Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          sWZXzfzDFJOBde3ltmX29nNGqFY4e+ftOwoUJ9zPcfw=
Subject key identifier:   BE:89:E5:BE:1D:CD:D3:74:89:ED:A7:C5:EE:6A:22:21:99:5E:F8:C6
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5B2837EB466D506DF5DE69704C3437B3A78871E3
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS57043.roa
Signing time:             Mon 25 Aug 2025 03:35:18 +0000
ROA not before:           Mon 25 Aug 2025 03:30:18 +0000
ROA not after:            Mon 24 Aug 2026 03:35:18 +0000
asID:                     57043
IP address blocks:        143.20.39.0/24 maxlen: 24
                          143.20.82.0/24 maxlen: 24
                          143.20.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:44:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:28:37:eb:46:6d:50:6d:f5:de:69:70:4c:34:37:b3:a7:88:71:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 25 03:30:18 2025 GMT
            Not After : Aug 24 03:35:18 2026 GMT
        Subject: CN=BE89E5BE1DCDD37489EDA7C5EE6A2221995EF8C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:25:4c:4a:23:76:0e:49:2b:c1:99:40:ca:11:
                    35:c5:cf:c4:56:af:4d:59:35:a0:0a:54:b8:13:ab:
                    a4:4f:83:f6:f9:23:a2:79:5d:43:3e:be:4e:48:fa:
                    1b:9c:9f:54:91:69:05:4a:e1:30:0e:1a:1c:80:8e:
                    22:15:2d:2d:a1:59:dc:e2:25:7a:b9:08:bf:7b:91:
                    f8:dd:99:de:6d:f8:6d:ab:fb:c8:a8:3b:e9:4f:2f:
                    aa:32:c4:73:3f:25:c7:49:83:0b:a2:0f:5a:db:35:
                    48:a1:ce:a6:3f:18:73:5f:f9:21:eb:07:ba:2a:70:
                    5c:df:58:0c:f7:9d:4b:92:71:32:ec:e5:a9:6b:6f:
                    d2:c3:cb:ce:44:6d:fe:cd:62:e9:c1:c9:57:0a:d0:
                    bb:34:85:ca:49:69:4c:d5:ca:07:fe:7a:3b:7a:e9:
                    a9:b8:22:92:de:ae:4f:60:a0:34:8c:4c:9d:26:dc:
                    5a:35:c6:1d:a0:77:31:ce:17:a6:ff:71:85:2c:d0:
                    8d:86:a6:b3:c4:ff:c2:0b:46:f1:af:4b:0d:a4:e4:
                    6b:11:f2:ff:34:ca:41:a2:c8:fa:3f:20:90:f9:0d:
                    67:dc:38:da:a6:e7:20:ee:e5:19:d4:57:ca:73:18:
                    7a:2b:c3:84:52:56:55:a1:0e:28:30:d0:a0:d5:3c:
                    81:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:89:E5:BE:1D:CD:D3:74:89:ED:A7:C5:EE:6A:22:21:99:5E:F8:C6
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.39.0/24
                  143.20.82.0/24
                  143.20.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:68:9a:d4:be:d9:32:4a:3c:92:43:a0:90:86:54:a8:f0:ef:
         e5:56:e5:62:48:65:df:44:15:d0:ee:ed:2b:b0:f8:40:fb:43:
         90:83:da:ba:1d:8d:2a:88:d1:bf:8e:eb:0c:31:e6:12:84:e0:
         15:90:3f:72:05:75:b4:6a:be:d5:d7:c5:50:80:94:5f:a7:37:
         05:54:87:02:bf:8e:0a:3a:2f:f3:e1:ad:e4:22:d7:50:d1:9f:
         c7:16:dd:5b:01:f1:31:3d:a6:9b:59:fc:52:a6:7e:57:15:ab:
         0a:b2:3c:97:50:75:05:0c:8f:1f:e2:6e:e8:09:1a:f7:94:31:
         85:ee:9d:41:d8:dc:8e:0c:2e:25:b1:c2:1d:5d:85:0b:ee:c3:
         c5:f4:f9:27:1b:16:2e:ef:a6:6c:15:ac:27:f8:39:d3:46:ca:
         4b:37:d6:45:46:bb:a1:a3:36:e1:ac:a2:3f:5c:0e:39:0f:0c:
         e0:74:1a:c8:9b:dd:80:16:9b:09:0e:67:a6:93:2a:00:c2:e2:
         b7:dd:4a:52:2b:b8:0c:9c:84:19:11:57:70:a2:78:3f:ac:7c:
         ea:cb:8f:5c:95:6c:be:4e:52:6e:d2:b3:f7:fc:7a:dc:94:22:
         4b:ee:3d:69:3e:11:fa:bd:41:ae:9f:66:2f:b1:a2:7d:6a:34:
         d5:a5:75:78
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUWyg360ZtUG313mlwTDQ3s6eIceMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MjUwMzMwMThaFw0yNjA4MjQwMzM1MThaMDMxMTAvBgNV
BAMTKEJFODlFNUJFMURDREQzNzQ4OUVEQTdDNUVFNkEyMjIxOTk1RUY4QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTJUxKI3YOSSvBmUDKETXFz8RW
r01ZNaAKVLgTq6RPg/b5I6J5XUM+vk5I+hucn1SRaQVK4TAOGhyAjiIVLS2hWdzi
JXq5CL97kfjdmd5t+G2r+8ioO+lPL6oyxHM/JcdJgwuiD1rbNUihzqY/GHNf+SHr
B7oqcFzfWAz3nUuScTLs5alrb9LDy85Ebf7NYunByVcK0Ls0hcpJaUzVygf+ejt6
6am4IpLerk9goDSMTJ0m3Fo1xh2gdzHOF6b/cYUs0I2GprPE/8ILRvGvSw2k5GsR
8v80ykGiyPo/IJD5DWfcONqm5yDu5RnUV8pzGHorw4RSVlWhDigw0KDVPIFJAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUvonlvh3N03SJ7afF7moiIZle+MYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPFCcD
BACPFFIDBACPFM0wDQYJKoZIhvcNAQELBQADggEBADRomtS+2TJKPJJDoJCGVKjw
7+VW5WJIZd9EFdDu7Suw+ED7Q5CD2rodjSqI0b+O6wwx5hKE4BWQP3IFdbRqvtXX
xVCAlF+nNwVUhwK/jgo6L/PhreQi11DRn8cW3VsB8TE9pptZ/FKmflcVqwqyPJdQ
dQUMjx/ibugJGveUMYXunUHY3I4MLiWxwh1dhQvuw8X0+ScbFi7vpmwVrCf4OdNG
yks31kVGu6GjNuGsoj9cDjkPDOB0Gsib3YAWmwkOZ6aTKgDC4rfdSlIruAychBkR
V3CieD+sfOrLj1yVbL5OUm7Ss/f8etyUIkvuPWk+Efq9Qa6fZi+xon1qNNWldXg=
-----END CERTIFICATE-----