Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214654.roa
File:                     AS214654.roa (raw, json)
Hash identifier:          QadLeu9hRVKMerVAJCDkzypJXLPP7/2pqfT8bWQAb8o=
Subject key identifier:   66:81:8F:26:C9:87:84:7A:DB:45:36:CF:5B:DE:1F:3D:4B:7F:88:E5
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       240942C8C1D94B6E6AED9C8BC60975D24CAC63F1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214654.roa
Signing time:             Sun 26 Oct 2025 15:01:46 +0000
ROA not before:           Sun 26 Oct 2025 14:56:46 +0000
ROA not after:            Sun 25 Oct 2026 15:01:46 +0000
asID:                     214654
IP address blocks:        143.20.22.0/24 maxlen: 24
                          143.20.146.0/24 maxlen: 24
                          143.20.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:09:42:c8:c1:d9:4b:6e:6a:ed:9c:8b:c6:09:75:d2:4c:ac:63:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 26 14:56:46 2025 GMT
            Not After : Oct 25 15:01:46 2026 GMT
        Subject: CN=66818F26C987847ADB4536CF5BDE1F3D4B7F88E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5a:76:d8:4a:1d:4f:e7:14:c8:90:e6:ef:32:
                    f0:18:96:c7:df:b8:8e:2d:09:7b:be:e8:49:4c:80:
                    61:68:90:47:48:17:b0:fa:6d:88:d1:6f:ff:29:24:
                    fa:49:8c:6b:f6:31:f9:74:37:62:8c:59:3c:48:78:
                    18:12:80:d3:54:28:c5:90:a5:39:9c:96:8b:5d:b0:
                    6e:82:f5:14:f9:cb:2f:13:b4:de:eb:67:82:ab:19:
                    84:ec:f6:89:91:32:c1:2f:2c:ef:09:61:df:e2:03:
                    cc:0e:b8:04:d7:23:c2:4d:81:32:25:9f:b2:cf:ae:
                    f6:7b:9f:3c:01:0d:df:41:67:b8:03:87:aa:cc:97:
                    8b:db:e8:66:f5:b9:42:e9:d3:35:6e:a8:0d:9f:74:
                    b7:d0:ff:07:dc:6e:1b:47:dc:b0:44:6d:c7:74:7c:
                    65:e8:97:a3:de:1f:1e:c5:a4:49:f9:3f:2c:c7:1c:
                    57:da:7a:4b:d4:f8:b2:cf:78:c2:55:25:d9:6c:f6:
                    c1:f7:61:66:5c:64:c8:81:af:3f:91:b9:18:6d:54:
                    c2:1c:6b:66:57:fc:4e:d2:1a:9e:b5:26:7f:62:e2:
                    63:56:c2:9b:c4:f4:4d:a4:e4:c0:66:91:be:52:3d:
                    4a:14:8b:34:93:9e:f7:b2:b8:e6:c6:c2:9f:f9:ae:
                    a3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:81:8F:26:C9:87:84:7A:DB:45:36:CF:5B:DE:1F:3D:4B:7F:88:E5
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.22.0/24
                  143.20.146.0/24
                  143.20.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:55:39:85:ca:3f:65:1f:b8:1c:9a:da:ea:af:10:29:c4:de:
         81:ad:14:b3:e1:ac:ec:16:de:d4:af:06:61:31:17:8f:77:08:
         d2:e9:c8:cb:2b:55:dc:dc:06:e4:0a:34:d6:bd:e4:36:be:7c:
         7d:fd:ae:c2:f4:45:1d:ab:ac:62:12:95:30:e5:9c:fc:39:32:
         b1:57:5f:be:69:f4:17:9f:a7:df:1f:f5:02:b2:dd:72:11:56:
         1e:fe:4f:2c:29:48:ce:3f:9d:04:2d:b1:6c:60:ec:5a:0b:79:
         0c:14:64:ad:c7:b7:6e:d0:13:1b:0e:ca:b4:df:4e:b7:31:0c:
         d6:bc:50:57:58:6c:d7:2f:5c:f1:0a:ad:32:38:ea:28:c2:44:
         d9:21:7f:e2:94:41:de:92:35:ac:36:91:51:6f:8f:17:c3:22:
         c7:de:a2:18:ad:ce:97:06:ba:aa:a5:c4:c4:ec:e4:58:e4:8a:
         5e:bc:40:cf:3d:86:fb:9d:03:cf:67:3f:03:5a:19:0b:db:ca:
         e5:06:04:a0:73:21:bb:49:36:25:5f:1a:a9:9d:c2:f2:4a:dc:
         bf:0c:ff:db:d2:34:5d:c9:8e:6b:d5:f6:d3:f0:35:d7:fb:f5:
         96:53:69:90:81:9e:88:72:5f:b0:39:c0:64:46:03:fe:a8:60:
         24:fe:ec:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUJAlCyMHZS25q7ZyLxgl10kysY/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjYxNDU2NDZaFw0yNjEwMjUxNTAxNDZaMDMxMTAvBgNV
BAMTKDY2ODE4RjI2Qzk4Nzg0N0FEQjQ1MzZDRjVCREUxRjNENEI3Rjg4RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaWnbYSh1P5xTIkObvMvAYlsff
uI4tCXu+6ElMgGFokEdIF7D6bYjRb/8pJPpJjGv2Mfl0N2KMWTxIeBgSgNNUKMWQ
pTmclotdsG6C9RT5yy8TtN7rZ4KrGYTs9omRMsEvLO8JYd/iA8wOuATXI8JNgTIl
n7LPrvZ7nzwBDd9BZ7gDh6rMl4vb6Gb1uULp0zVuqA2fdLfQ/wfcbhtH3LBEbcd0
fGXol6PeHx7FpEn5PyzHHFfaekvU+LLPeMJVJdls9sH3YWZcZMiBrz+RuRhtVMIc
a2ZX/E7SGp61Jn9i4mNWwpvE9E2k5MBmkb5SPUoUizSTnveyuObGwp/5rqOPAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUZoGPJsmHhHrbRTbPW94fPUt/iOUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxQW
AwQAjxSSAwQAjxSUMA0GCSqGSIb3DQEBCwUAA4IBAQBiVTmFyj9lH7gcmtrqrxAp
xN6BrRSz4azsFt7UrwZhMRePdwjS6cjLK1Xc3AbkCjTWveQ2vnx9/a7C9EUdq6xi
EpUw5Zz8OTKxV1++afQXn6ffH/UCst1yEVYe/k8sKUjOP50ELbFsYOxaC3kMFGSt
x7du0BMbDsq03063MQzWvFBXWGzXL1zxCq0yOOoowkTZIX/ilEHekjWsNpFRb48X
wyLH3qIYrc6XBrqqpcTE7ORY5IpevEDPPYb7nQPPZz8DWhkL28rlBgSgcyG7STYl
XxqpncLySty/DP/b0jRdyY5r1fbT8DXX+/WWU2mQgZ6Icl+wOcBkRgP+qGAk/uxC
-----END CERTIFICATE-----