Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS1.roa
File:                     AS1.roa (raw, json)
Hash identifier:          oKrp78Rq/dvRgMnsm4wxq9RVTOILSGahjMqcWF3Pdo8=
Subject key identifier:   75:C2:96:81:B4:20:87:DF:2F:16:1C:0D:70:FE:24:04:9D:92:EE:AE
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       07BF5CBB77F451B720ACE6ABF75FC91144733F79
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS1.roa
Signing time:             Sun 26 Oct 2025 11:47:53 +0000
ROA not before:           Sun 26 Oct 2025 11:42:53 +0000
ROA not after:            Sun 25 Oct 2026 11:47:53 +0000
asID:                     1
IP address blocks:        143.20.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:bf:5c:bb:77:f4:51:b7:20:ac:e6:ab:f7:5f:c9:11:44:73:3f:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 26 11:42:53 2025 GMT
            Not After : Oct 25 11:47:53 2026 GMT
        Subject: CN=75C29681B42087DF2F161C0D70FE24049D92EEAE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:af:5a:aa:a4:5a:68:b4:54:42:e7:95:5c:c9:
                    35:bd:15:cc:a4:53:28:ae:f1:54:eb:9b:fd:dd:02:
                    e5:ef:f7:3f:fe:ac:01:17:32:3c:28:a9:7a:80:d6:
                    70:a4:ff:1a:84:2b:4e:c2:f9:e0:60:7f:fd:43:3a:
                    f6:b6:00:47:dd:04:6d:6d:3c:65:b0:f6:cb:1c:13:
                    b7:e1:4c:15:d3:ca:4a:82:b6:69:c1:d2:67:c9:89:
                    03:8a:a9:09:31:d7:00:1e:96:eb:f0:c3:b7:8c:28:
                    49:06:71:ff:4c:4b:95:fc:94:cb:74:f2:7a:0a:87:
                    79:ed:5a:89:22:39:54:55:41:43:93:0b:13:be:fe:
                    a5:13:74:0d:c4:bc:51:6b:2b:a5:31:ac:30:33:05:
                    d0:aa:26:97:c7:d3:be:c4:bc:a1:7c:13:12:72:ee:
                    8d:d5:69:c0:9b:f3:f2:5b:10:6d:55:4d:18:43:ec:
                    99:f5:5a:18:6b:1f:d9:26:97:18:20:16:12:a7:ad:
                    27:bf:1e:18:06:7f:2c:59:50:5a:6b:0f:91:93:96:
                    af:ae:bb:d6:ab:6f:20:34:c2:1b:a3:e2:68:76:85:
                    25:aa:62:b4:08:ae:f0:57:00:5d:c0:0a:45:33:e1:
                    f6:d0:c8:58:93:14:fb:fe:2f:68:56:5e:0e:32:cc:
                    70:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:C2:96:81:B4:20:87:DF:2F:16:1C:0D:70:FE:24:04:9D:92:EE:AE
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS1.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:53:b5:18:3c:13:0c:49:57:52:f0:b5:96:ef:b9:d3:90:22:
         4f:a2:5d:4b:de:13:fc:82:85:e6:43:64:6b:27:2e:d0:d4:b0:
         00:63:3c:61:46:00:1c:cd:66:20:aa:6d:2b:57:02:79:df:63:
         78:bf:c4:4d:5e:42:82:da:12:a3:01:be:9c:b5:9a:a2:28:09:
         1a:c0:df:05:28:db:1d:d2:47:6b:60:88:cd:da:a8:fa:4b:64:
         9a:d2:64:d5:d4:40:6c:3e:8b:41:d3:85:70:33:49:f9:4d:5d:
         e0:39:b0:76:0b:ab:ae:74:f1:df:7a:53:b1:1e:d5:39:a8:3f:
         68:64:97:81:a2:f3:ba:48:f7:a3:e6:f4:06:5f:17:a7:8e:a5:
         8f:c6:08:de:25:51:f5:4a:2a:0a:a8:a4:1a:be:da:1c:60:4f:
         50:cc:4f:0d:17:8a:eb:8d:fc:69:91:b9:e4:57:60:f5:97:4e:
         13:70:cc:a6:be:a0:52:97:dc:af:fe:99:47:47:db:10:3c:5a:
         df:8e:84:57:49:a2:6b:cd:62:98:e7:39:f5:c4:39:f7:59:ca:
         6f:95:8e:15:78:60:dd:a7:d0:52:3e:2f:be:84:fa:f8:bf:12:
         90:78:d1:de:cc:92:cf:01:5d:ad:32:a6:56:58:02:c3:12:63:
         51:16:2f:d5
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIUB79cu3f0UbcgrOar91/JEURzP3kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjYxMTQyNTNaFw0yNjEwMjUxMTQ3NTNaMDMxMTAvBgNV
BAMTKDc1QzI5NjgxQjQyMDg3REYyRjE2MUMwRDcwRkUyNDA0OUQ5MkVFQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9r1qqpFpotFRC55VcyTW9Fcyk
Uyiu8VTrm/3dAuXv9z/+rAEXMjwoqXqA1nCk/xqEK07C+eBgf/1DOva2AEfdBG1t
PGWw9sscE7fhTBXTykqCtmnB0mfJiQOKqQkx1wAeluvww7eMKEkGcf9MS5X8lMt0
8noKh3ntWokiOVRVQUOTCxO+/qUTdA3EvFFrK6UxrDAzBdCqJpfH077EvKF8ExJy
7o3VacCb8/JbEG1VTRhD7Jn1WhhrH9kmlxggFhKnrSe/HhgGfyxZUFprD5GTlq+u
u9arbyA0whuj4mh2hSWqYrQIrvBXAF3ACkUz4fbQyFiTFPv+L2hWXg4yzHCtAgMB
AAGjggIFMIICATAdBgNVHQ4EFgQUdcKWgbQgh98vFhwNcP4kBJ2S7q4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwdgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMS5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UkDANBgkq
hkiG9w0BAQsFAAOCAQEAzVO1GDwTDElXUvC1lu+505AiT6JdS94T/IKF5kNkaycu
0NSwAGM8YUYAHM1mIKptK1cCed9jeL/ETV5CgtoSowG+nLWaoigJGsDfBSjbHdJH
a2CIzdqo+ktkmtJk1dRAbD6LQdOFcDNJ+U1d4DmwdgurrnTx33pTsR7VOag/aGSX
gaLzukj3o+b0Bl8Xp46lj8YI3iVR9UoqCqikGr7aHGBPUMxPDReK6438aZG55Fdg
9ZdOE3DMpr6gUpfcr/6ZR0fbEDxa346EV0mia81imOc59cQ591nKb5WOFXhg3afQ
Uj4vvoT6+L8SkHjR3sySzwFdrTKmVlgCwxJjURYv1Q==
-----END CERTIFICATE-----