Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS402215.roa
File:                     AS402215.roa (raw, json)
Hash identifier:          Cf2wwAIByxAH/CKhsC8Fv60tVZr1KMxjq8L6IC2c25E=
Subject key identifier:   F2:41:47:E8:01:9C:AC:D6:FA:11:6A:38:E2:37:92:88:39:87:C6:61
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0B74595E3DD1C15C9E5D67503CAFD726550D17D2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS402215.roa
Signing time:             Sat 09 May 2026 07:46:41 +0000
ROA not before:           Sat 09 May 2026 07:41:41 +0000
ROA not after:            Sat 08 May 2027 07:46:41 +0000
asID:                     402215
IP address blocks:        143.20.43.0/24 maxlen: 24
                          143.20.71.0/24 maxlen: 24
                          143.20.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:74:59:5e:3d:d1:c1:5c:9e:5d:67:50:3c:af:d7:26:55:0d:17:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  9 07:41:41 2026 GMT
            Not After : May  8 07:46:41 2027 GMT
        Subject: CN=F24147E8019CACD6FA116A38E23792883987C661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fc:e6:a4:5f:77:92:45:b7:53:e0:0e:69:8f:
                    ab:ce:2c:0a:9f:d4:96:d6:3f:fb:47:49:c7:ca:d1:
                    d3:26:69:5b:c2:34:5c:f3:be:37:b0:ec:ab:d4:b3:
                    93:b1:19:eb:ab:a2:02:dc:1a:dd:cc:55:be:18:88:
                    b9:cd:d9:52:01:ce:62:78:08:16:c5:26:74:f9:86:
                    09:62:32:40:cd:75:45:a3:05:c0:38:74:74:5c:c5:
                    42:60:0b:05:c6:70:fd:8a:b5:fe:b0:51:29:1c:d9:
                    2f:9c:e6:23:bc:dc:ef:a0:d3:84:3e:00:7e:c7:2f:
                    00:10:01:d3:ee:1f:bd:41:3d:1b:25:45:32:79:80:
                    cb:d2:dc:da:cf:4c:09:cc:6d:da:ee:23:e0:f2:f0:
                    77:64:6e:b5:a4:d5:48:a8:73:7f:2a:ba:77:eb:5e:
                    07:50:f4:ce:67:0e:90:90:35:ab:3a:4f:48:6a:1a:
                    ed:25:0a:dd:7f:28:47:e3:f8:12:2d:89:db:72:a3:
                    b2:2b:39:ae:c9:8d:e3:94:0e:ef:e3:42:49:b2:a2:
                    93:2a:b7:de:9b:4f:63:6e:1a:df:44:54:04:b3:dc:
                    c8:c5:17:b0:10:21:21:c8:2d:17:07:61:de:61:b0:
                    71:42:ac:1f:66:05:9e:90:b2:d1:1f:90:b7:20:44:
                    4f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:41:47:E8:01:9C:AC:D6:FA:11:6A:38:E2:37:92:88:39:87:C6:61
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS402215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.43.0/24
                  143.20.71.0/24
                  143.20.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:9a:db:1f:f3:c3:c1:95:67:d9:7e:56:5b:2a:b1:55:f2:93:
         34:77:f2:b3:a7:2f:53:69:2f:7e:37:fa:da:13:60:d7:f5:cf:
         7b:e1:89:7c:e3:07:4d:a5:02:84:62:63:4b:2d:7d:2e:da:d6:
         05:3b:85:db:33:7f:74:7c:55:7b:11:dc:59:06:33:55:4a:40:
         e4:3d:f9:a3:14:b1:d2:0e:a1:66:e7:7d:3e:0f:8f:ab:e9:08:
         04:25:24:67:42:a9:ae:f5:e4:2e:80:96:07:ab:cf:4c:15:fe:
         6a:0c:ef:89:d4:25:9c:0f:34:39:5d:a5:ff:9b:04:5f:b0:7b:
         ea:91:2c:83:f2:ba:2d:98:8f:57:c5:a4:77:77:8d:e1:cb:24:
         83:36:cc:45:1a:60:c1:b7:9c:ec:85:d1:5c:bc:c4:5f:45:98:
         71:64:31:ef:fd:9d:4e:ab:e9:30:2d:83:47:2a:21:c0:ff:35:
         66:e7:62:f0:db:8b:db:3f:49:05:b1:d7:72:de:26:00:8c:7f:
         af:4b:fe:6f:c6:fe:15:44:9c:5d:61:e5:e4:f7:50:98:7f:b1:
         34:b7:b9:78:26:12:07:cc:04:1b:9e:88:e4:d1:d0:24:fb:90:
         6e:66:5d:a5:4b:3d:99:82:89:17:56:3a:43:d0:7b:08:55:14:
         1c:c8:47:65
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUC3RZXj3RwVyeXWdQPK/XJlUNF9IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MDkwNzQxNDFaFw0yNzA1MDgwNzQ2NDFaMDMxMTAvBgNV
BAMTKEYyNDE0N0U4MDE5Q0FDRDZGQTExNkEzOEUyMzc5Mjg4Mzk4N0M2NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD/OakX3eSRbdT4A5pj6vOLAqf
1JbWP/tHScfK0dMmaVvCNFzzvjew7KvUs5OxGeurogLcGt3MVb4YiLnN2VIBzmJ4
CBbFJnT5hgliMkDNdUWjBcA4dHRcxUJgCwXGcP2Ktf6wUSkc2S+c5iO83O+g04Q+
AH7HLwAQAdPuH71BPRslRTJ5gMvS3NrPTAnMbdruI+Dy8HdkbrWk1Uioc38qunfr
XgdQ9M5nDpCQNas6T0hqGu0lCt1/KEfj+BItidtyo7IrOa7JjeOUDu/jQkmyopMq
t96bT2NuGt9EVASz3MjFF7AQISHILRcHYd5hsHFCrB9mBZ6QstEfkLcgRE/lAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU8kFH6AGcrNb6EWo44jeSiDmHxmEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAyMjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxQr
AwQAjxRHAwQAjxR0MA0GCSqGSIb3DQEBCwUAA4IBAQADmtsf88PBlWfZflZbKrFV
8pM0d/Kzpy9TaS9+N/raE2DX9c974Yl84wdNpQKEYmNLLX0u2tYFO4XbM390fFV7
EdxZBjNVSkDkPfmjFLHSDqFm530+D4+r6QgEJSRnQqmu9eQugJYHq89MFf5qDO+J
1CWcDzQ5XaX/mwRfsHvqkSyD8rotmI9XxaR3d43hyySDNsxFGmDBt5zshdFcvMRf
RZhxZDHv/Z1Oq+kwLYNHKiHA/zVm52Lw24vbP0kFsddy3iYAjH+vS/5vxv4VRJxd
YeXk91CYf7E0t7l4JhIHzAQbnojk0dAk+5BuZl2lSz2ZgokXVjpD0HsIVRQcyEdl
-----END CERTIFICATE-----