Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207019.roa
File:                     AS207019.roa (raw, json)
Hash identifier:          SU4fci+6PbUzIl/0Jhfhi22V9aKTzCsM/fbK85KgohY=
Subject key identifier:   1B:35:C4:8F:FF:0D:FE:0F:AA:06:8D:20:63:0A:3A:02:B8:DA:83:8D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5E333A4439033A0CD685667252F3DD7BC64BA7FF
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207019.roa
Signing time:             Wed 29 Oct 2025 13:59:07 +0000
ROA not before:           Wed 29 Oct 2025 13:54:07 +0000
ROA not after:            Wed 28 Oct 2026 13:59:07 +0000
asID:                     207019
IP address blocks:        143.20.139.0/24 maxlen: 24
                          143.20.154.0/24 maxlen: 24
                          143.20.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:33:3a:44:39:03:3a:0c:d6:85:66:72:52:f3:dd:7b:c6:4b:a7:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 29 13:54:07 2025 GMT
            Not After : Oct 28 13:59:07 2026 GMT
        Subject: CN=1B35C48FFF0DFE0FAA068D20630A3A02B8DA838D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fd:4a:f0:b0:9c:ec:5f:b3:c6:f7:81:0b:e2:
                    13:7d:58:dc:73:73:6a:9c:17:d2:8c:31:ec:8d:cd:
                    a4:e1:00:91:da:ed:45:f0:c6:e3:c7:e2:cd:74:71:
                    2d:ec:d1:ad:c7:99:37:a3:0a:e9:c1:9e:d9:04:73:
                    bc:bd:eb:e2:c0:95:e4:73:ab:b0:2b:04:63:59:5d:
                    f8:4e:fd:fa:c4:b6:ef:c5:9f:10:23:54:dd:b5:3f:
                    e5:66:18:c1:4b:c5:1c:85:7e:12:14:a5:6d:c4:3c:
                    33:26:28:d0:90:2d:de:a1:36:0c:72:30:70:21:17:
                    25:6a:85:88:cc:2e:3e:4a:67:e0:5d:18:40:da:3c:
                    43:6e:6b:08:b3:d4:e1:de:63:24:cc:e8:b2:15:24:
                    09:bb:2b:a1:ce:dd:be:a7:4c:4d:3f:a4:15:4f:ea:
                    a2:af:d6:f0:e0:08:e8:55:4a:aa:f7:bb:9c:c8:99:
                    1e:79:0d:0d:5e:3c:96:25:34:df:d0:c4:3a:58:16:
                    17:dd:87:aa:62:df:09:67:83:f2:6e:20:b9:57:8d:
                    cc:b7:f2:8e:f3:bd:dd:ac:31:41:df:23:78:12:25:
                    7a:e8:5d:b0:52:9f:a5:f1:d3:34:05:40:ef:5f:9b:
                    1a:6e:ff:35:55:4b:41:cb:d0:69:8e:a2:fd:81:39:
                    d5:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:35:C4:8F:FF:0D:FE:0F:AA:06:8D:20:63:0A:3A:02:B8:DA:83:8D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207019.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.139.0/24
                  143.20.154.0/24
                  143.20.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c4:d4:fc:9c:3f:07:85:b5:9d:ff:44:65:36:c4:dd:c5:db:
         f0:12:6c:82:19:a1:71:e4:02:8a:5a:ab:57:1e:46:88:44:f8:
         ec:1b:b3:a6:64:4f:5e:f0:70:11:2c:6d:f1:8d:b3:7f:7b:d6:
         2f:2c:28:f3:f2:e0:c1:50:57:57:14:21:40:2b:d8:bf:00:c3:
         fc:ca:8c:5b:58:bd:bc:3f:f6:2f:84:f5:81:97:92:3d:a2:4f:
         f7:b9:8b:08:04:55:35:50:6b:12:cb:f0:a5:80:58:55:8c:e0:
         73:95:35:28:30:50:52:d4:3d:b9:56:65:3b:ba:c5:ff:4b:9e:
         5f:02:85:a9:a7:2a:73:b1:13:6c:b2:0c:d8:b7:7e:9b:79:59:
         92:76:62:09:08:90:ea:20:33:ee:ba:cb:58:dc:d8:36:9b:64:
         ba:3b:30:18:85:92:e1:3b:e7:51:25:65:cb:75:4c:ed:04:05:
         90:ad:2d:39:5e:64:3f:18:fe:bc:f0:16:36:3c:8a:6e:e5:21:
         c3:00:09:2c:3a:de:b5:05:e2:96:5a:a7:d2:66:a4:f5:69:af:
         e8:d0:b6:a2:be:85:57:4a:60:b4:5e:db:ff:5a:df:33:9d:9c:
         f7:6a:10:ee:f7:84:a7:c4:8e:5d:55:32:44:e9:45:01:7a:7f:
         02:37:b4:55
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUXjM6RDkDOgzWhWZyUvPde8ZLp/8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjkxMzU0MDdaFw0yNjEwMjgxMzU5MDdaMDMxMTAvBgNV
BAMTKDFCMzVDNDhGRkYwREZFMEZBQTA2OEQyMDYzMEEzQTAyQjhEQTgzOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6/UrwsJzsX7PG94EL4hN9WNxz
c2qcF9KMMeyNzaThAJHa7UXwxuPH4s10cS3s0a3HmTejCunBntkEc7y96+LAleRz
q7ArBGNZXfhO/frEtu/FnxAjVN21P+VmGMFLxRyFfhIUpW3EPDMmKNCQLd6hNgxy
MHAhFyVqhYjMLj5KZ+BdGEDaPENuawiz1OHeYyTM6LIVJAm7K6HO3b6nTE0/pBVP
6qKv1vDgCOhVSqr3u5zImR55DQ1ePJYlNN/QxDpYFhfdh6pi3wlng/JuILlXjcy3
8o7zvd2sMUHfI3gSJXroXbBSn6Xx0zQFQO9fmxpu/zVVS0HL0GmOov2BOdW3AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUGzXEj/8N/g+qBo0gYwo6Arjag40wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3MDE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxSL
AwQAjxSaAwQAjxTPMA0GCSqGSIb3DQEBCwUAA4IBAQAuxNT8nD8HhbWd/0RlNsTd
xdvwEmyCGaFx5AKKWqtXHkaIRPjsG7OmZE9e8HARLG3xjbN/e9YvLCjz8uDBUFdX
FCFAK9i/AMP8yoxbWL28P/YvhPWBl5I9ok/3uYsIBFU1UGsSy/ClgFhVjOBzlTUo
MFBS1D25VmU7usX/S55fAoWppypzsRNssgzYt36beVmSdmIJCJDqIDPuustY3Ng2
m2S6OzAYhZLhO+dRJWXLdUztBAWQrS05XmQ/GP688BY2PIpu5SHDAAksOt61BeKW
WqfSZqT1aa/o0LaivoVXSmC0Xtv/Wt8znZz3ahDu94SnxI5dVTJE6UUBen8CN7RV
-----END CERTIFICATE-----