Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208723.roa
File:                     AS208723.roa (raw, json)
Hash identifier:          5GrjtrMyueofALoPzEHgcn/cSCTKc5Atq6JF9hwgKAA=
Subject key identifier:   7E:57:0E:42:E3:B7:77:DF:3E:BA:92:C6:B9:A4:3A:2C:2A:AA:2C:24
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0FA82B543752F57DE70F5CF7AC58B0EAD6872FB8
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208723.roa
Signing time:             Sun 08 Jun 2025 18:08:39 +0000
ROA not before:           Sun 08 Jun 2025 18:03:39 +0000
ROA not after:            Sun 07 Jun 2026 18:08:39 +0000
asID:                     208723
IP address blocks:        143.20.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:a8:2b:54:37:52:f5:7d:e7:0f:5c:f7:ac:58:b0:ea:d6:87:2f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  8 18:03:39 2025 GMT
            Not After : Jun  7 18:08:39 2026 GMT
        Subject: CN=7E570E42E3B777DF3EBA92C6B9A43A2C2AAA2C24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cd:45:29:dc:05:5e:d8:9e:a7:7f:e5:6c:85:
                    2a:ff:78:df:0e:d7:ca:41:12:69:33:4f:83:4e:c1:
                    fe:a7:eb:67:50:ad:27:fa:64:8d:5c:cf:b9:8f:aa:
                    72:d7:74:47:87:d9:c1:94:f0:ec:a2:dd:d8:92:e9:
                    0b:0a:44:f0:88:0d:95:df:60:9d:64:cd:75:a4:bb:
                    eb:56:35:d2:ae:16:32:6a:eb:af:fc:0a:b1:6d:b7:
                    5b:0a:49:b8:59:91:8b:8b:51:bf:a3:46:f1:fd:b9:
                    fd:dd:de:c6:09:ca:6e:09:40:95:47:87:79:c9:d8:
                    df:0c:c9:c2:ab:da:1e:cd:3c:a0:5d:19:3d:0c:41:
                    ad:30:41:36:45:72:01:37:97:a9:2d:49:b0:38:32:
                    38:ac:ac:2b:e5:1c:08:34:90:b3:35:6c:88:23:6e:
                    1d:9d:1d:8d:dd:d5:14:f1:62:6f:0d:ee:6c:d7:9e:
                    a3:c6:8f:15:52:a7:c0:8a:c2:16:28:aa:83:3f:1b:
                    b7:b6:e6:de:91:2e:d3:e9:15:42:8b:60:cd:6b:e5:
                    c1:36:78:17:c6:a9:dc:86:34:6c:fb:f6:50:99:6e:
                    c5:54:5f:4f:57:c7:bd:e7:c5:4b:c4:6d:8a:c0:36:
                    da:f8:50:66:9c:75:3b:53:76:f1:53:bc:45:ae:7c:
                    38:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:57:0E:42:E3:B7:77:DF:3E:BA:92:C6:B9:A4:3A:2C:2A:AA:2C:24
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208723.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:f8:67:54:f0:df:b2:e4:1f:b0:17:85:8f:5a:89:d2:c7:c4:
         64:f3:bb:ad:47:37:e7:99:77:2a:a4:3d:28:ad:03:93:b4:fa:
         c2:9f:ab:28:65:d1:7d:23:08:61:8f:84:d8:e6:de:e5:ce:b2:
         d0:de:c8:78:61:5f:b7:40:93:7d:10:ac:eb:f6:14:e8:cf:9a:
         ca:aa:0e:35:82:61:09:65:bf:0e:a8:b7:b0:79:cf:ee:5a:0a:
         94:05:5c:39:1a:c3:03:83:4f:c1:ef:9d:3c:fb:a0:f2:ff:f5:
         52:19:f2:96:16:ab:cd:af:a0:f2:9d:26:c8:2c:6a:18:db:79:
         f2:e0:1d:5d:9d:b7:dc:5d:c1:69:c2:57:e7:0c:d3:d3:fc:da:
         4b:1a:70:73:3c:dd:4a:15:3c:b0:5d:48:1a:a7:9f:aa:d3:a5:
         0b:51:fc:9a:78:ea:1e:d3:c1:14:4c:3b:1b:a6:97:7f:9a:8b:
         5a:2e:e5:50:fb:14:e7:06:e9:90:d8:1b:b9:e9:4d:1a:5c:ab:
         be:19:d3:11:2f:62:36:c2:2d:f6:bd:26:86:ae:c8:55:e7:a2:
         c5:3d:70:5c:f5:41:a4:26:68:37:bc:50:c4:ec:3e:a1:d1:62:
         63:ac:3a:8c:a3:29:20:be:75:a3:a3:c4:78:ef:89:9d:fc:56:
         a4:43:ca:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUD6grVDdS9X3nD1z3rFiw6taHL7gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDgxODAzMzlaFw0yNjA2MDcxODA4MzlaMDMxMTAvBgNV
BAMTKDdFNTcwRTQyRTNCNzc3REYzRUJBOTJDNkI5QTQzQTJDMkFBQTJDMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzzUUp3AVe2J6nf+VshSr/eN8O
18pBEmkzT4NOwf6n62dQrSf6ZI1cz7mPqnLXdEeH2cGU8Oyi3diS6QsKRPCIDZXf
YJ1kzXWku+tWNdKuFjJq66/8CrFtt1sKSbhZkYuLUb+jRvH9uf3d3sYJym4JQJVH
h3nJ2N8MycKr2h7NPKBdGT0MQa0wQTZFcgE3l6ktSbA4MjisrCvlHAg0kLM1bIgj
bh2dHY3d1RTxYm8N7mzXnqPGjxVSp8CKwhYoqoM/G7e25t6RLtPpFUKLYM1r5cE2
eBfGqdyGNGz79lCZbsVUX09Xx73nxUvEbYrANtr4UGacdTtTdvFTvEWufDiBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUflcOQuO3d98+upLGuaQ6LCqqLCQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA4NzIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRF
MA0GCSqGSIb3DQEBCwUAA4IBAQAl+GdU8N+y5B+wF4WPWonSx8Rk87utRzfnmXcq
pD0orQOTtPrCn6soZdF9Iwhhj4TY5t7lzrLQ3sh4YV+3QJN9EKzr9hToz5rKqg41
gmEJZb8OqLewec/uWgqUBVw5GsMDg0/B7508+6Dy//VSGfKWFqvNr6DynSbILGoY
23ny4B1dnbfcXcFpwlfnDNPT/NpLGnBzPN1KFTywXUgap5+q06ULUfyaeOoe08EU
TDsbppd/motaLuVQ+xTnBumQ2Bu56U0aXKu+GdMRL2I2wi32vSaGrshV56LFPXBc
9UGkJmg3vFDE7D6h0WJjrDqMoykgvnWjo8R474md/FakQ8rm
-----END CERTIFICATE-----