Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS402204.roa
File:                     AS402204.roa (raw, json)
Hash identifier:          YJNpuiIWToiRY+1VJYZ4OGBNx8UfEyJJmIy7DxXO5hA=
Subject key identifier:   50:FE:DB:07:4D:B0:10:95:B0:5A:2E:78:99:9C:76:E4:BE:2C:A2:4E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1F9D8C7E32210AB33B108270CF1CD0791CDABC66
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS402204.roa
Signing time:             Wed 25 Mar 2026 11:40:52 +0000
ROA not before:           Wed 25 Mar 2026 11:35:52 +0000
ROA not after:            Wed 24 Mar 2027 11:40:52 +0000
asID:                     402204
IP address blocks:        143.20.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 20:56:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:9d:8c:7e:32:21:0a:b3:3b:10:82:70:cf:1c:d0:79:1c:da:bc:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Mar 25 11:35:52 2026 GMT
            Not After : Mar 24 11:40:52 2027 GMT
        Subject: CN=50FEDB074DB01095B05A2E78999C76E4BE2CA24E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:61:93:28:6e:b7:ee:2f:4a:77:c8:8f:ce:29:
                    20:1a:d1:40:fe:17:41:88:fc:29:02:60:44:aa:05:
                    5b:ca:b9:be:23:9e:0d:dc:26:e5:be:bc:d1:cb:98:
                    6e:ce:dd:8b:26:5d:e5:67:a4:d5:fb:5e:bf:6e:c5:
                    54:61:39:b7:63:46:07:01:93:77:4f:4a:82:a6:2f:
                    9d:8a:3b:b5:79:bb:75:0f:6b:af:e6:34:f6:44:2c:
                    55:e7:ac:de:fb:2f:ad:c2:ce:be:34:c5:1e:f1:7c:
                    89:4b:66:fe:a4:05:4f:a5:8e:21:b3:7f:7c:b5:c7:
                    a0:b9:e9:3b:10:78:15:d3:cd:e5:47:87:ff:6f:17:
                    e9:ff:c4:4f:67:02:33:1f:c9:fc:7a:21:84:84:22:
                    38:cd:78:f1:70:ad:c4:db:8f:a8:7b:71:24:49:1d:
                    9f:fb:41:7c:f4:19:be:74:0b:5e:21:dc:a7:d1:c3:
                    ee:0b:5b:cc:62:af:b8:1e:12:bf:1d:93:0c:cd:5f:
                    cf:b3:e0:73:1e:ed:31:33:d6:be:28:1a:be:39:16:
                    c2:3f:83:1a:53:68:dd:c6:9b:43:9a:f7:27:ee:cc:
                    f4:da:3a:b9:25:cc:7d:4d:f4:57:a2:c0:9f:d7:00:
                    af:e4:e8:db:f7:89:60:0b:5d:12:19:22:67:5d:35:
                    f2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:FE:DB:07:4D:B0:10:95:B0:5A:2E:78:99:9C:76:E4:BE:2C:A2:4E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS402204.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:b1:68:da:b7:8c:55:48:ed:00:e3:48:9a:77:61:af:43:3e:
         39:87:34:f6:78:19:97:f8:9e:b0:1a:2a:6e:57:2a:92:6b:ad:
         77:b6:25:95:8f:f7:23:31:f8:35:d7:03:75:1f:9f:bc:4c:4f:
         61:05:61:b5:d1:3a:51:df:66:3a:fb:ce:00:0b:19:80:fa:1e:
         c1:dd:75:97:c3:14:f9:6d:ba:b7:ac:9b:fd:72:2e:aa:f7:b0:
         c1:f6:26:67:70:59:f8:7e:c5:17:59:11:65:e3:9f:24:2c:0a:
         49:d3:25:db:b9:bc:39:2a:73:68:bb:ec:bf:1e:13:f0:6e:fe:
         aa:a5:a4:ee:e9:31:1a:f1:2e:1f:f7:73:6c:68:15:ad:bf:bb:
         3e:25:52:32:25:4b:03:7c:7d:a8:15:28:87:63:60:98:6a:ec:
         41:2e:b8:f7:81:cb:ca:0a:c6:2d:84:8c:32:a4:ae:c4:e2:bf:
         b8:e9:02:fe:f2:ae:54:52:d8:99:97:67:8f:6f:d0:25:1e:04:
         db:83:12:bb:83:4c:44:d5:00:14:85:6b:00:14:dc:1e:81:94:
         ef:8f:d9:00:2d:25:9e:b5:53:a9:67:0c:e1:95:1d:53:50:3c:
         2b:30:16:d1:f3:92:91:49:0c:f3:b4:94:c4:c6:11:5d:8f:11:
         ea:73:e6:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUH52MfjIhCrM7EIJwzxzQeRzavGYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMjUxMTM1NTJaFw0yNzAzMjQxMTQwNTJaMDMxMTAvBgNV
BAMTKDUwRkVEQjA3NERCMDEwOTVCMDVBMkU3ODk5OUM3NkU0QkUyQ0EyNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChYZMobrfuL0p3yI/OKSAa0UD+
F0GI/CkCYESqBVvKub4jng3cJuW+vNHLmG7O3YsmXeVnpNX7Xr9uxVRhObdjRgcB
k3dPSoKmL52KO7V5u3UPa6/mNPZELFXnrN77L63Czr40xR7xfIlLZv6kBU+ljiGz
f3y1x6C56TsQeBXTzeVHh/9vF+n/xE9nAjMfyfx6IYSEIjjNePFwrcTbj6h7cSRJ
HZ/7QXz0Gb50C14h3KfRw+4LW8xir7geEr8dkwzNX8+z4HMe7TEz1r4oGr45FsI/
gxpTaN3Gm0Oa9yfuzPTaOrklzH1N9FeiwJ/XAK/k6Nv3iWALXRIZImddNfLxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUP7bB02wEJWwWi54mZx25L4sok4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAyMjA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCMsWjat4xVSO0A40iad2GvQz45hzT2eBmX+J6w
GipuVyqSa613tiWVj/cjMfg11wN1H5+8TE9hBWG10TpR32Y6+84ACxmA+h7B3XWX
wxT5bbq3rJv9ci6q97DB9iZncFn4fsUXWRFl458kLApJ0yXbubw5KnNou+y/HhPw
bv6qpaTu6TEa8S4f93NsaBWtv7s+JVIyJUsDfH2oFSiHY2CYauxBLrj3gcvKCsYt
hIwypK7E4r+46QL+8q5UUtiZl2ePb9AlHgTbgxK7g0xE1QAUhWsAFNwegZTvj9kA
LSWetVOpZwzhlR1TUDwrMBbR85KRSQzztJTExhFdjxHqc+bO
-----END CERTIFICATE-----