Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa
File:                     AS214677.roa (raw, json)
Hash identifier:          037N2vQC+VFVM4gEL77rL1zWJJOwaXorKJKnVW7XCS0=
Subject key identifier:   9E:58:43:B4:60:04:A5:B1:23:0A:39:34:3D:CC:A4:14:6C:CF:33:D4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       053537BAC28325FCA3502E6C37AA2436A58366D6
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa
Signing time:             Thu 05 Jun 2025 17:39:51 +0000
ROA not before:           Thu 05 Jun 2025 17:34:51 +0000
ROA not after:            Thu 04 Jun 2026 17:39:51 +0000
asID:                     214677
IP address blocks:        143.20.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 15:06:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:35:37:ba:c2:83:25:fc:a3:50:2e:6c:37:aa:24:36:a5:83:66:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:51 2025 GMT
            Not After : Jun  4 17:39:51 2026 GMT
        Subject: CN=9E5843B46004A5B1230A39343DCCA4146CCF33D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4f:56:fe:99:bd:37:0b:25:c7:e0:b3:c0:43:
                    8f:b8:bb:94:90:6f:f7:f7:68:36:e0:e9:ed:8f:5e:
                    d4:ec:45:2f:53:58:21:a2:ea:f5:c5:26:b8:fe:bb:
                    71:db:99:01:6c:cf:06:7e:cd:a0:a8:b5:71:33:f7:
                    1f:7a:bc:86:42:19:df:9a:67:18:fc:70:5d:f8:d6:
                    2e:47:a2:e0:b7:01:e3:44:ac:d5:77:ed:97:4b:44:
                    e6:6b:95:25:ce:d4:d0:68:6f:8a:0b:69:51:24:83:
                    0c:62:ab:5b:0f:b4:e4:04:79:dd:93:f5:e0:3c:90:
                    bc:f7:7c:f2:41:31:d1:3a:95:61:37:16:78:59:e7:
                    a6:20:e7:b9:19:7b:5c:1b:2c:0e:16:29:93:71:9c:
                    19:69:28:28:78:ca:37:1f:37:ca:1a:45:88:8d:53:
                    ff:38:e9:97:15:95:2c:bc:b3:30:95:fb:33:c0:d8:
                    d2:bc:c1:f5:40:c9:59:a9:b4:b7:56:be:ec:ff:09:
                    17:41:6c:96:fc:f0:3c:64:12:6f:b4:43:db:f0:05:
                    7f:ae:c4:c5:2f:7c:ab:a2:46:e3:dc:f6:04:a3:9f:
                    be:40:51:5e:e2:c2:5e:c7:bd:d6:dd:1a:24:c3:d8:
                    ab:4d:d5:b0:16:5d:1b:2d:6d:a5:f9:a5:ec:77:76:
                    fe:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:58:43:B4:60:04:A5:B1:23:0A:39:34:3D:CC:A4:14:6C:CF:33:D4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:27:dd:61:24:76:a7:db:df:45:9b:ac:01:f1:5c:75:4f:3b:
         49:65:be:2e:3a:d6:b3:e9:44:aa:3c:a6:43:e2:b5:90:6a:a3:
         64:4e:9a:04:5f:08:3a:91:b3:5b:49:7f:7a:8e:c3:e8:9b:f6:
         81:3d:df:38:41:1c:1c:ff:44:5a:52:01:ab:26:54:55:c0:2d:
         f7:a0:a4:e1:d3:ae:88:dd:26:37:62:67:5c:a0:c7:e9:10:19:
         09:6d:60:4f:21:ac:61:ac:7e:c3:97:73:fa:35:36:c5:e9:21:
         c7:53:7e:13:11:56:19:1d:c9:95:6b:9b:4e:2f:ba:61:61:79:
         2a:c0:26:34:f0:9c:65:41:9e:15:33:70:7e:9f:db:df:d8:74:
         d1:18:f8:65:e9:78:8b:a6:72:69:10:a5:46:dd:56:18:ed:cd:
         82:b8:a4:84:40:d2:6f:70:b3:06:19:b0:ba:a9:a9:3a:aa:60:
         7e:1a:12:2f:66:b0:90:7f:b6:1c:91:bf:ba:96:d8:a5:ea:19:
         7b:02:88:a9:ca:ed:e6:8c:02:f4:c6:09:73:cf:aa:92:d1:e4:
         2c:6d:96:48:e0:47:df:78:11:c4:1e:4f:22:3c:c9:2f:c0:61:
         88:a0:6f:4c:48:96:22:51:e2:e4:07:ef:1d:0f:05:f4:2b:d3:
         00:74:60:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBTU3usKDJfyjUC5sN6okNqWDZtYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTFaFw0yNjA2MDQxNzM5NTFaMDMxMTAvBgNV
BAMTKDlFNTg0M0I0NjAwNEE1QjEyMzBBMzkzNDNEQ0NBNDE0NkNDRjMzRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwT1b+mb03CyXH4LPAQ4+4u5SQ
b/f3aDbg6e2PXtTsRS9TWCGi6vXFJrj+u3HbmQFszwZ+zaCotXEz9x96vIZCGd+a
Zxj8cF341i5HouC3AeNErNV37ZdLROZrlSXO1NBob4oLaVEkgwxiq1sPtOQEed2T
9eA8kLz3fPJBMdE6lWE3FnhZ56Yg57kZe1wbLA4WKZNxnBlpKCh4yjcfN8oaRYiN
U/846ZcVlSy8szCV+zPA2NK8wfVAyVmptLdWvuz/CRdBbJb88DxkEm+0Q9vwBX+u
xMUvfKuiRuPc9gSjn75AUV7iwl7HvdbdGiTD2KtN1bAWXRstbaX5pex3dv5LAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUnlhDtGAEpbEjCjk0PcykFGzPM9QwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0Njc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxR0
MA0GCSqGSIb3DQEBCwUAA4IBAQBTJ91hJHan299Fm6wB8Vx1TztJZb4uOtaz6USq
PKZD4rWQaqNkTpoEXwg6kbNbSX96jsPom/aBPd84QRwc/0RaUgGrJlRVwC33oKTh
066I3SY3YmdcoMfpEBkJbWBPIaxhrH7Dl3P6NTbF6SHHU34TEVYZHcmVa5tOL7ph
YXkqwCY08JxlQZ4VM3B+n9vf2HTRGPhl6XiLpnJpEKVG3VYY7c2CuKSEQNJvcLMG
GbC6qak6qmB+GhIvZrCQf7Yckb+6ltil6hl7Aoipyu3mjAL0xglzz6qS0eQsbZZI
4EffeBHEHk8iPMkvwGGIoG9MSJYiUeLkB+8dDwX0K9MAdGDV
-----END CERTIFICATE-----