Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS42960.roa
File:                     AS42960.roa (raw, json)
Hash identifier:          /MApW0vlmuGSFnxR7j3JFYzrtpjMIFrlumdUhErqh3w=
Subject key identifier:   42:57:4A:6A:8A:22:81:34:13:7F:76:A7:4E:89:D6:20:34:E8:21:10
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       109B230FA28B7CCE1D3A577B837859F6EBCC5956
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS42960.roa
Signing time:             Wed 18 Jun 2025 13:51:30 +0000
ROA not before:           Wed 18 Jun 2025 13:46:30 +0000
ROA not after:            Wed 17 Jun 2026 13:51:30 +0000
asID:                     42960
IP address blocks:        143.20.8.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:9b:23:0f:a2:8b:7c:ce:1d:3a:57:7b:83:78:59:f6:eb:cc:59:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 18 13:46:30 2025 GMT
            Not After : Jun 17 13:51:30 2026 GMT
        Subject: CN=42574A6A8A228134137F76A74E89D62034E82110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:13:e7:75:b0:2b:bd:f5:1b:50:85:32:f6:62:
                    ca:65:95:10:fc:30:e8:f5:fe:9a:fe:c5:f1:1c:e4:
                    91:c7:df:e6:f3:98:8a:23:97:0e:8a:1b:42:cf:c4:
                    ab:9c:be:ed:65:9a:d4:68:74:14:5e:5b:eb:cb:40:
                    31:ff:90:e1:7e:fc:42:c9:c9:d4:64:14:fb:ec:23:
                    70:e1:f4:29:fb:7a:37:df:b5:bd:93:d5:6f:dc:09:
                    11:89:ae:4a:47:85:f0:1d:d2:3c:c4:2f:2a:15:62:
                    60:f2:65:7a:04:48:f7:e5:4c:6e:b0:b1:cc:98:a1:
                    d9:c7:29:f8:8f:b8:6f:a0:ca:ff:a1:25:62:d9:a0:
                    22:6d:95:e2:7e:20:7b:32:84:5b:29:e2:28:1c:10:
                    b0:a6:e9:76:64:b4:41:fe:ec:52:e8:f6:a7:a4:a8:
                    84:b2:f1:ac:e9:7c:bc:d1:bf:59:ca:fd:f9:1d:45:
                    fe:3a:8f:e1:fc:68:85:fb:59:29:12:39:34:69:29:
                    92:f8:96:2d:ce:5c:30:51:38:38:d2:1b:ca:cc:fd:
                    dd:7a:7b:9b:d2:33:7b:21:c1:d1:c5:f0:54:f3:4f:
                    69:79:fb:82:02:24:00:98:2e:f9:54:5a:9f:77:b7:
                    03:ca:59:d6:ab:c7:22:23:f2:d3:ee:9d:c5:f6:50:
                    09:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:57:4A:6A:8A:22:81:34:13:7F:76:A7:4E:89:D6:20:34:E8:21:10
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS42960.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b5:ba:f9:f3:63:49:dc:bb:3d:e2:7c:f1:d8:11:d0:ba:50:e0:
         6d:e1:78:68:9d:bb:ef:8f:72:fb:f3:01:5b:91:e1:d5:20:29:
         e7:ac:e7:b4:8b:1b:52:12:2a:75:04:f5:c7:27:0f:5f:97:5a:
         9d:c1:41:39:65:67:6d:21:06:e1:37:2b:48:38:aa:45:cd:ae:
         ea:61:e9:3b:91:36:9d:92:86:5b:32:fe:13:01:27:86:14:53:
         72:47:68:3f:90:e3:9a:c1:60:25:75:83:12:d4:71:76:12:21:
         0a:f6:47:66:14:79:0e:17:cd:8a:60:1b:ac:33:d0:67:03:78:
         06:04:6e:7b:47:9f:80:79:1b:72:54:0b:b6:e9:11:75:8d:53:
         42:37:aa:ca:9b:46:b5:9e:e9:ff:94:2a:fb:ff:1a:c7:89:1c:
         08:09:fb:40:c7:f1:cf:1c:61:19:02:0c:97:18:01:0d:fc:69:
         7b:98:ff:cb:52:19:4a:cd:aa:a1:31:61:e8:11:b9:f5:ed:05:
         6f:eb:81:ae:c4:f7:57:a9:1f:09:20:e6:7e:11:4e:db:fd:b8:
         64:4d:59:d1:5f:67:fb:36:8a:dd:30:38:43:8a:e0:61:58:08:
         c1:64:c2:c3:e3:42:a9:19:9a:e4:f2:00:64:25:e2:f8:de:37:
         ef:71:5e:3d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEJsjD6KLfM4dOld7g3hZ9uvMWVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTgxMzQ2MzBaFw0yNjA2MTcxMzUxMzBaMDMxMTAvBgNV
BAMTKDQyNTc0QTZBOEEyMjgxMzQxMzdGNzZBNzRFODlENjIwMzRFODIxMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhE+d1sCu99RtQhTL2YspllRD8
MOj1/pr+xfEc5JHH3+bzmIojlw6KG0LPxKucvu1lmtRodBReW+vLQDH/kOF+/ELJ
ydRkFPvsI3Dh9Cn7ejfftb2T1W/cCRGJrkpHhfAd0jzELyoVYmDyZXoESPflTG6w
scyYodnHKfiPuG+gyv+hJWLZoCJtleJ+IHsyhFsp4igcELCm6XZktEH+7FLo9qek
qISy8azpfLzRv1nK/fkdRf46j+H8aIX7WSkSOTRpKZL4li3OXDBRODjSG8rM/d16
e5vSM3shwdHF8FTzT2l5+4ICJACYLvlUWp93twPKWdarxyIj8tPuncX2UAljAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUQldKaooigTQTf3anTonWIDToIRAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDI5NjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGPFAgw
DQYJKoZIhvcNAQELBQADggEBALW6+fNjSdy7PeJ88dgR0LpQ4G3heGidu++Pcvvz
AVuR4dUgKees57SLG1ISKnUE9ccnD1+XWp3BQTllZ20hBuE3K0g4qkXNruph6TuR
Np2Shlsy/hMBJ4YUU3JHaD+Q45rBYCV1gxLUcXYSIQr2R2YUeQ4XzYpgG6wz0GcD
eAYEbntHn4B5G3JUC7bpEXWNU0I3qsqbRrWe6f+UKvv/GseJHAgJ+0DH8c8cYRkC
DJcYAQ38aXuY/8tSGUrNqqExYegRufXtBW/rga7E91epHwkg5n4RTtv9uGRNWdFf
Z/s2it0wOEOK4GFYCMFkwsPjQqkZmuTyAGQl4vjeN+9xXj0=
-----END CERTIFICATE-----