Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211407.roa
File:                     AS211407.roa (raw, json)
Hash identifier:          w9tuFyJBH4S47BUFEmurRb1Akwv+vseGkH7dL2DmKA4=
Subject key identifier:   F8:16:CE:66:E6:44:36:F5:F3:B5:B1:68:18:6B:48:94:46:F7:28:A8
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       65E1FA31D30BEC7A62A5B2CDA15092452F88FD70
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211407.roa
Signing time:             Sat 01 Nov 2025 05:37:29 +0000
ROA not before:           Sat 01 Nov 2025 05:32:29 +0000
ROA not after:            Sat 31 Oct 2026 05:37:29 +0000
asID:                     211407
IP address blocks:        143.20.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:48:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:e1:fa:31:d3:0b:ec:7a:62:a5:b2:cd:a1:50:92:45:2f:88:fd:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov  1 05:32:29 2025 GMT
            Not After : Oct 31 05:37:29 2026 GMT
        Subject: CN=F816CE66E64436F5F3B5B168186B489446F728A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1d:41:7b:f6:a4:34:ba:fb:3a:21:88:57:42:
                    a0:4f:a6:d6:1a:06:ba:65:5a:1a:d8:1d:10:0a:ef:
                    1b:cb:cf:f6:83:bf:fc:8e:bf:d8:a9:f2:0b:b5:50:
                    be:02:31:5c:e8:89:c1:a4:b1:b9:d2:ba:ec:01:37:
                    02:3a:3f:35:fa:22:8c:d7:92:84:f3:f6:d5:92:3b:
                    f2:1e:3f:d0:17:0a:b2:8e:84:58:8d:f9:f8:c6:d9:
                    55:47:ad:9f:03:50:77:83:56:a6:77:ed:a7:41:62:
                    dc:60:18:f3:78:7d:58:4c:9c:f8:9f:bb:4d:f6:d8:
                    aa:db:12:e5:1b:49:1a:46:7f:fc:a5:e4:c3:ff:8f:
                    8a:4c:d9:7d:f2:93:dc:c8:7f:ba:27:08:8f:ad:ba:
                    04:52:1d:ce:61:cc:e5:43:ec:71:86:bf:94:a5:4d:
                    c5:de:66:1f:82:ad:93:5d:79:a0:32:9f:02:37:aa:
                    5c:0a:b2:37:90:cb:2d:1b:be:16:20:84:0a:08:60:
                    03:8f:b2:e7:8e:62:b2:51:72:ac:11:07:9f:48:fe:
                    fa:59:4c:ef:0e:7e:01:fb:bd:e3:72:74:42:2f:1d:
                    54:f9:05:3f:a1:0c:d2:7e:24:0a:b6:be:f6:61:59:
                    d8:49:e2:11:aa:7a:de:35:fa:06:4f:00:71:e5:c9:
                    04:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:16:CE:66:E6:44:36:F5:F3:B5:B1:68:18:6B:48:94:46:F7:28:A8
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:6c:e6:bb:e0:23:c7:f9:0a:c9:c6:39:d6:3d:ea:fd:71:fa:
         6e:0e:61:6b:ba:dc:17:16:c8:9b:fd:a4:e5:72:60:e7:9a:e3:
         93:88:2f:35:3d:22:b1:65:b4:37:e2:e7:71:1b:b3:4d:f2:19:
         37:f9:2e:4e:d1:fb:0a:87:56:5a:01:f3:40:3f:fd:d5:72:78:
         57:05:1e:2f:31:37:57:d6:dd:03:bb:db:38:f6:79:a3:42:cd:
         93:a7:bc:e5:e6:ea:76:47:08:2a:f8:b6:9c:40:54:df:c5:ce:
         67:08:a9:92:05:35:1c:7f:84:03:ce:74:ec:0d:7c:12:90:b7:
         64:ed:72:0c:f4:99:0d:de:02:72:96:bd:52:df:7b:2b:82:55:
         1a:30:81:30:09:bc:44:9d:4f:12:3c:03:b9:20:2c:e2:67:ba:
         62:f0:cc:d8:ba:38:11:c8:3a:69:ac:ff:b7:66:a6:a6:39:31:
         d0:d2:92:5e:1c:7f:24:51:c9:f5:37:75:a3:97:f4:51:5d:f4:
         df:b9:a6:b3:c5:37:2a:ac:db:a7:16:c3:c1:d9:e3:e1:d0:1c:
         73:d1:51:29:da:b9:d8:78:45:28:b8:46:0c:36:d5:41:7d:3e:
         de:9c:6a:83:50:09:77:ef:a6:23:7f:b8:c0:b0:28:08:5a:11:
         d3:4b:1d:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZeH6MdML7HpipbLNoVCSRS+I/XAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMDEwNTMyMjlaFw0yNjEwMzEwNTM3MjlaMDMxMTAvBgNV
BAMTKEY4MTZDRTY2RTY0NDM2RjVGM0I1QjE2ODE4NkI0ODk0NDZGNzI4QTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8HUF79qQ0uvs6IYhXQqBPptYa
BrplWhrYHRAK7xvLz/aDv/yOv9ip8gu1UL4CMVzoicGksbnSuuwBNwI6PzX6IozX
koTz9tWSO/IeP9AXCrKOhFiN+fjG2VVHrZ8DUHeDVqZ37adBYtxgGPN4fVhMnPif
u0322KrbEuUbSRpGf/yl5MP/j4pM2X3yk9zIf7onCI+tugRSHc5hzOVD7HGGv5Sl
TcXeZh+CrZNdeaAynwI3qlwKsjeQyy0bvhYghAoIYAOPsueOYrJRcqwRB59I/vpZ
TO8OfgH7veNydEIvHVT5BT+hDNJ+JAq2vvZhWdhJ4hGqet41+gZPAHHlyQTTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+BbOZuZENvXztbFoGGtIlEb3KKgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjExNDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQK
MA0GCSqGSIb3DQEBCwUAA4IBAQBfbOa74CPH+QrJxjnWPer9cfpuDmFrutwXFsib
/aTlcmDnmuOTiC81PSKxZbQ34udxG7NN8hk3+S5O0fsKh1ZaAfNAP/3VcnhXBR4v
MTdX1t0Du9s49nmjQs2Tp7zl5up2Rwgq+LacQFTfxc5nCKmSBTUcf4QDznTsDXwS
kLdk7XIM9JkN3gJylr1S33srglUaMIEwCbxEnU8SPAO5ICziZ7pi8MzYujgRyDpp
rP+3ZqamOTHQ0pJeHH8kUcn1N3Wjl/RRXfTfuaazxTcqrNunFsPB2ePh0Bxz0VEp
2rnYeEUouEYMNtVBfT7enGqDUAl376Yjf7jAsCgIWhHTSx2x
-----END CERTIFICATE-----