Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          bLkgjRELibA0OJ0Lt1NEcLUyWuEVSwJjpL1mBdi+2nw=
Subject key identifier:   E0:D1:6D:9A:CB:15:1F:05:77:41:AD:32:CC:3F:EF:E1:7F:84:DA:06
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3F8F79A4AC6DDF69FC7B07A09EB7B576A34319AF
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa
Signing time:             Sat 07 Jun 2025 00:01:57 +0000
ROA not before:           Fri 06 Jun 2025 23:56:57 +0000
ROA not after:            Sat 06 Jun 2026 00:01:57 +0000
asID:                     212238
IP address blocks:        143.20.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 17:55:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:8f:79:a4:ac:6d:df:69:fc:7b:07:a0:9e:b7:b5:76:a3:43:19:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  6 23:56:57 2025 GMT
            Not After : Jun  6 00:01:57 2026 GMT
        Subject: CN=E0D16D9ACB151F057741AD32CC3FEFE17F84DA06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ab:a8:7e:d4:fb:13:37:33:46:84:63:5d:00:
                    6f:01:f7:58:1e:3f:11:a6:b1:ab:cd:7c:da:99:51:
                    6c:c0:a3:a6:9d:50:f4:2f:21:73:eb:ec:c8:89:77:
                    83:c2:62:1f:36:6e:44:dd:28:f8:96:05:4b:bf:73:
                    fb:ea:b6:8e:ca:2a:ee:e2:38:70:7b:55:d6:82:f3:
                    a2:b9:e4:3b:e1:d4:0a:d7:e2:42:44:83:2e:c5:7f:
                    8f:8d:45:f0:9a:95:13:c0:4a:ac:d8:8f:5b:b1:87:
                    9b:a5:56:2f:7d:60:1e:22:a7:26:94:19:f1:a9:10:
                    e6:f7:0f:d7:f1:b8:d3:19:32:9f:23:f7:e2:b2:13:
                    c3:c7:e9:7a:30:6f:42:36:5e:b0:90:8a:25:aa:c9:
                    32:bc:2a:67:78:ef:56:9a:ee:cf:3b:81:90:55:7c:
                    d9:28:b9:c4:31:b7:5d:a8:06:88:98:e9:a7:e5:93:
                    72:3a:cf:8a:a5:b1:f6:e8:3a:7e:0d:f2:a7:97:18:
                    f1:99:69:0b:68:0d:16:80:eb:e4:78:09:a3:9a:76:
                    57:c2:b9:f2:c5:5f:99:32:79:f3:8f:9e:df:45:b1:
                    c2:2e:12:87:d9:9d:f7:83:50:bf:12:a5:bf:98:95:
                    ec:91:3c:58:cb:c7:bd:2e:19:b6:82:d7:30:72:e2:
                    23:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D1:6D:9A:CB:15:1F:05:77:41:AD:32:CC:3F:EF:E1:7F:84:DA:06
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:77:d2:d6:22:fc:ae:3f:84:03:7a:79:c4:f1:c5:28:72:7a:
         a8:ee:27:cf:a9:56:61:67:e6:97:d8:1d:91:39:68:57:b1:e7:
         36:09:08:46:aa:10:9e:f5:0f:9e:70:73:a9:24:be:77:dc:d3:
         c8:1c:ed:2b:14:c1:02:15:d1:09:62:c6:02:f6:6f:db:ae:91:
         ea:5d:1c:02:dc:ef:6e:85:6c:ca:14:1d:72:93:36:f4:3c:40:
         cc:07:1b:ed:cc:e1:3c:6b:62:f7:84:45:b4:44:a3:58:d9:4c:
         3a:49:9d:c4:aa:f2:53:42:20:d3:9c:16:e3:44:a2:72:d8:3f:
         da:7b:19:dd:ce:00:a0:bf:87:f0:f8:1c:50:f6:ec:54:da:d3:
         41:dd:ec:95:b5:af:de:bf:25:56:15:85:f6:cd:c0:87:a6:81:
         37:3f:1e:85:af:1f:90:3d:b0:46:0f:dd:55:9d:68:ce:9c:98:
         46:8b:69:35:77:c2:60:d6:06:c6:c1:ad:42:03:a0:a7:75:25:
         56:35:c4:f1:0e:31:ca:a5:e1:ce:4d:cb:43:11:5d:a7:af:2d:
         64:63:91:46:c1:64:8b:6a:67:be:01:bb:d8:d7:a2:5b:74:a3:
         18:08:6d:ff:4b:95:4a:51:64:d0:6a:97:77:c3:ba:7f:56:66:
         17:62:92:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUP495pKxt32n8ewegnre1dqNDGa8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDYyMzU2NTdaFw0yNjA2MDYwMDAxNTdaMDMxMTAvBgNV
BAMTKEUwRDE2RDlBQ0IxNTFGMDU3NzQxQUQzMkNDM0ZFRkUxN0Y4NERBMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLq6h+1PsTNzNGhGNdAG8B91ge
PxGmsavNfNqZUWzAo6adUPQvIXPr7MiJd4PCYh82bkTdKPiWBUu/c/vqto7KKu7i
OHB7VdaC86K55Dvh1ArX4kJEgy7Ff4+NRfCalRPASqzYj1uxh5ulVi99YB4ipyaU
GfGpEOb3D9fxuNMZMp8j9+KyE8PH6Xowb0I2XrCQiiWqyTK8Kmd471aa7s87gZBV
fNkoucQxt12oBoiY6aflk3I6z4qlsfboOn4N8qeXGPGZaQtoDRaA6+R4CaOadlfC
ufLFX5kyefOPnt9FscIuEofZnfeDUL8Spb+YleyRPFjLx70uGbaC1zBy4iMHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4NFtmssVHwV3Qa0yzD/v4X+E2gYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQr
MA0GCSqGSIb3DQEBCwUAA4IBAQAPd9LWIvyuP4QDennE8cUocnqo7ifPqVZhZ+aX
2B2ROWhXsec2CQhGqhCe9Q+ecHOpJL533NPIHO0rFMECFdEJYsYC9m/brpHqXRwC
3O9uhWzKFB1ykzb0PEDMBxvtzOE8a2L3hEW0RKNY2Uw6SZ3EqvJTQiDTnBbjRKJy
2D/aexndzgCgv4fw+BxQ9uxU2tNB3eyVta/evyVWFYX2zcCHpoE3Px6Frx+QPbBG
D91VnWjOnJhGi2k1d8Jg1gbGwa1CA6CndSVWNcTxDjHKpeHOTctDEV2nry1kY5FG
wWSLame+AbvY16JbdKMYCG3/S5VKUWTQapd3w7p/VmYXYpL+
-----END CERTIFICATE-----