Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400556.roa
File:                     AS400556.roa (raw, json)
Hash identifier:          PrmaNqr7FETY4Cb63uVeFOhMJR4O2BFYWqTMQmjl7+4=
Subject key identifier:   40:0E:5A:29:09:EE:6B:7B:04:58:AC:1C:88:42:1E:5F:A2:54:9E:B3
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0990F1025203668A8A7D4D00EC7EC7389EF42BC3
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400556.roa
Signing time:             Fri 19 Sep 2025 14:54:29 +0000
ROA not before:           Fri 19 Sep 2025 14:49:29 +0000
ROA not after:            Fri 18 Sep 2026 14:54:29 +0000
asID:                     400556
IP address blocks:        143.20.122.0/24 maxlen: 24
                          143.20.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:90:f1:02:52:03:66:8a:8a:7d:4d:00:ec:7e:c7:38:9e:f4:2b:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 19 14:49:29 2025 GMT
            Not After : Sep 18 14:54:29 2026 GMT
        Subject: CN=400E5A2909EE6B7B0458AC1C88421E5FA2549EB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bb:b5:21:96:04:e0:00:d0:6f:6c:5e:de:7b:
                    c8:9d:bd:eb:9e:66:77:b8:d6:e1:cb:7e:d0:e3:db:
                    3c:30:08:fe:d8:f7:e4:6b:ae:89:7a:fa:6a:16:cd:
                    10:12:71:ed:86:2e:c0:d8:cc:26:f6:08:99:fe:2b:
                    d2:59:4c:d2:83:7f:1e:ce:96:ce:66:64:f5:d0:5e:
                    a1:70:39:da:3d:2f:45:35:82:5b:c8:f6:84:41:1a:
                    3c:3f:4f:69:45:2c:be:4b:27:5f:e8:b2:8a:90:9b:
                    d9:f4:5d:41:d9:3a:4d:04:d0:6a:30:7b:15:08:f4:
                    87:80:3a:cb:e7:d8:c1:b8:62:79:75:cd:43:d6:7a:
                    5d:a6:51:a1:20:23:fd:54:e9:ce:de:3e:3e:ca:90:
                    40:57:a6:5a:d5:78:37:68:77:46:e4:5f:3a:63:77:
                    24:9f:be:03:cf:ab:6b:fd:c8:53:35:3a:87:fc:d3:
                    d7:4f:de:0a:6e:eb:12:66:f7:32:90:71:82:20:c2:
                    b5:8e:2c:d4:13:19:dd:7c:0f:b3:47:68:4f:15:95:
                    c0:03:53:13:ef:6e:89:17:33:7b:0a:a9:59:c0:a3:
                    28:d2:d4:f1:52:ba:8a:27:bf:20:dd:a8:be:b5:2b:
                    6c:38:32:f1:2e:47:16:63:2d:bc:e2:18:3b:3e:24:
                    c7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:0E:5A:29:09:EE:6B:7B:04:58:AC:1C:88:42:1E:5F:A2:54:9E:B3
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400556.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.122.0/24
                  143.20.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:e6:05:d6:3a:2b:3e:8b:75:1d:7e:40:cb:8b:f6:0f:23:39:
         3e:ca:22:ec:81:1f:c2:85:37:23:81:b8:c7:6a:9e:b5:ad:3d:
         e5:50:5a:2f:02:a5:34:db:ec:d0:92:e5:31:3e:bb:28:80:f8:
         d3:91:ef:4f:cc:eb:b8:f6:67:98:f7:d4:92:69:78:ae:65:d7:
         47:61:49:09:09:d1:fa:cf:c4:aa:b1:43:da:f7:bf:31:71:e4:
         b5:5b:49:e5:33:fd:9c:0d:a8:a0:68:a7:b8:fe:62:d8:f8:97:
         66:3a:cb:57:d1:a6:6c:57:a0:9f:bd:41:38:e7:a1:30:bf:e7:
         4e:6a:b0:4d:e4:79:ba:da:ef:22:fa:56:f0:1f:bf:74:4c:b5:
         b4:56:96:bc:17:1b:4a:da:48:35:08:65:d6:f4:4c:01:a9:02:
         c7:71:e5:e2:ed:3f:7e:98:5d:f0:69:be:07:7b:d9:bb:70:cc:
         da:f9:a0:5c:66:57:98:3f:b5:77:86:dd:f1:97:a4:f1:87:d9:
         74:9f:84:28:9e:67:0e:8d:b2:a0:3a:66:00:5b:d7:a0:9f:b4:
         cc:20:cf:ad:37:ae:e2:ec:95:9c:3d:8c:dc:00:7e:ac:25:71:
         77:2e:bd:f2:50:19:9b:55:c4:fb:65:55:77:92:8e:a3:78:6a:
         d7:7b:8d:91
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUCZDxAlIDZoqKfU0A7H7HOJ70K8MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MTkxNDQ5MjlaFw0yNjA5MTgxNDU0MjlaMDMxMTAvBgNV
BAMTKDQwMEU1QTI5MDlFRTZCN0IwNDU4QUMxQzg4NDIxRTVGQTI1NDlFQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqu7UhlgTgANBvbF7ee8idveue
Zne41uHLftDj2zwwCP7Y9+Rrrol6+moWzRASce2GLsDYzCb2CJn+K9JZTNKDfx7O
ls5mZPXQXqFwOdo9L0U1glvI9oRBGjw/T2lFLL5LJ1/osoqQm9n0XUHZOk0E0Gow
exUI9IeAOsvn2MG4Ynl1zUPWel2mUaEgI/1U6c7ePj7KkEBXplrVeDdod0bkXzpj
dySfvgPPq2v9yFM1Oof809dP3gpu6xJm9zKQcYIgwrWOLNQTGd18D7NHaE8VlcAD
UxPvbokXM3sKqVnAoyjS1PFSuoonvyDdqL61K2w4MvEuRxZjLbziGDs+JMdLAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUQA5aKQnua3sEWKwciEIeX6JUnrMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAwNTU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxR6
AwQAjxSHMA0GCSqGSIb3DQEBCwUAA4IBAQBN5gXWOis+i3UdfkDLi/YPIzk+yiLs
gR/ChTcjgbjHap61rT3lUFovAqU02+zQkuUxPrsogPjTke9PzOu49meY99SSaXiu
ZddHYUkJCdH6z8SqsUPa978xceS1W0nlM/2cDaigaKe4/mLY+JdmOstX0aZsV6Cf
vUE456Ewv+dOarBN5Hm62u8i+lbwH790TLW0Vpa8FxtK2kg1CGXW9EwBqQLHceXi
7T9+mF3wab4He9m7cMza+aBcZleYP7V3ht3xl6Txh9l0n4QonmcOjbKgOmYAW9eg
n7TMIM+tN67i7JWcPYzcAH6sJXF3Lr3yUBmbVcT7ZVV3ko6jeGrXe42R
-----END CERTIFICATE-----