0RDgzQTFCQzZGNTUyODg4RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg5O9WTpG1Ek/TmoNyR1ZIQYch
Z4bi0qwUyP3mcr8tvIROfpFu1Vzp+X91r0afaeHxyzpCRCGfRF1bsbW85wCNJup4
edLpipEOJIKyl+bLwoIMXRt75QFzCBiiLo9+jVvPmWMQL1s38IFZUhjW2Xx5WEQw
gxvwfYev8wdB0QM9JoIXYEWMEuk0p6Bwxd2vZWJ/SRj/wH+italLENvDaXSSB2Kn
IpYaTrF0Z85dUP410OKhiQcuWIBlrlp1G0u4r7U6HwHLAv1cL4pg/pTvulBHakKX
YWhHnZ0rVs/MC5vPr2TQ/QdP+aXMReKgR/yE7f7D0urSZssaeDsUJDl2/CInAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUT9P8jIw4c5PRhzJNg6G8b1UoiPowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk2ODU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjxQY
MA0GCSqGSIb3DQEBCwUAA4IBAQCa3fYodgKIit3snmIjwcvCVfAhBbtkNE8sTo11
P/gVaobvwBwjqQf0zuF5c2jgZrsyj4Nyh3V+CMboprhAxJNM86W9Eb98wee4JAKr
cZrG5V0Py9Q9b39aJa7rT6e+CzCC7aEBrE0rhMfpYwhPaTN6sowQLC2YMoXMi/hV
4nxvOGo09ETQZmD19dqEOpH/nmVxXa2j/2h9wCp17YVuFivTIELrzjBVsWGYFzIA
BgwxWcQffVkTTVTSW2mn3PTyk2B77jvQN3lKgyyMp9/AuLECf7y7oyyo9WGOxASZ
M6r9UicOoGd5ddOLFSEUYNiY++q5ld862O+1uam7TFCdpfKD
-----END CERTIFICATE-----