Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS1015.roa
File:                     AS1015.roa (raw, json)
Hash identifier:          ns89zHEsz2EAcqfPMNoU9Nj1qWtdlQCn57bGvQS5V5g=
Subject key identifier:   9A:AE:D9:89:2C:4F:39:E3:A5:D0:85:39:8A:C6:96:0B:2F:46:17:BA
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6C48902567D95DA43C02A56B33DEFEE6F414E213
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS1015.roa
Signing time:             Mon 03 Nov 2025 08:13:13 +0000
ROA not before:           Mon 03 Nov 2025 08:08:13 +0000
ROA not after:            Mon 02 Nov 2026 08:13:13 +0000
asID:                     1015
IP address blocks:        143.20.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:48:90:25:67:d9:5d:a4:3c:02:a5:6b:33:de:fe:e6:f4:14:e2:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov  3 08:08:13 2025 GMT
            Not After : Nov  2 08:13:13 2026 GMT
        Subject: CN=9AAED9892C4F39E3A5D085398AC6960B2F4617BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:08:8e:c4:c9:9c:b9:f4:65:ec:39:0d:63:a2:
                    bd:d9:a9:b6:9a:97:09:71:5a:ee:92:dc:c3:48:80:
                    03:05:73:b1:79:29:fb:73:23:97:d3:02:ed:81:84:
                    7b:47:95:68:f0:5d:61:bc:91:1d:0d:6f:f2:b5:31:
                    49:6e:11:47:4f:39:60:c9:c1:21:9a:7d:2f:74:81:
                    c4:bc:17:96:5b:00:ed:a7:0a:6e:34:e4:35:61:0d:
                    05:31:f6:1b:96:c6:7f:61:2e:c2:22:1d:bb:66:70:
                    1c:a7:09:2f:e5:97:05:38:9f:eb:b7:73:33:b8:66:
                    af:5e:30:4b:dc:0a:a3:0a:97:c2:6b:30:c3:9a:2d:
                    a4:a3:e4:a0:ab:e8:dc:86:01:09:79:98:96:f7:47:
                    40:78:87:70:0e:4a:ab:cd:d8:a6:6f:5a:98:44:e6:
                    f4:52:80:40:17:fd:bc:f5:aa:a4:87:6a:19:b9:dd:
                    30:59:4f:a6:9f:f4:06:f9:cb:ab:e1:9f:0a:97:77:
                    cb:7e:59:82:2a:d9:7d:da:ff:db:c7:df:c5:4f:f5:
                    ce:cd:82:60:bd:78:81:18:d9:1a:a1:43:09:f4:15:
                    c3:cd:9b:0a:aa:ae:3c:5f:78:af:6f:5e:d9:1c:f9:
                    b5:fc:51:53:f1:4b:14:26:08:cf:a5:ef:f4:f3:3f:
                    52:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:AE:D9:89:2C:4F:39:E3:A5:D0:85:39:8A:C6:96:0B:2F:46:17:BA
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS1015.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:2a:d3:ac:e8:f9:58:16:fb:4d:02:f5:94:ac:89:eb:7e:8c:
         8c:a3:e4:5c:a6:66:da:ef:c9:f9:d9:98:3f:ac:f1:c0:b8:cc:
         c0:d2:da:79:a4:f2:07:d9:01:09:c5:be:1b:6b:10:af:bc:ea:
         f0:5b:f7:2c:27:30:47:27:4a:ef:65:c0:8b:df:ac:6b:2e:6a:
         1c:da:e9:60:f3:db:ed:23:13:f2:8b:be:05:f9:62:cd:7f:e5:
         04:2d:bb:b4:6e:f0:8d:e5:b1:2e:28:1e:f4:9b:e4:72:37:ec:
         ab:9e:21:85:ce:bc:f6:00:33:c1:f7:4e:33:63:ae:b5:54:fd:
         a5:8d:e2:4a:09:20:84:94:e6:a6:36:ed:a6:5c:96:69:ba:b3:
         c8:9a:41:8f:ef:71:05:60:4f:b8:04:a0:a1:41:7a:a2:09:90:
         44:bb:a6:f1:0d:68:cc:1f:36:25:65:dd:2c:6b:3a:fb:cc:9a:
         3a:c6:ea:9f:4b:1e:1c:e8:b6:84:3d:5c:c3:d5:74:cd:34:42:
         36:5e:73:bc:d4:5f:60:a6:2c:4c:7c:c2:16:16:c2:7e:d0:11:
         ec:c4:11:42:b3:c6:1c:04:c1:d7:da:a4:9a:d7:8f:da:19:d6:
         ae:d7:e6:d7:40:4d:ad:7c:ca:1f:cd:9a:b0:84:93:29:26:90:
         4b:d6:ee:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUbEiQJWfZXaQ8AqVrM97+5vQU4hMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMDMwODA4MTNaFw0yNjExMDIwODEzMTNaMDMxMTAvBgNV
BAMTKDlBQUVEOTg5MkM0RjM5RTNBNUQwODUzOThBQzY5NjBCMkY0NjE3QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2CI7EyZy59GXsOQ1jor3Zqbaa
lwlxWu6S3MNIgAMFc7F5KftzI5fTAu2BhHtHlWjwXWG8kR0Nb/K1MUluEUdPOWDJ
wSGafS90gcS8F5ZbAO2nCm405DVhDQUx9huWxn9hLsIiHbtmcBynCS/llwU4n+u3
czO4Zq9eMEvcCqMKl8JrMMOaLaSj5KCr6NyGAQl5mJb3R0B4h3AOSqvN2KZvWphE
5vRSgEAX/bz1qqSHahm53TBZT6af9Ab5y6vhnwqXd8t+WYIq2X3a/9vH38VP9c7N
gmC9eIEY2RqhQwn0FcPNmwqqrjxfeK9vXtkc+bX8UVPxSxQmCM+l7/TzP1KTAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUmq7ZiSxPOeOl0IU5isaWCy9GF7owHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTAxNS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UTjAN
BgkqhkiG9w0BAQsFAAOCAQEA1yrTrOj5WBb7TQL1lKyJ636MjKPkXKZm2u/J+dmY
P6zxwLjMwNLaeaTyB9kBCcW+G2sQr7zq8Fv3LCcwRydK72XAi9+say5qHNrpYPPb
7SMT8ou+BflizX/lBC27tG7wjeWxLige9Jvkcjfsq54hhc689gAzwfdOM2OutVT9
pY3iSgkghJTmpjbtplyWabqzyJpBj+9xBWBPuASgoUF6ogmQRLum8Q1ozB82JWXd
LGs6+8yaOsbqn0seHOi2hD1cw9V0zTRCNl5zvNRfYKYsTHzCFhbCftAR7MQRQrPG
HATB19qkmteP2hnWrtfm10BNrXzKH82asISTKSaQS9buKw==
-----END CERTIFICATE-----