Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS206378.roa
File:                     AS206378.roa (raw, json)
Hash identifier:          73NiILTyd8fYYy+0sJ8aBhoJeIBdPRfFdcteB5YG/wo=
Subject key identifier:   1F:51:B3:00:A5:5C:1D:F5:DD:92:84:28:AA:28:A7:A3:DA:6B:2A:52
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       16DC53B665339D8F914526A37D5080EE0EF7384C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS206378.roa
Signing time:             Tue 29 Jul 2025 13:51:41 +0000
ROA not before:           Tue 29 Jul 2025 13:46:41 +0000
ROA not after:            Tue 28 Jul 2026 13:51:41 +0000
asID:                     206378
IP address blocks:        143.20.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:dc:53:b6:65:33:9d:8f:91:45:26:a3:7d:50:80:ee:0e:f7:38:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 29 13:46:41 2025 GMT
            Not After : Jul 28 13:51:41 2026 GMT
        Subject: CN=1F51B300A55C1DF5DD928428AA28A7A3DA6B2A52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:89:06:c9:c3:00:bf:36:d3:22:55:41:f9:57:
                    1a:52:1a:0d:1b:93:d8:ee:ad:88:e0:52:1b:64:c4:
                    04:50:cb:41:6d:b5:bc:f9:a4:31:c0:e6:25:80:a9:
                    54:05:31:62:76:0c:97:6a:02:9e:51:a1:f8:5e:81:
                    b0:68:87:b6:a7:b8:a3:04:26:ea:fd:98:7e:27:70:
                    4b:40:7b:cd:83:63:77:76:00:2e:5a:83:71:9e:7b:
                    ee:f8:2e:4a:10:6c:f5:69:9d:6e:f0:e8:59:fb:8b:
                    fe:4b:8f:2e:0a:3f:60:1b:c8:89:5d:66:30:36:c1:
                    fd:b0:f2:47:d5:39:10:58:fe:41:9f:1b:7c:23:b8:
                    ba:f1:c8:1c:b6:1d:81:f8:d5:2c:9f:bd:1f:10:f8:
                    ee:3a:c4:f6:23:44:64:25:76:3f:e6:24:51:93:1a:
                    8d:29:ca:5c:bd:2c:8e:26:fd:1a:ff:9f:ba:81:00:
                    9b:fa:62:92:4e:f3:e9:24:7d:d4:4f:25:70:8e:f9:
                    5c:e2:99:46:f1:6a:da:1d:fa:35:17:fd:76:6a:4c:
                    a9:a8:72:f5:c4:fb:0e:06:03:22:ce:ad:ff:fe:d8:
                    a1:9d:c1:87:67:4f:fd:5c:6f:e7:be:26:3a:d8:5f:
                    e8:1f:bd:91:65:70:8c:17:73:90:5f:16:3d:3a:81:
                    9d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:51:B3:00:A5:5C:1D:F5:DD:92:84:28:AA:28:A7:A3:DA:6B:2A:52
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS206378.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:bc:08:c6:bf:11:aa:08:b2:f6:09:5b:f4:8c:a9:32:a3:9f:
         17:9e:93:f0:86:9d:7e:82:ee:ae:e6:3a:d8:f2:3e:ce:fe:37:
         d6:d6:2e:c3:36:34:7e:28:7d:44:8e:3b:4a:b3:51:28:14:38:
         f7:6c:0b:68:43:07:34:a0:a1:be:cf:c3:63:41:06:c7:f1:fd:
         60:d7:ea:d8:7f:be:e6:d9:be:06:f3:1c:0d:fd:af:08:7e:5d:
         66:20:9e:95:52:01:6b:f9:1c:d6:a3:15:b9:b4:b6:bb:bb:bc:
         b7:d5:ef:c5:ba:6b:4a:ec:fc:4e:d3:07:79:8f:08:0e:35:6b:
         a4:f1:40:b0:c7:99:64:13:1a:4a:f0:db:38:77:b1:78:1b:b7:
         d3:ad:9c:a6:17:cd:aa:68:02:31:55:a1:ac:3b:e6:29:4c:92:
         ad:67:9b:eb:f1:b4:17:2a:e2:73:8f:2a:76:fe:8a:5d:2a:86:
         5f:bc:3a:0d:7f:8b:87:a8:83:b1:3e:f9:b3:fc:c6:54:77:6b:
         0c:12:3c:dd:41:92:ee:76:d7:ef:ed:89:32:ea:c0:fa:73:b6:
         05:e3:bd:10:95:5a:6a:27:28:44:73:69:e1:a7:34:56:2b:03:
         57:76:c4:fc:fa:53:47:d3:3a:5a:2b:4b:e0:20:af:8b:11:e6:
         28:bc:9d:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFtxTtmUznY+RRSajfVCA7g73OEwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjkxMzQ2NDFaFw0yNjA3MjgxMzUxNDFaMDMxMTAvBgNV
BAMTKDFGNTFCMzAwQTU1QzFERjVERDkyODQyOEFBMjhBN0EzREE2QjJBNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaiQbJwwC/NtMiVUH5VxpSGg0b
k9jurYjgUhtkxARQy0Fttbz5pDHA5iWAqVQFMWJ2DJdqAp5RofhegbBoh7anuKME
Jur9mH4ncEtAe82DY3d2AC5ag3Gee+74LkoQbPVpnW7w6Fn7i/5Ljy4KP2AbyIld
ZjA2wf2w8kfVORBY/kGfG3wjuLrxyBy2HYH41SyfvR8Q+O46xPYjRGQldj/mJFGT
Go0pyly9LI4m/Rr/n7qBAJv6YpJO8+kkfdRPJXCO+VzimUbxatod+jUX/XZqTKmo
cvXE+w4GAyLOrf/+2KGdwYdnT/1cb+e+JjrYX+gfvZFlcIwXc5BfFj06gZ2NAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUH1GzAKVcHfXdkoQoqiino9prKlIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA2Mzc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQL
MA0GCSqGSIb3DQEBCwUAA4IBAQAMvAjGvxGqCLL2CVv0jKkyo58XnpPwhp1+gu6u
5jrY8j7O/jfW1i7DNjR+KH1EjjtKs1EoFDj3bAtoQwc0oKG+z8NjQQbH8f1g1+rY
f77m2b4G8xwN/a8Ifl1mIJ6VUgFr+RzWoxW5tLa7u7y31e/FumtK7PxO0wd5jwgO
NWuk8UCwx5lkExpK8Ns4d7F4G7fTrZymF82qaAIxVaGsO+YpTJKtZ5vr8bQXKuJz
jyp2/opdKoZfvDoNf4uHqIOxPvmz/MZUd2sMEjzdQZLudtfv7Yky6sD6c7YF470Q
lVpqJyhEc2nhpzRWKwNXdsT8+lNH0zpaK0vgIK+LEeYovJ1S
-----END CERTIFICATE-----