Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          DLOo8+8dcfV1jJl3GrVo65qGZRqBVxkmxsrTu+XfR4I=
Subject key identifier:   7C:88:8D:00:B4:20:11:8D:CD:5B:33:09:77:C6:5A:E2:B0:6C:51:0A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       61F60039C9B3801201F51994417CBC669938C14B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20473.roa
Signing time:             Mon 27 Oct 2025 12:06:28 +0000
ROA not before:           Mon 27 Oct 2025 12:01:28 +0000
ROA not after:            Mon 26 Oct 2026 12:06:28 +0000
asID:                     20473
IP address blocks:        143.20.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:48:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:f6:00:39:c9:b3:80:12:01:f5:19:94:41:7c:bc:66:99:38:c1:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 27 12:01:28 2025 GMT
            Not After : Oct 26 12:06:28 2026 GMT
        Subject: CN=7C888D00B420118DCD5B330977C65AE2B06C510A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:75:a0:1c:41:e6:9c:73:22:a5:b8:60:ec:1f:
                    7e:2d:07:c6:6d:8c:11:e2:9a:d0:1f:f2:a6:ac:cb:
                    ac:e2:bd:30:d6:1d:29:14:13:4b:75:46:b9:44:c2:
                    58:ea:90:62:9f:cc:5a:c6:53:b0:4f:bd:0c:73:b7:
                    72:b8:e8:1c:25:96:88:ff:94:85:07:96:40:75:e8:
                    98:27:21:ae:47:bf:d0:53:61:4a:f9:eb:f2:aa:5a:
                    ee:ae:31:41:81:3d:1d:6b:d2:ea:71:41:0f:3c:ff:
                    ca:8f:b2:0c:d7:8a:b5:56:18:5e:75:81:90:b8:c6:
                    20:a8:97:d0:be:8a:d5:7b:c0:71:a5:c0:68:40:db:
                    e6:a9:71:dd:d4:7e:b1:02:11:27:09:d4:0d:9e:11:
                    1e:d0:54:21:f6:14:d0:4c:6b:d0:f7:4b:7e:55:df:
                    04:7d:7f:fc:6c:f6:df:35:93:ab:02:12:e9:eb:3a:
                    40:f0:ad:81:ed:d3:37:55:e6:e2:2b:dc:84:c9:79:
                    87:93:a9:5b:7a:21:03:7c:26:01:a1:61:3b:61:f9:
                    35:77:74:98:bc:e7:6b:6a:10:82:bd:de:df:34:03:
                    70:99:38:19:d7:dd:a2:91:7f:18:a9:60:b8:cc:e5:
                    4f:67:e5:5a:25:45:05:66:25:87:b3:08:ab:10:36:
                    84:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:88:8D:00:B4:20:11:8D:CD:5B:33:09:77:C6:5A:E2:B0:6C:51:0A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:5d:4c:c8:8b:85:8a:60:58:25:02:e0:50:ae:d8:5f:e2:65:
         b4:9e:e7:03:5a:a9:d9:fc:af:35:e8:ac:76:0d:2c:e4:49:85:
         cf:5a:65:8f:e8:4f:2a:e2:4e:f3:1d:a5:44:c7:36:25:ec:d2:
         bc:ff:29:0c:eb:ac:30:6c:7d:ca:56:89:0d:5c:a2:87:ad:13:
         83:03:4a:88:40:5e:49:03:2f:73:99:ce:f0:61:a4:8d:c9:82:
         35:82:5e:13:07:54:a1:f2:96:0e:b1:c2:9c:d9:5f:4d:99:7f:
         dc:f5:8c:41:fe:0c:ca:9b:37:77:0d:c4:8b:79:a8:8b:a1:58:
         8d:b1:1f:2a:a9:2d:ad:ee:38:47:7a:79:ac:25:a3:a5:a2:d3:
         45:56:60:22:80:24:01:8f:a2:6c:40:96:ba:43:ac:cf:e8:28:
         c6:ca:46:9e:2e:de:c9:d9:f3:f2:2d:2b:42:3c:5b:cb:71:87:
         e0:93:11:69:e6:69:47:61:6f:ab:b0:e5:7f:81:9d:40:e2:5a:
         1c:db:af:a8:93:26:3b:92:c5:9e:16:be:83:26:b1:f3:38:94:
         03:95:d4:80:14:5f:0d:ab:39:76:87:08:b2:d3:09:ad:b0:8b:
         9c:68:f8:7b:5f:06:76:c9:19:44:5f:35:7b:2b:a0:e6:e9:8b:
         ea:45:0b:1e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYfYAOcmzgBIB9RmUQXy8Zpk4wUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjcxMjAxMjhaFw0yNjEwMjYxMjA2MjhaMDMxMTAvBgNV
BAMTKDdDODg4RDAwQjQyMDExOERDRDVCMzMwOTc3QzY1QUUyQjA2QzUxMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKdaAcQeaccyKluGDsH34tB8Zt
jBHimtAf8qasy6zivTDWHSkUE0t1RrlEwljqkGKfzFrGU7BPvQxzt3K46Bwlloj/
lIUHlkB16JgnIa5Hv9BTYUr56/KqWu6uMUGBPR1r0upxQQ88/8qPsgzXirVWGF51
gZC4xiCol9C+itV7wHGlwGhA2+apcd3UfrECEScJ1A2eER7QVCH2FNBMa9D3S35V
3wR9f/xs9t81k6sCEunrOkDwrYHt0zdV5uIr3ITJeYeTqVt6IQN8JgGhYTth+TV3
dJi852tqEIK93t80A3CZOBnX3aKRfxipYLjM5U9n5VolRQVmJYezCKsQNoTjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUfIiNALQgEY3NWzMJd8Za4rBsUQowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFJAw
DQYJKoZIhvcNAQELBQADggEBAAhdTMiLhYpgWCUC4FCu2F/iZbSe5wNaqdn8rzXo
rHYNLORJhc9aZY/oTyriTvMdpUTHNiXs0rz/KQzrrDBsfcpWiQ1cooetE4MDSohA
XkkDL3OZzvBhpI3JgjWCXhMHVKHylg6xwpzZX02Zf9z1jEH+DMqbN3cNxIt5qIuh
WI2xHyqpLa3uOEd6eawlo6Wi00VWYCKAJAGPomxAlrpDrM/oKMbKRp4u3snZ8/It
K0I8W8txh+CTEWnmaUdhb6uw5X+BnUDiWhzbr6iTJjuSxZ4WvoMmsfM4lAOV1IAU
Xw2rOXaHCLLTCa2wi5xo+HtfBnbJGURfNXsroObpi+pFCx4=
-----END CERTIFICATE-----