Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS61003.roa
File:                     AS61003.roa (raw, json)
Hash identifier:          J0viIibJYjHkSYywCk+mHE6Ss+6mbrKjIxkpvAjYRtY=
Subject key identifier:   7A:CC:52:8E:C8:A5:D3:36:3C:BB:60:29:2D:F6:9C:AC:61:60:5D:5F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       46C601A2427AB4E792EB75B6520306B486E0893E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS61003.roa
Signing time:             Wed 25 Jun 2025 18:51:40 +0000
ROA not before:           Wed 25 Jun 2025 18:46:40 +0000
ROA not after:            Wed 24 Jun 2026 18:51:40 +0000
asID:                     61003
IP address blocks:        143.20.45.0/24 maxlen: 24
                          143.20.58.0/24 maxlen: 24
                          143.20.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:c6:01:a2:42:7a:b4:e7:92:eb:75:b6:52:03:06:b4:86:e0:89:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 25 18:46:40 2025 GMT
            Not After : Jun 24 18:51:40 2026 GMT
        Subject: CN=7ACC528EC8A5D3363CBB60292DF69CAC61605D5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ee:a8:2e:07:7b:c0:e9:90:dd:88:b8:98:21:
                    36:d9:66:22:1a:6c:13:55:f8:73:fe:67:33:74:02:
                    b8:e5:fd:65:47:59:e1:11:41:6c:34:a3:63:93:0b:
                    1d:80:65:52:3c:92:d8:19:94:c1:f0:af:ad:d5:7e:
                    26:9a:0c:89:55:66:95:2b:d0:23:dd:7c:f5:db:af:
                    73:e1:77:1c:eb:00:2a:0f:84:21:14:5e:ce:7c:83:
                    0f:a0:d0:7f:e9:8b:02:31:fa:20:9c:1d:09:49:bb:
                    cb:ba:b6:5f:35:44:02:aa:92:88:a3:2d:5f:f7:b7:
                    f5:36:57:7a:0e:0e:72:66:83:ee:d2:5a:96:47:42:
                    d2:c9:83:e7:75:c3:ac:3c:5b:0a:cf:47:9b:06:67:
                    68:f2:dc:5a:4d:78:8f:78:85:8b:59:1e:ac:5b:f7:
                    bd:03:22:b2:61:72:02:6e:eb:99:63:ed:42:a7:9e:
                    41:7d:7b:75:6f:ed:93:7f:93:83:9c:87:8a:18:ae:
                    03:b5:62:51:d2:bf:eb:40:e5:04:9f:bd:1f:e5:5d:
                    e8:98:9f:e8:c1:8d:8a:b0:4f:45:10:37:ba:20:fc:
                    88:ab:f0:46:04:ea:98:26:25:64:bf:1c:b1:5e:4c:
                    ed:c5:63:be:0f:c6:35:8a:d4:e0:28:a9:52:bb:25:
                    53:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:CC:52:8E:C8:A5:D3:36:3C:BB:60:29:2D:F6:9C:AC:61:60:5D:5F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS61003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.45.0/24
                  143.20.58.0/24
                  143.20.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:15:9b:dd:8d:7d:3e:eb:93:5e:01:45:ee:66:ff:c2:32:87:
         62:f2:7d:2b:73:f5:78:96:40:7e:e8:e1:32:be:9a:24:ae:bc:
         01:20:00:28:16:81:77:c9:1f:8d:f8:7f:9a:05:e3:a1:a7:61:
         9e:b0:92:ae:94:5e:a1:3d:c7:7c:06:c0:7f:6b:1c:ae:5e:77:
         bc:e3:40:c4:63:23:1f:f7:31:17:50:42:70:85:52:e7:40:8a:
         56:9e:2b:76:50:90:3b:13:2b:b1:2e:4a:9b:f5:9e:73:c6:e7:
         82:31:e3:c8:bb:0c:d2:f8:30:36:a3:41:f5:a1:73:9d:bf:7e:
         9a:a2:29:b5:8e:17:33:62:e1:2b:76:ae:8d:33:61:c6:2f:41:
         e6:58:f8:d4:e0:1c:0e:9c:d5:a3:b5:cb:11:80:34:de:22:49:
         a9:2b:ef:99:c3:59:c6:4e:10:66:6e:1c:c6:c9:22:34:a5:28:
         2d:bf:43:0a:23:6f:7b:a8:a5:bc:4d:25:bb:cd:21:87:a9:0d:
         24:79:fc:58:54:47:8f:a5:54:ee:c2:5c:40:7a:3b:89:ec:c5:
         c1:61:27:8f:fc:1c:d2:c9:d8:3f:05:2b:f0:22:cb:41:dc:7d:
         02:77:0b:9d:ad:be:ff:67:4e:92:63:f6:4f:42:95:a7:99:7a:
         d7:74:c9:38
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIURsYBokJ6tOeS63W2UgMGtIbgiT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjUxODQ2NDBaFw0yNjA2MjQxODUxNDBaMDMxMTAvBgNV
BAMTKDdBQ0M1MjhFQzhBNUQzMzYzQ0JCNjAyOTJERjY5Q0FDNjE2MDVENUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn7qguB3vA6ZDdiLiYITbZZiIa
bBNV+HP+ZzN0Arjl/WVHWeERQWw0o2OTCx2AZVI8ktgZlMHwr63VfiaaDIlVZpUr
0CPdfPXbr3PhdxzrACoPhCEUXs58gw+g0H/piwIx+iCcHQlJu8u6tl81RAKqkoij
LV/3t/U2V3oODnJmg+7SWpZHQtLJg+d1w6w8WwrPR5sGZ2jy3FpNeI94hYtZHqxb
970DIrJhcgJu65lj7UKnnkF9e3Vv7ZN/k4Och4oYrgO1YlHSv+tA5QSfvR/lXeiY
n+jBjYqwT0UQN7og/Iir8EYE6pgmJWS/HLFeTO3FY74PxjWK1OAoqVK7JVNVAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUesxSjsil0zY8u2ApLfacrGFgXV8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNjEwMDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPFC0D
BACPFDoDBACPFGowDQYJKoZIhvcNAQELBQADggEBAI8Vm92NfT7rk14BRe5m/8Iy
h2LyfStz9XiWQH7o4TK+miSuvAEgACgWgXfJH434f5oF46GnYZ6wkq6UXqE9x3wG
wH9rHK5ed7zjQMRjIx/3MRdQQnCFUudAilaeK3ZQkDsTK7EuSpv1nnPG54Ix48i7
DNL4MDajQfWhc52/fpqiKbWOFzNi4St2ro0zYcYvQeZY+NTgHA6c1aO1yxGANN4i
Sakr75nDWcZOEGZuHMbJIjSlKC2/Qwojb3uopbxNJbvNIYepDSR5/FhUR4+lVO7C
XEB6O4nsxcFhJ4/8HNLJ2D8FK/Aiy0HcfQJ3C52tvv9nTpJj9k9ClaeZetd0yTg=
-----END CERTIFICATE-----