Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207612.roa
File:                     AS207612.roa (raw, json)
Hash identifier:          hf3w94oKNK6dFsOzgDHCjTc1mv8tdjZCJ7tJnUCJEjs=
Subject key identifier:   EB:4E:82:D1:0C:73:10:DC:B1:B6:F2:3E:06:04:DD:E7:18:38:B1:FA
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       143D006A20C0ECC51DBA5BCC0131186FC73E9F30
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207612.roa
Signing time:             Thu 30 Oct 2025 16:07:14 +0000
ROA not before:           Thu 30 Oct 2025 16:02:14 +0000
ROA not after:            Thu 29 Oct 2026 16:07:14 +0000
asID:                     207612
IP address blocks:        143.20.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:3d:00:6a:20:c0:ec:c5:1d:ba:5b:cc:01:31:18:6f:c7:3e:9f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 30 16:02:14 2025 GMT
            Not After : Oct 29 16:07:14 2026 GMT
        Subject: CN=EB4E82D10C7310DCB1B6F23E0604DDE71838B1FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5d:3a:75:a7:86:1f:e2:5a:36:17:e2:48:25:
                    21:55:98:80:25:ff:d5:79:ee:fa:07:1d:2f:2e:dc:
                    c2:1b:40:ab:2b:c7:e0:12:cc:e9:39:ec:11:56:60:
                    23:59:35:2c:b5:3f:ce:85:f8:c5:13:e2:f0:db:3d:
                    4b:8e:2c:80:80:1f:9e:b9:ab:c3:df:10:c8:b9:c6:
                    4a:4f:66:8e:51:c8:e0:ed:4b:ec:d1:c6:d8:23:23:
                    f7:76:ef:05:41:cd:ea:05:71:33:cc:06:69:69:a6:
                    79:5a:6f:7b:b1:a8:a8:d7:33:8c:71:40:0f:21:8a:
                    95:48:e6:d6:7a:94:4d:f5:bf:f7:ae:87:63:6b:89:
                    fb:e7:0a:ec:0c:72:ac:6d:5e:9a:a8:92:48:54:59:
                    b0:f2:0f:35:dd:cc:7a:c6:24:47:ac:00:76:f4:c7:
                    20:7f:fd:a2:6b:36:98:d2:60:1c:c4:64:04:7c:3e:
                    6d:6e:05:23:04:4a:90:7e:8c:43:3e:de:87:7a:91:
                    63:c5:ba:3f:17:c7:ab:19:7e:ae:e0:98:76:bd:c8:
                    83:20:cb:5f:89:3f:f3:01:d4:a8:e7:49:8b:ae:e1:
                    05:82:41:1d:af:53:1f:65:61:bb:62:04:97:4a:3d:
                    0f:b8:8c:f6:4b:44:1f:d3:cb:f8:ec:d1:a8:ac:e3:
                    70:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:4E:82:D1:0C:73:10:DC:B1:B6:F2:3E:06:04:DD:E7:18:38:B1:FA
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207612.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:fb:67:e9:14:b7:9e:68:60:07:79:88:19:c8:ca:a2:ed:37:
         5e:e7:80:38:6f:7e:6f:19:56:2f:ff:66:6f:bb:30:98:1d:5e:
         b3:08:7b:29:4c:f3:9a:de:f9:ee:90:ce:4b:25:4c:8c:17:45:
         b9:0a:b2:e0:d1:1d:9f:cc:35:f0:54:00:26:74:1d:3a:f3:e5:
         c9:0e:eb:96:aa:69:dd:ee:c3:be:9b:47:67:31:cf:12:dd:fd:
         01:08:29:df:11:9b:43:05:7a:9f:4b:c3:10:cf:8b:74:34:55:
         ba:70:33:45:22:2c:7f:86:74:0b:b1:12:9e:91:51:37:ec:7a:
         0c:be:86:0b:b2:51:5b:1a:5b:24:d9:fc:58:c8:0d:12:bb:0d:
         39:f7:24:85:08:19:69:ff:49:58:8a:6d:15:7c:92:aa:5e:f5:
         5d:67:2f:01:7a:e1:4b:d0:55:4c:b8:31:30:ea:35:1b:f2:f9:
         f4:cc:9e:e5:1d:9f:83:2c:b3:da:75:44:24:f7:e4:6f:7e:24:
         4d:55:b5:6f:7c:44:81:d5:c1:5f:23:f4:49:ab:ba:27:6e:71:
         fc:f3:35:01:66:af:10:4b:4d:b9:6d:4b:62:7d:c6:21:77:b0:
         26:84:a0:96:fd:a7:55:f4:f2:5d:c5:62:8a:8f:18:e7:6e:1c:
         c3:9b:7e:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFD0AaiDA7MUdulvMATEYb8c+nzAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMzAxNjAyMTRaFw0yNjEwMjkxNjA3MTRaMDMxMTAvBgNV
BAMTKEVCNEU4MkQxMEM3MzEwRENCMUI2RjIzRTA2MDREREU3MTgzOEIxRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuXTp1p4Yf4lo2F+JIJSFVmIAl
/9V57voHHS8u3MIbQKsrx+ASzOk57BFWYCNZNSy1P86F+MUT4vDbPUuOLICAH565
q8PfEMi5xkpPZo5RyODtS+zRxtgjI/d27wVBzeoFcTPMBmlppnlab3uxqKjXM4xx
QA8hipVI5tZ6lE31v/euh2NrifvnCuwMcqxtXpqokkhUWbDyDzXdzHrGJEesAHb0
xyB//aJrNpjSYBzEZAR8Pm1uBSMESpB+jEM+3od6kWPFuj8Xx6sZfq7gmHa9yIMg
y1+JP/MB1KjnSYuu4QWCQR2vUx9lYbtiBJdKPQ+4jPZLRB/Ty/js0ais43CdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU606C0QxzENyxtvI+BgTd5xg4sfowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3NjEyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSD
MA0GCSqGSIb3DQEBCwUAA4IBAQDY+2fpFLeeaGAHeYgZyMqi7Tde54A4b35vGVYv
/2ZvuzCYHV6zCHspTPOa3vnukM5LJUyMF0W5CrLg0R2fzDXwVAAmdB068+XJDuuW
qmnd7sO+m0dnMc8S3f0BCCnfEZtDBXqfS8MQz4t0NFW6cDNFIix/hnQLsRKekVE3
7HoMvoYLslFbGlsk2fxYyA0Suw059ySFCBlp/0lYim0VfJKqXvVdZy8BeuFL0FVM
uDEw6jUb8vn0zJ7lHZ+DLLPadUQk9+RvfiRNVbVvfESB1cFfI/RJq7onbnH88zUB
Zq8QS025bUtifcYhd7AmhKCW/adV9PJdxWKKjxjnbhzDm36J
-----END CERTIFICATE-----