Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          Df8oLwlsgkAHKSrVscMyGsUFscxvTj4try/9JL2q9dg=
Subject key identifier:   C1:E8:0D:29:FE:8F:BC:D6:40:E5:F2:17:32:E9:3F:60:F1:90:45:CF
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3C320D10A4156F1A21CB4F8C1FB5F8652C832C1B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214025.roa
Signing time:             Fri 06 Feb 2026 03:42:28 +0000
ROA not before:           Fri 06 Feb 2026 03:37:28 +0000
ROA not after:            Fri 05 Feb 2027 03:42:28 +0000
asID:                     214025
IP address blocks:        143.20.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:36:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:32:0d:10:a4:15:6f:1a:21:cb:4f:8c:1f:b5:f8:65:2c:83:2c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Feb  6 03:37:28 2026 GMT
            Not After : Feb  5 03:42:28 2027 GMT
        Subject: CN=C1E80D29FE8FBCD640E5F21732E93F60F19045CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a5:9f:21:2e:33:a6:73:89:e9:5e:0a:46:45:
                    ca:17:5c:ad:80:d8:5a:89:d0:30:a5:6e:48:2e:c5:
                    80:cf:5d:c7:8c:6b:70:d9:a1:6d:40:0f:61:76:75:
                    72:99:6e:b4:a3:88:b1:75:82:a8:0f:b6:e3:73:c4:
                    4c:04:41:c0:e4:c4:2a:29:0f:a2:1b:94:29:72:80:
                    51:fa:ed:e0:b6:8d:2f:99:98:63:e8:a7:17:04:e6:
                    17:74:04:fe:b6:ec:cd:31:4f:96:b4:85:25:e9:d0:
                    fa:21:58:30:a5:9e:e1:4d:47:1a:1d:27:d5:df:ad:
                    4c:63:34:1a:c7:d5:2a:c5:30:80:54:b3:ef:95:2e:
                    b5:28:ef:29:87:3a:1f:22:22:86:09:a4:e9:f5:fc:
                    91:f5:c3:32:5e:37:44:e1:af:ba:c9:b3:60:eb:eb:
                    c4:16:78:a3:3d:77:47:8c:64:a1:85:60:df:40:47:
                    7d:e9:2a:eb:89:ba:50:27:e4:04:ce:4f:9c:d3:48:
                    c1:e5:57:2d:95:c2:cb:44:a5:03:84:b4:ee:b1:44:
                    f1:ee:12:13:96:c0:69:98:0c:e2:6a:d6:f3:cc:48:
                    20:71:50:41:ba:04:85:ae:0f:fd:ba:59:ae:1c:69:
                    a5:55:b6:86:71:4e:e5:0e:b0:f1:96:0f:fc:66:74:
                    4b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:E8:0D:29:FE:8F:BC:D6:40:E5:F2:17:32:E9:3F:60:F1:90:45:CF
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:4d:17:31:25:3b:5d:1b:25:45:08:7f:66:5b:67:9b:8b:ce:
         db:98:59:39:cf:43:01:e8:6d:06:7c:33:73:79:2c:09:7d:38:
         47:ce:0b:bf:ec:b5:20:1e:f5:bc:64:72:ca:98:83:00:6d:ba:
         c5:c3:ac:53:0b:84:49:23:cf:fb:39:91:31:83:57:00:89:5a:
         ed:71:50:73:16:f3:11:b9:04:5b:4d:f9:9e:50:22:33:c1:67:
         23:cd:fa:56:4d:c3:89:47:13:0b:28:81:61:a8:12:e5:22:d5:
         28:ec:46:df:af:20:20:4b:ca:50:c1:bf:2c:54:9a:07:0e:43:
         99:0b:79:9e:5d:3c:a0:60:ad:21:da:c1:d0:25:28:f5:79:01:
         3e:4f:3a:8a:97:d0:88:73:34:da:14:92:67:21:75:52:d7:27:
         60:ef:56:40:e6:ea:f7:24:58:81:95:37:43:8f:06:0d:76:24:
         05:70:26:91:4f:4d:38:b6:c7:db:b8:d7:38:c2:e5:f2:3f:d6:
         cc:eb:be:65:d2:ff:aa:b5:a8:5e:ab:96:53:14:4d:12:61:a0:
         8f:99:13:6c:fa:a8:9e:5c:57:74:59:02:f6:94:66:ed:f6:c4:
         21:52:fc:3f:0a:54:df:e8:cc:01:12:f9:d5:4b:94:65:2a:a7:
         28:6d:1e:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPDINEKQVbxohy0+MH7X4ZSyDLBswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAyMDYwMzM3MjhaFw0yNzAyMDUwMzQyMjhaMDMxMTAvBgNV
BAMTKEMxRTgwRDI5RkU4RkJDRDY0MEU1RjIxNzMyRTkzRjYwRjE5MDQ1Q0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHpZ8hLjOmc4npXgpGRcoXXK2A
2FqJ0DClbkguxYDPXceMa3DZoW1AD2F2dXKZbrSjiLF1gqgPtuNzxEwEQcDkxCop
D6IblClygFH67eC2jS+ZmGPopxcE5hd0BP627M0xT5a0hSXp0PohWDClnuFNRxod
J9XfrUxjNBrH1SrFMIBUs++VLrUo7ymHOh8iIoYJpOn1/JH1wzJeN0Thr7rJs2Dr
68QWeKM9d0eMZKGFYN9AR33pKuuJulAn5ATOT5zTSMHlVy2VwstEpQOEtO6xRPHu
EhOWwGmYDOJq1vPMSCBxUEG6BIWuD/26Wa4caaVVtoZxTuUOsPGWD/xmdEt5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUwegNKf6PvNZA5fIXMuk/YPGQRc8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRB
MA0GCSqGSIb3DQEBCwUAA4IBAQBiTRcxJTtdGyVFCH9mW2ebi87bmFk5z0MB6G0G
fDNzeSwJfThHzgu/7LUgHvW8ZHLKmIMAbbrFw6xTC4RJI8/7OZExg1cAiVrtcVBz
FvMRuQRbTfmeUCIzwWcjzfpWTcOJRxMLKIFhqBLlItUo7EbfryAgS8pQwb8sVJoH
DkOZC3meXTygYK0h2sHQJSj1eQE+TzqKl9CIczTaFJJnIXVS1ydg71ZA5ur3JFiB
lTdDjwYNdiQFcCaRT004tsfbuNc4wuXyP9bM675l0v+qtaheq5ZTFE0SYaCPmRNs
+qieXFd0WQL2lGbt9sQhUvw/ClTf6MwBEvnVS5RlKqcobR6n
-----END CERTIFICATE-----