Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401776.roa
File:                     AS401776.roa (raw, json)
Hash identifier:          jhT5omeNIIfaNu+CE/Njo6zg7g9L9yD+mkLnCfHx/Cs=
Subject key identifier:   B9:26:48:3F:A0:F9:01:B3:6E:A0:E8:79:F8:2F:66:A8:15:D5:7D:41
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2CEB00C001C17A0E8E5889B7B71EA674C31DAD60
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401776.roa
Signing time:             Sun 28 Sep 2025 06:19:49 +0000
ROA not before:           Sun 28 Sep 2025 06:14:49 +0000
ROA not after:            Sun 27 Sep 2026 06:19:49 +0000
asID:                     401776
IP address blocks:        143.20.106.0/24 maxlen: 24
                          143.20.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:eb:00:c0:01:c1:7a:0e:8e:58:89:b7:b7:1e:a6:74:c3:1d:ad:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 28 06:14:49 2025 GMT
            Not After : Sep 27 06:19:49 2026 GMT
        Subject: CN=B926483FA0F901B36EA0E879F82F66A815D57D41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bf:03:ef:82:c6:94:2a:f3:81:14:57:4f:ed:
                    6b:00:c9:0f:f1:ac:58:6c:e0:e6:ef:51:f7:9f:2a:
                    76:30:98:ec:aa:73:f4:08:a5:3e:67:93:9f:9a:99:
                    ac:b9:6d:20:3c:0d:26:25:a6:55:cd:a0:4e:62:50:
                    9c:9b:e9:7c:88:c6:d2:e5:b8:7a:98:83:e2:62:11:
                    76:d9:8f:6d:2f:8d:74:f1:07:d6:de:fe:1e:50:84:
                    3c:0c:5a:89:ae:42:c5:f2:e0:75:41:fc:60:9a:0a:
                    2b:bc:31:80:0f:bb:ea:4c:02:ac:30:92:a9:0c:c1:
                    3a:e7:bd:f0:17:18:42:1d:fa:63:f3:64:1f:fb:94:
                    00:ab:2b:17:32:cb:d4:97:3d:22:ad:c1:63:22:a2:
                    c5:a3:4b:40:89:d5:66:34:bc:48:34:c1:d1:e9:9f:
                    1e:d1:03:7d:0f:c9:40:ff:dd:ae:f0:bb:fb:1c:ba:
                    17:f3:5a:ce:a4:7b:6d:c1:61:03:06:28:b0:21:c8:
                    a8:7d:fb:d2:f6:ed:a2:bd:2b:16:d3:d5:5e:d0:af:
                    e5:52:a3:26:56:42:d8:56:76:6a:0a:83:95:2e:17:
                    fc:92:ef:c3:a3:f4:fa:4c:aa:15:53:8f:0e:0c:da:
                    ae:b2:da:be:05:06:2a:87:df:c7:81:fb:80:73:31:
                    0c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:26:48:3F:A0:F9:01:B3:6E:A0:E8:79:F8:2F:66:A8:15:D5:7D:41
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401776.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.106.0/24
                  143.20.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:59:6e:01:d4:ba:b5:d9:a5:24:5d:cb:c5:e9:f0:ae:10:d5:
         c8:81:80:6b:fd:83:47:a3:a6:75:d1:30:43:cf:28:0a:8a:74:
         36:6c:54:88:5f:2e:87:44:17:67:9f:bc:98:9a:e3:4b:11:59:
         bb:04:b8:5c:63:aa:6b:e8:42:16:28:30:01:9e:8a:7a:77:7c:
         b1:84:37:e3:e2:f7:c8:c2:58:c9:95:1c:2e:2b:77:e2:38:5f:
         38:0f:1c:e1:14:35:a5:33:7d:55:56:49:5b:fe:c8:e7:f2:7a:
         5b:26:6e:ee:79:22:b1:73:29:a3:bc:b5:d9:13:ea:16:e8:b2:
         73:d3:c5:71:87:18:d3:e1:e9:d0:d6:12:d4:a6:28:73:84:75:
         ca:bc:21:3f:2b:0d:60:43:8d:25:f4:0f:b3:5c:af:33:a7:97:
         9c:2f:4c:23:a9:05:55:8f:75:8a:76:f9:9a:52:7f:13:6a:ea:
         7e:e3:dd:d7:0d:78:df:86:1e:fb:c7:bd:03:28:bf:21:8e:84:
         03:ee:97:23:fb:af:80:45:1a:bb:a6:e7:42:47:a8:63:84:06:
         00:e3:cf:04:bd:4a:43:e3:a5:e7:a9:b4:14:a3:5b:80:06:a7:
         50:f9:43:22:9b:a4:7d:7f:3a:19:a4:93:34:02:e9:0e:0b:ac:
         62:fc:a4:86
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIULOsAwAHBeg6OWIm3tx6mdMMdrWAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjgwNjE0NDlaFw0yNjA5MjcwNjE5NDlaMDMxMTAvBgNV
BAMTKEI5MjY0ODNGQTBGOTAxQjM2RUEwRTg3OUY4MkY2NkE4MTVENTdENDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQvwPvgsaUKvOBFFdP7WsAyQ/x
rFhs4ObvUfefKnYwmOyqc/QIpT5nk5+amay5bSA8DSYlplXNoE5iUJyb6XyIxtLl
uHqYg+JiEXbZj20vjXTxB9be/h5QhDwMWomuQsXy4HVB/GCaCiu8MYAPu+pMAqww
kqkMwTrnvfAXGEId+mPzZB/7lACrKxcyy9SXPSKtwWMiosWjS0CJ1WY0vEg0wdHp
nx7RA30PyUD/3a7wu/scuhfzWs6ke23BYQMGKLAhyKh9+9L27aK9KxbT1V7Qr+VS
oyZWQthWdmoKg5UuF/yS78Oj9PpMqhVTjw4M2q6y2r4FBiqH38eB+4BzMQx7AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUuSZIP6D5AbNuoOh5+C9mqBXVfUEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAxNzc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRq
AwQAjxSyMA0GCSqGSIb3DQEBCwUAA4IBAQAjWW4B1Lq12aUkXcvF6fCuENXIgYBr
/YNHo6Z10TBDzygKinQ2bFSIXy6HRBdnn7yYmuNLEVm7BLhcY6pr6EIWKDABnop6
d3yxhDfj4vfIwljJlRwuK3fiOF84DxzhFDWlM31VVklb/sjn8npbJm7ueSKxcymj
vLXZE+oW6LJz08VxhxjT4enQ1hLUpihzhHXKvCE/Kw1gQ40l9A+zXK8zp5ecL0wj
qQVVj3WKdvmaUn8Taup+493XDXjfhh77x70DKL8hjoQD7pcj+6+ARRq7pudCR6hj
hAYA488EvUpD46XnqbQUo1uABqdQ+UMim6R9fzoZpJM0AukOC6xi/KSG
-----END CERTIFICATE-----