Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS8075.roa
File:                     AS8075.roa (raw, json)
Hash identifier:          KFnMz5hZtcsNnO41FV6Zoz+G5dB22FpHZbbN6FeLP/k=
Subject key identifier:   A6:F8:A4:D5:25:FC:AC:14:C6:A0:FD:73:EE:04:FE:18:AC:0C:DC:F1
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5944D0FCE7236769B621562D4265C4A208252987
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS8075.roa
Signing time:             Wed 13 Aug 2025 02:55:31 +0000
ROA not before:           Wed 13 Aug 2025 02:50:31 +0000
ROA not after:            Wed 12 Aug 2026 02:55:31 +0000
asID:                     8075
IP address blocks:        143.20.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:44:d0:fc:e7:23:67:69:b6:21:56:2d:42:65:c4:a2:08:25:29:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 13 02:50:31 2025 GMT
            Not After : Aug 12 02:55:31 2026 GMT
        Subject: CN=A6F8A4D525FCAC14C6A0FD73EE04FE18AC0CDCF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:66:21:e3:4b:bf:86:f3:db:e3:fe:36:4b:a2:
                    25:7d:d0:83:9b:b5:3d:12:61:ac:25:f9:d9:df:c2:
                    98:b9:2f:e2:35:cc:bf:a5:5e:13:b2:af:4c:32:ba:
                    b5:88:9b:b9:1a:84:6f:90:75:fd:42:a1:79:fb:1a:
                    3b:87:ec:e6:b3:f2:43:c0:86:aa:d9:f2:5a:40:b3:
                    8d:93:b0:de:fb:0c:95:6f:01:6d:39:d2:81:76:0f:
                    a6:43:a5:3b:0f:42:3d:b8:94:3d:d3:6b:d1:d5:81:
                    ad:2a:20:fb:0e:b9:4f:59:26:8c:ca:06:05:65:9e:
                    14:96:58:cf:6e:3a:c0:dc:fb:4a:6f:32:ae:3b:18:
                    43:46:40:b1:30:7e:b4:61:e6:a0:37:45:3e:73:0b:
                    19:1f:5a:91:54:37:84:52:4f:dd:76:76:22:36:93:
                    a4:b5:ff:ed:c9:5a:ab:44:9b:96:32:52:0b:86:80:
                    58:bb:8f:ee:63:24:8c:be:6d:dd:6e:33:4f:db:76:
                    9b:7c:83:6e:50:b1:22:f3:42:cf:3b:4e:a0:0d:42:
                    a7:37:cf:3c:4f:27:58:aa:8b:c6:96:5a:af:a7:6d:
                    ba:f3:7e:f8:1f:40:9e:b1:be:d9:80:70:0d:d4:d5:
                    54:39:53:3c:e5:71:2d:28:ba:43:da:1f:32:da:ab:
                    6b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:F8:A4:D5:25:FC:AC:14:C6:A0:FD:73:EE:04:FE:18:AC:0C:DC:F1
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS8075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:c0:9f:bf:0a:24:a6:53:dc:cd:54:1d:3e:cb:f8:55:c3:7a:
         53:48:a5:df:1f:36:92:20:12:26:42:43:7d:e9:c3:c2:8d:da:
         61:ba:a2:2d:9a:ed:ec:0c:2b:7c:a2:d9:ed:4b:47:a5:94:64:
         3c:99:79:21:2a:87:5b:74:9b:e2:cb:a0:9e:7e:1e:07:d6:9e:
         db:07:5e:a7:c9:ab:59:61:b4:df:f1:52:2a:50:e0:c8:c4:04:
         f6:42:48:fd:a0:fb:be:9f:e5:05:f0:69:c8:0f:e9:2d:cc:ff:
         4d:a8:0e:3f:db:81:12:88:7a:cc:c2:02:78:22:d8:73:e2:74:
         d8:cd:b6:28:10:5a:b7:45:36:d7:8f:4b:4b:f4:ff:bf:7c:f7:
         d4:05:82:9e:24:dc:d7:93:85:01:56:92:8e:21:0a:1e:96:5c:
         d3:71:68:98:2c:73:03:cd:3f:71:87:dc:b7:0e:1f:01:bb:9e:
         27:02:c9:16:9d:7f:fd:8a:eb:34:da:e1:ef:0f:29:d0:36:41:
         c1:9f:70:da:07:f1:7c:9f:86:5c:8f:8b:df:60:4a:f7:50:ec:
         bc:04:84:44:ca:48:3f:35:ca:62:4d:65:ab:d3:59:eb:1c:f9:
         63:72:83:d6:da:70:dc:c8:2f:f3:4c:5c:23:2a:50:06:0c:b5:
         2c:64:a9:c8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUWUTQ/OcjZ2m2IVYtQmXEogglKYcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MTMwMjUwMzFaFw0yNjA4MTIwMjU1MzFaMDMxMTAvBgNV
BAMTKEE2RjhBNEQ1MjVGQ0FDMTRDNkEwRkQ3M0VFMDRGRTE4QUMwQ0RDRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHZiHjS7+G89vj/jZLoiV90IOb
tT0SYawl+dnfwpi5L+I1zL+lXhOyr0wyurWIm7kahG+Qdf1CoXn7GjuH7Oaz8kPA
hqrZ8lpAs42TsN77DJVvAW050oF2D6ZDpTsPQj24lD3Ta9HVga0qIPsOuU9ZJozK
BgVlnhSWWM9uOsDc+0pvMq47GENGQLEwfrRh5qA3RT5zCxkfWpFUN4RST912diI2
k6S1/+3JWqtEm5YyUguGgFi7j+5jJIy+bd1uM0/bdpt8g25QsSLzQs87TqANQqc3
zzxPJ1iqi8aWWq+nbbrzfvgfQJ6xvtmAcA3U1VQ5UzzlcS0oukPaHzLaq2vRAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUpvik1SX8rBTGoP1z7gT+GKwM3PEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTODA3NS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8U5zAN
BgkqhkiG9w0BAQsFAAOCAQEAisCfvwokplPczVQdPsv4VcN6U0il3x82kiASJkJD
fenDwo3aYbqiLZrt7AwrfKLZ7UtHpZRkPJl5ISqHW3Sb4sugnn4eB9ae2wdep8mr
WWG03/FSKlDgyMQE9kJI/aD7vp/lBfBpyA/pLcz/TagOP9uBEoh6zMICeCLYc+J0
2M22KBBat0U2149LS/T/v3z31AWCniTc15OFAVaSjiEKHpZc03FomCxzA80/cYfc
tw4fAbueJwLJFp1//YrrNNrh7w8p0DZBwZ9w2gfxfJ+GXI+L32BK91DsvASERMpI
PzXKYk1lq9NZ6xz5Y3KD1tpw3Mgv80xcIypQBgy1LGSpyA==
-----END CERTIFICATE-----