Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          Ro1VKQPl0yrZnQ8VwxYEyBBYSvZqz1r5728QsNKEzv8=
Subject key identifier:   3F:C4:68:8E:2A:C3:F0:90:1D:9B:39:14:6D:95:4D:91:F9:36:EB:D5
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4CC7177326E8805E195C45C73E02BE95AD405990
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS57043.roa
Signing time:             Thu 14 Aug 2025 03:15:04 +0000
ROA not before:           Thu 14 Aug 2025 03:10:04 +0000
ROA not after:            Thu 13 Aug 2026 03:15:04 +0000
asID:                     57043
IP address blocks:        143.20.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:c7:17:73:26:e8:80:5e:19:5c:45:c7:3e:02:be:95:ad:40:59:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 14 03:10:04 2025 GMT
            Not After : Aug 13 03:15:04 2026 GMT
        Subject: CN=3FC4688E2AC3F0901D9B39146D954D91F936EBD5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:54:b8:11:e3:a3:01:73:30:d4:1d:af:04:db:
                    2d:d4:c7:bc:80:c2:31:4b:e6:0f:d6:71:e4:72:d2:
                    f9:a8:be:9b:d0:2a:d5:6f:05:4b:84:fb:bb:ca:13:
                    7a:d6:6b:aa:4a:05:2d:40:09:b3:60:bd:cc:4c:03:
                    74:fd:bd:bb:62:65:9f:de:09:ea:ba:57:7e:e4:72:
                    7a:e4:51:cf:ca:bf:7b:a7:4f:85:58:d8:a0:b8:45:
                    aa:bd:52:4e:8d:a4:4c:c4:df:87:77:be:b1:8f:8d:
                    b9:9f:9c:2f:b0:93:f2:a0:95:06:28:6a:44:88:a8:
                    11:6b:78:cd:53:0b:2a:ea:f2:a2:45:f9:4d:bd:b5:
                    27:3e:df:78:c4:41:a8:e8:e0:cf:17:92:b1:e2:11:
                    5f:0e:24:51:ff:f1:ae:79:c1:df:a8:7c:38:d2:86:
                    84:5d:73:34:25:ce:94:49:1f:14:e4:22:64:ed:aa:
                    da:69:49:e2:ed:4c:5a:0d:7e:15:c4:bc:f6:0d:21:
                    8c:b8:8a:08:9d:df:36:16:21:d0:34:69:11:d9:9c:
                    32:af:a0:9f:cd:b8:ec:db:e9:b4:36:06:f6:00:18:
                    bc:fc:3f:6d:37:12:2b:d5:ad:dd:b3:57:4e:d5:f4:
                    e2:ae:01:d9:d9:82:bb:c0:c8:24:1a:68:13:a3:50:
                    dc:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C4:68:8E:2A:C3:F0:90:1D:9B:39:14:6D:95:4D:91:F9:36:EB:D5
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:67:9a:5d:c5:4b:a9:77:10:b8:df:49:cb:87:b0:6a:0c:c9:
         c9:60:52:e3:46:fd:5b:85:36:8e:81:9d:6b:7e:2f:18:aa:ce:
         6a:f5:14:c8:1b:39:f9:f3:ea:77:12:b1:87:3f:08:40:8a:e3:
         76:28:56:60:38:28:a7:58:c1:d9:85:d3:bc:72:ed:f2:10:7f:
         5c:31:a1:b3:63:1e:b5:a2:83:09:d2:af:ae:d7:e6:bd:5f:1e:
         d6:85:db:e1:c9:33:75:58:8c:f4:92:a7:dd:71:99:73:30:47:
         84:db:9d:1f:dc:98:6c:a8:36:12:48:e1:31:3c:02:19:96:62:
         2d:47:7c:a1:96:dc:66:99:8f:bf:4f:7d:ca:8b:f6:f9:25:2f:
         90:e8:8c:49:23:a7:4e:53:e5:6b:e7:cd:6b:09:3a:c2:43:c7:
         5f:7b:ac:fd:7f:48:23:93:af:4f:05:5d:ab:0e:45:e5:45:15:
         2a:11:17:45:46:86:26:fd:c0:77:f4:5a:5b:bc:18:71:a4:f4:
         c2:81:80:1c:74:44:18:b9:7b:17:a6:b4:01:1e:d2:1d:14:67:
         ab:48:78:0d:a2:2a:ca:de:ff:1e:82:e3:19:8a:87:de:00:af:
         e8:bd:3a:77:d2:f0:62:c2:a2:bd:8f:e1:d4:39:d8:e7:d6:dc:
         7f:a3:83:a4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTMcXcybogF4ZXEXHPgK+la1AWZAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MTQwMzEwMDRaFw0yNjA4MTMwMzE1MDRaMDMxMTAvBgNV
BAMTKDNGQzQ2ODhFMkFDM0YwOTAxRDlCMzkxNDZEOTU0RDkxRjkzNkVCRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3VLgR46MBczDUHa8E2y3Ux7yA
wjFL5g/WceRy0vmovpvQKtVvBUuE+7vKE3rWa6pKBS1ACbNgvcxMA3T9vbtiZZ/e
Ceq6V37kcnrkUc/Kv3unT4VY2KC4Raq9Uk6NpEzE34d3vrGPjbmfnC+wk/KglQYo
akSIqBFreM1TCyrq8qJF+U29tSc+33jEQajo4M8XkrHiEV8OJFH/8a55wd+ofDjS
hoRdczQlzpRJHxTkImTtqtppSeLtTFoNfhXEvPYNIYy4igid3zYWIdA0aRHZnDKv
oJ/NuOzb6bQ2BvYAGLz8P203EivVrd2zV07V9OKuAdnZgrvAyCQaaBOjUNyTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUP8RojirD8JAdmzkUbZVNkfk269UwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFM0w
DQYJKoZIhvcNAQELBQADggEBAJ5nml3FS6l3ELjfScuHsGoMyclgUuNG/VuFNo6B
nWt+Lxiqzmr1FMgbOfnz6ncSsYc/CECK43YoVmA4KKdYwdmF07xy7fIQf1wxobNj
HrWigwnSr67X5r1fHtaF2+HJM3VYjPSSp91xmXMwR4TbnR/cmGyoNhJI4TE8AhmW
Yi1HfKGW3GaZj79PfcqL9vklL5DojEkjp05T5WvnzWsJOsJDx197rP1/SCOTr08F
XasOReVFFSoRF0VGhib9wHf0Wlu8GHGk9MKBgBx0RBi5exemtAEe0h0UZ6tIeA2i
Ksre/x6C4xmKh94Ar+i9OnfS8GLCor2P4dQ52OfW3H+jg6Q=
-----END CERTIFICATE-----