Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS402257.roa
File:                     AS402257.roa (raw, json)
Hash identifier:          lDMktxbz6fwDWSRoDC/jQi/fF7k4X1hgD+T9HNRGGZQ=
Subject key identifier:   08:08:E9:57:92:52:61:8C:64:95:FE:92:A3:88:19:32:85:3D:F1:53
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       22B2C6D552CA3459B7B0348964D11CC601346551
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS402257.roa
Signing time:             Fri 08 May 2026 14:13:16 +0000
ROA not before:           Fri 08 May 2026 14:08:16 +0000
ROA not after:            Fri 07 May 2027 14:13:16 +0000
asID:                     402257
IP address blocks:        143.20.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:b2:c6:d5:52:ca:34:59:b7:b0:34:89:64:d1:1c:c6:01:34:65:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  8 14:08:16 2026 GMT
            Not After : May  7 14:13:16 2027 GMT
        Subject: CN=0808E9579252618C6495FE92A3881932853DF153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a7:fe:45:12:f5:db:c0:ba:f9:33:44:74:83:
                    dd:47:22:ff:14:33:fc:9c:60:61:2d:85:1e:17:ed:
                    fa:a9:5b:96:42:40:b6:86:fd:ff:c2:c2:8d:09:9c:
                    4e:2b:46:4b:50:3d:31:6a:52:ba:9b:e4:38:ed:31:
                    8a:da:bf:27:c7:7b:de:84:17:34:34:5b:0d:82:60:
                    ea:8a:37:36:30:40:b8:6a:c6:b7:6e:95:c9:1b:87:
                    38:38:b1:f6:6c:35:17:cc:8e:84:9e:3c:a4:2e:e0:
                    52:35:d9:1c:6b:5c:9b:fb:e7:fc:5a:c2:95:4a:fe:
                    4b:11:04:fd:42:be:50:3b:08:72:80:6a:8d:6a:83:
                    41:a4:31:3a:15:d0:49:2d:9c:2e:33:30:fc:cb:7b:
                    8f:5c:87:40:80:27:50:ef:19:3d:93:17:27:53:42:
                    7c:d8:52:8c:64:2e:23:65:e4:cf:05:b6:c9:7d:bd:
                    2e:02:14:eb:d8:14:d3:13:f7:01:f7:86:fe:92:85:
                    3b:d1:38:ea:d5:cf:97:18:c0:6f:08:ae:d8:b2:e1:
                    b7:e9:76:89:96:0a:58:ed:79:40:e0:a7:4c:b6:93:
                    c6:03:53:12:5d:3c:05:6d:01:69:d9:3a:56:6d:72:
                    8d:7b:0b:5f:a9:c3:14:d0:75:39:0c:79:3d:9f:e3:
                    2a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:08:E9:57:92:52:61:8C:64:95:FE:92:A3:88:19:32:85:3D:F1:53
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS402257.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:3c:5d:27:39:87:7f:19:13:5c:e4:5b:5b:d4:c5:ca:87:7b:
         0f:7b:97:ae:01:9a:99:75:d2:46:df:52:65:df:75:a9:48:30:
         3c:93:d5:14:c2:57:d5:a3:44:1a:05:99:93:b8:2f:c9:91:fd:
         ac:d7:5a:17:4f:bc:c4:c6:76:95:3b:51:cb:d9:53:72:cc:94:
         ab:0b:9b:a0:2d:22:75:db:d2:b6:37:90:04:a8:69:40:44:0a:
         89:5f:d7:ac:9c:ab:03:a2:9f:14:b0:59:f0:5c:d3:29:9f:9f:
         a9:ad:60:6b:e2:e9:1e:6e:3d:05:89:85:52:dd:72:d7:94:10:
         50:23:fe:ef:67:3e:96:41:79:43:a1:eb:ef:93:6d:4a:fb:d7:
         2b:32:4b:3f:f7:d1:d3:35:2e:48:bb:8d:b1:57:f8:12:6c:f2:
         7a:91:ce:25:9d:e1:5b:e4:1e:f9:bd:50:f6:f1:86:c3:ba:34:
         16:87:ae:ce:fb:01:4f:52:53:ba:59:3f:5d:73:12:00:8e:9d:
         b6:84:e0:de:d6:8a:47:b1:48:54:74:d5:96:e7:4f:b8:98:66:
         69:a3:b9:0d:f1:8c:86:f3:29:a9:ab:a1:a2:98:20:ea:f5:d7:
         4e:29:38:2f:8c:44:4d:92:6f:67:91:45:33:b5:51:52:18:e9:
         bc:9f:67:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIrLG1VLKNFm3sDSJZNEcxgE0ZVEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MDgxNDA4MTZaFw0yNzA1MDcxNDEzMTZaMDMxMTAvBgNV
BAMTKDA4MDhFOTU3OTI1MjYxOEM2NDk1RkU5MkEzODgxOTMyODUzREYxNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxp/5FEvXbwLr5M0R0g91HIv8U
M/ycYGEthR4X7fqpW5ZCQLaG/f/Cwo0JnE4rRktQPTFqUrqb5DjtMYravyfHe96E
FzQ0Ww2CYOqKNzYwQLhqxrdulckbhzg4sfZsNRfMjoSePKQu4FI12RxrXJv75/xa
wpVK/ksRBP1CvlA7CHKAao1qg0GkMToV0EktnC4zMPzLe49ch0CAJ1DvGT2TFydT
QnzYUoxkLiNl5M8Ftsl9vS4CFOvYFNMT9wH3hv6ShTvROOrVz5cYwG8Irtiy4bfp
domWCljteUDgp0y2k8YDUxJdPAVtAWnZOlZtco17C1+pwxTQdTkMeT2f4yoRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCAjpV5JSYYxklf6So4gZMoU98VMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAyMjU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxT/
MA0GCSqGSIb3DQEBCwUAA4IBAQBXPF0nOYd/GRNc5Ftb1MXKh3sPe5euAZqZddJG
31Jl33WpSDA8k9UUwlfVo0QaBZmTuC/Jkf2s11oXT7zExnaVO1HL2VNyzJSrC5ug
LSJ129K2N5AEqGlARAqJX9esnKsDop8UsFnwXNMpn5+prWBr4ukebj0FiYVS3XLX
lBBQI/7vZz6WQXlDoevvk21K+9crMks/99HTNS5Iu42xV/gSbPJ6kc4lneFb5B75
vVD28YbDujQWh67O+wFPUlO6WT9dcxIAjp22hODe1opHsUhUdNWW50+4mGZpo7kN
8YyG8ympq6GimCDq9ddOKTgvjERNkm9nkUUztVFSGOm8n2cM
-----END CERTIFICATE-----