Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205896.roa
File:                     AS205896.roa (raw, json)
Hash identifier:          bSRAF1o87BQw+RNtOvRZwtliWc8u49kOTEgcCnsOrho=
Subject key identifier:   FD:13:72:14:CD:75:3E:EE:9A:24:41:41:B5:78:19:E0:65:29:F4:9A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       034A70B3713E65FCE76A0B8B19B3F6B2170216C3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205896.roa
Signing time:             Fri 31 Oct 2025 08:01:02 +0000
ROA not before:           Fri 31 Oct 2025 07:56:02 +0000
ROA not after:            Fri 30 Oct 2026 08:01:02 +0000
asID:                     205896
IP address blocks:        143.14.20.0/24 maxlen: 24
                          143.14.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:4a:70:b3:71:3e:65:fc:e7:6a:0b:8b:19:b3:f6:b2:17:02:16:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 31 07:56:02 2025 GMT
            Not After : Oct 30 08:01:02 2026 GMT
        Subject: CN=FD137214CD753EEE9A244141B57819E06529F49A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8d:cc:e1:a4:c2:be:3c:94:2a:88:04:19:a0:
                    d2:b8:45:65:98:ab:05:d4:f0:74:7b:e9:0e:ae:88:
                    ad:23:75:81:4a:ed:27:20:a8:e4:ff:72:4c:7e:db:
                    cb:19:72:20:f7:07:a0:29:09:84:a2:68:38:ce:45:
                    94:24:42:52:70:7a:1f:ba:89:9d:5f:32:9b:52:6b:
                    4c:0c:8a:cf:ed:7e:33:73:7e:08:14:58:a9:8a:ec:
                    4d:45:8d:c0:c1:29:63:b5:9d:53:bd:75:23:b8:9d:
                    c1:9d:6f:b2:bc:63:97:23:5c:a8:f3:6c:84:42:af:
                    22:14:3e:46:76:35:d4:b9:e3:ac:42:6e:6e:15:51:
                    a9:b1:0b:6b:46:3d:29:a5:20:d2:cf:18:8c:9e:65:
                    87:c4:57:36:69:eb:3d:ac:cb:f6:8b:59:91:31:e7:
                    eb:79:5c:88:ad:64:a1:be:0b:b0:0d:a3:07:c5:82:
                    ad:bf:ff:39:7f:32:a7:a5:2f:2d:ba:1f:4c:dd:22:
                    8e:e4:4b:ac:a8:a4:ce:9f:71:03:c2:97:a8:70:a8:
                    18:4b:01:db:0d:15:34:05:a0:c9:fc:c7:a9:cc:43:
                    bc:43:0c:60:9c:40:11:4f:0a:f7:90:26:00:61:e2:
                    fa:a8:e5:89:46:b6:fc:23:c3:fa:a6:f1:0e:d4:5e:
                    96:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:13:72:14:CD:75:3E:EE:9A:24:41:41:B5:78:19:E0:65:29:F4:9A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205896.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.20.0/24
                  143.14.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:4f:de:8d:59:61:4c:df:59:b9:2b:13:30:70:c4:c1:b2:f3:
         ba:e9:75:d3:f4:98:ca:07:56:4c:5e:b4:cf:13:0a:cd:4c:46:
         33:b7:c5:aa:81:f3:ec:0a:e4:ee:01:3d:1d:1b:07:f5:99:f9:
         0b:b5:d3:51:62:44:24:0a:6a:67:02:12:ed:63:e8:7e:c6:75:
         7b:14:d9:a8:9b:54:a5:5c:6d:e0:86:26:5c:5d:35:c0:b8:47:
         a1:f9:45:99:9f:72:6c:be:46:de:3f:fc:31:6e:06:8c:f8:51:
         ee:ff:7d:f3:c9:0b:1d:b7:d2:ec:46:6e:97:b2:6e:a0:e2:8d:
         55:cc:23:f9:9d:06:8b:21:38:34:96:a4:80:c3:85:90:71:c2:
         81:70:7d:8a:5b:52:8e:94:28:56:ed:ac:61:ab:b2:a8:55:44:
         93:68:3f:8e:15:80:ec:f1:05:34:d7:7c:4e:66:3e:32:54:1a:
         be:6d:0b:98:dd:af:b9:cd:53:02:bc:18:36:51:57:cd:8e:a4:
         5e:e0:13:06:82:18:b2:75:a0:6d:35:2b:c1:e8:c2:30:a6:40:
         33:5d:05:32:01:8b:a0:5d:6d:41:dc:19:10:2e:a8:c3:c8:c7:
         bd:72:e7:eb:85:b2:d3:53:99:f7:0a:be:5f:77:78:12:5c:b1:
         a2:0f:8a:67
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUA0pws3E+ZfznaguLGbP2shcCFsMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMzEwNzU2MDJaFw0yNjEwMzAwODAxMDJaMDMxMTAvBgNV
BAMTKEZEMTM3MjE0Q0Q3NTNFRUU5QTI0NDE0MUI1NzgxOUUwNjUyOUY0OUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIjczhpMK+PJQqiAQZoNK4RWWY
qwXU8HR76Q6uiK0jdYFK7ScgqOT/ckx+28sZciD3B6ApCYSiaDjORZQkQlJweh+6
iZ1fMptSa0wMis/tfjNzfggUWKmK7E1FjcDBKWO1nVO9dSO4ncGdb7K8Y5cjXKjz
bIRCryIUPkZ2NdS546xCbm4VUamxC2tGPSmlINLPGIyeZYfEVzZp6z2sy/aLWZEx
5+t5XIitZKG+C7ANowfFgq2//zl/MqelLy26H0zdIo7kS6yopM6fcQPCl6hwqBhL
AdsNFTQFoMn8x6nMQ7xDDGCcQBFPCveQJgBh4vqo5YlGtvwjw/qm8Q7UXpYjAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU/RNyFM11Pu6aJEFBtXgZ4GUp9JowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA1ODk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw4U
AwQAjw63MA0GCSqGSIb3DQEBCwUAA4IBAQBWT96NWWFM31m5KxMwcMTBsvO66XXT
9JjKB1ZMXrTPEwrNTEYzt8WqgfPsCuTuAT0dGwf1mfkLtdNRYkQkCmpnAhLtY+h+
xnV7FNmom1SlXG3ghiZcXTXAuEeh+UWZn3JsvkbeP/wxbgaM+FHu/33zyQsdt9Ls
Rm6Xsm6g4o1VzCP5nQaLITg0lqSAw4WQccKBcH2KW1KOlChW7axhq7KoVUSTaD+O
FYDs8QU013xOZj4yVBq+bQuY3a+5zVMCvBg2UVfNjqRe4BMGghiydaBtNSvB6MIw
pkAzXQUyAYugXW1B3BkQLqjDyMe9cufrhbLTU5n3Cr5fd3gSXLGiD4pn
-----END CERTIFICATE-----