Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS200019.roa
File:                     AS200019.roa (raw, json)
Hash identifier:          i67YBGg21+rE00bEmOgzDeSpsA3F9q+vblaCFO6PRVs=
Subject key identifier:   8E:D7:A6:09:E1:55:CE:6B:53:C9:D2:5D:01:AC:10:F3:77:00:0D:0C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       228AC4F8955245708A3B4B7313CF2C8F57754CA2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS200019.roa
Signing time:             Thu 23 Oct 2025 07:24:27 +0000
ROA not before:           Thu 23 Oct 2025 07:19:27 +0000
ROA not after:            Thu 22 Oct 2026 07:24:27 +0000
asID:                     200019
IP address blocks:        143.20.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:8a:c4:f8:95:52:45:70:8a:3b:4b:73:13:cf:2c:8f:57:75:4c:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 23 07:19:27 2025 GMT
            Not After : Oct 22 07:24:27 2026 GMT
        Subject: CN=8ED7A609E155CE6B53C9D25D01AC10F377000D0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f3:14:43:ee:9b:ae:f0:c3:64:b9:ed:a9:ad:
                    77:23:0e:01:78:a7:e3:ea:5a:6e:11:b7:8b:db:00:
                    8d:15:0e:20:10:7b:a7:17:cf:5c:c9:3a:2e:9c:ca:
                    6b:ce:1f:da:78:9e:96:00:0b:66:08:66:b4:5b:04:
                    97:5d:c4:4d:79:e7:fa:96:55:96:0c:02:6e:cf:2d:
                    c7:93:72:54:f4:e5:2c:3e:de:9e:f1:54:54:8d:7f:
                    3b:e7:18:63:e9:af:d4:bc:e9:7b:41:2a:1a:ca:26:
                    e1:c6:f1:68:5c:fb:16:b5:06:ea:c0:ff:71:29:d0:
                    cc:0b:a6:d4:af:89:99:39:e4:fc:7a:7d:86:e9:89:
                    22:a6:0c:07:7c:0d:45:b6:e5:5a:05:eb:59:86:63:
                    45:7c:24:4f:b2:98:fb:d2:cf:80:15:6d:65:f8:39:
                    57:dc:e6:f5:49:1e:60:ec:7d:59:f0:ec:a7:c1:31:
                    0f:84:f3:7b:45:05:a8:8c:f3:05:b7:9a:f5:08:a5:
                    ea:de:ca:d6:37:37:c4:98:fa:ca:80:40:82:5d:29:
                    96:32:fa:73:87:52:59:d2:62:28:13:3a:25:21:78:
                    45:e4:35:f5:b9:7a:02:66:d9:1c:6b:bd:a8:69:3e:
                    ad:01:7d:c7:27:0a:04:df:52:48:fb:bb:50:e5:81:
                    19:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:D7:A6:09:E1:55:CE:6B:53:C9:D2:5D:01:AC:10:F3:77:00:0D:0C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS200019.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:69:6c:a7:69:97:76:23:e5:5a:dd:23:71:52:b4:eb:c9:29:
         b5:a8:18:8f:f1:18:61:c6:b6:37:08:0a:a2:20:8a:38:b9:b3:
         17:3f:d8:fa:f6:74:6f:f8:c8:22:30:0f:9c:59:1e:31:0b:7e:
         ed:50:7b:52:fa:73:33:35:1d:6d:9d:8a:52:be:75:56:93:54:
         78:bb:41:e2:e8:90:1a:e6:9e:60:f4:bc:7d:07:d5:5f:ef:2f:
         40:6d:0b:92:90:91:00:9a:77:be:51:74:38:8d:2d:9c:a7:d8:
         a3:0e:3e:83:2e:3a:80:a1:e1:73:43:f0:cb:01:10:32:62:46:
         b4:46:b7:4f:8d:6e:8f:7e:8d:05:39:2b:08:2b:85:53:c7:ae:
         67:0d:f3:62:4e:e3:0e:7c:db:66:7c:02:43:e7:02:83:a9:d2:
         41:44:bc:a3:98:6f:02:04:a6:a4:28:05:56:53:70:d7:aa:ec:
         b8:8b:ce:77:88:58:4f:19:05:b4:ef:28:88:2b:33:d9:69:92:
         21:a8:7f:98:b7:89:4c:50:6d:09:b5:ef:fc:32:61:2b:55:e6:
         10:7d:82:f6:ad:b5:6c:b8:76:1f:81:b2:9c:b2:2f:58:c2:9f:
         af:a0:13:fa:2f:6c:6a:a5:16:c5:50:68:e0:fa:9d:ad:7f:aa:
         90:26:dd:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIorE+JVSRXCKO0tzE88sj1d1TKIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjMwNzE5MjdaFw0yNjEwMjIwNzI0MjdaMDMxMTAvBgNV
BAMTKDhFRDdBNjA5RTE1NUNFNkI1M0M5RDI1RDAxQUMxMEYzNzcwMDBEMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW8xRD7puu8MNkue2prXcjDgF4
p+PqWm4Rt4vbAI0VDiAQe6cXz1zJOi6cymvOH9p4npYAC2YIZrRbBJddxE155/qW
VZYMAm7PLceTclT05Sw+3p7xVFSNfzvnGGPpr9S86XtBKhrKJuHG8Whc+xa1BurA
/3Ep0MwLptSviZk55Px6fYbpiSKmDAd8DUW25VoF61mGY0V8JE+ymPvSz4AVbWX4
OVfc5vVJHmDsfVnw7KfBMQ+E83tFBaiM8wW3mvUIpereytY3N8SY+sqAQIJdKZYy
+nOHUlnSYigTOiUheEXkNfW5egJm2RxrvahpPq0BfccnCgTfUkj7u1DlgRnTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjtemCeFVzmtTydJdAawQ83cADQwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjAwMDE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQs
MA0GCSqGSIb3DQEBCwUAA4IBAQAEaWynaZd2I+Va3SNxUrTrySm1qBiP8RhhxrY3
CAqiIIo4ubMXP9j69nRv+MgiMA+cWR4xC37tUHtS+nMzNR1tnYpSvnVWk1R4u0Hi
6JAa5p5g9Lx9B9Vf7y9AbQuSkJEAmne+UXQ4jS2cp9ijDj6DLjqAoeFzQ/DLARAy
Yka0RrdPjW6Pfo0FOSsIK4VTx65nDfNiTuMOfNtmfAJD5wKDqdJBRLyjmG8CBKak
KAVWU3DXquy4i853iFhPGQW07yiIKzPZaZIhqH+Yt4lMUG0Jte/8MmErVeYQfYL2
rbVsuHYfgbKcsi9Ywp+voBP6L2xqpRbFUGjg+p2tf6qQJt1B
-----END CERTIFICATE-----