Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa
File:                     AS214677.roa (raw, json)
Hash identifier:          hOC0qFIO4zOkqC1QUoE6+ziIe9btZgsYRbnEes4ckDw=
Subject key identifier:   8A:73:64:60:EE:8F:28:82:83:FB:E3:8A:84:53:7F:0B:5E:8F:FE:B9
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       19290F2EFAF75D94FEF37063A3814AEF78317018
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa
Signing time:             Fri 01 Aug 2025 00:03:35 +0000
ROA not before:           Thu 31 Jul 2025 23:58:35 +0000
ROA not after:            Fri 31 Jul 2026 00:03:35 +0000
asID:                     214677
IP address blocks:        143.20.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:29:0f:2e:fa:f7:5d:94:fe:f3:70:63:a3:81:4a:ef:78:31:70:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 31 23:58:35 2025 GMT
            Not After : Jul 31 00:03:35 2026 GMT
        Subject: CN=8A736460EE8F288283FBE38A84537F0B5E8FFEB9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:54:d7:4b:76:80:46:59:ad:66:ff:51:91:b7:
                    9c:40:9a:93:72:60:fb:b6:3c:d2:88:07:19:01:ef:
                    1d:28:16:69:7d:86:ef:1e:16:8a:c1:23:4d:12:45:
                    70:12:37:89:da:fa:fc:68:3c:64:b0:34:95:b1:88:
                    3f:37:ed:b6:ed:fb:3b:62:93:a4:6c:00:0e:5f:eb:
                    ef:0d:0a:e7:8b:a2:64:ad:03:58:76:b0:ff:bf:3a:
                    48:2c:3d:3f:7c:cb:97:bd:0c:3a:4a:84:24:5a:9f:
                    82:19:18:d9:6b:04:c0:4c:e8:95:ef:97:b8:56:b5:
                    9b:0b:5c:ce:04:df:6c:d9:3c:50:29:21:a2:3c:2b:
                    d4:5a:99:70:91:d7:56:2c:3c:fe:b5:4e:35:ab:de:
                    2f:32:17:0b:7f:3f:f9:61:47:b6:e0:f2:de:42:ad:
                    4a:37:d4:84:a7:79:72:66:aa:84:af:7d:c2:95:63:
                    5f:62:05:de:80:de:38:15:36:fd:60:a3:a6:64:f1:
                    0b:55:aa:08:08:69:d2:0b:f1:cb:8a:7d:15:17:fd:
                    2e:c4:73:cf:84:d4:76:49:9f:ac:94:e8:77:1e:75:
                    ec:e4:74:52:d5:c8:c5:c6:f1:dc:74:96:c8:cd:55:
                    a3:e4:7b:f0:c2:64:51:0e:00:f5:f7:6d:8b:aa:ec:
                    26:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:73:64:60:EE:8F:28:82:83:FB:E3:8A:84:53:7F:0B:5E:8F:FE:B9
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214677.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:a6:01:3f:00:b8:dd:9c:b8:28:ba:60:8f:19:44:8c:da:da:
         90:0a:67:12:6f:e3:8f:43:bf:64:32:69:d4:75:71:57:f8:4c:
         b4:8a:3b:9f:d4:38:67:7d:ea:ea:ae:26:4f:3c:61:b1:0b:94:
         cf:9b:0c:06:85:ba:18:50:cc:bd:bb:0f:92:6a:31:6f:d9:49:
         7d:81:dd:b5:90:1b:3b:db:5e:b8:58:71:9d:f7:31:be:fe:a7:
         52:9f:50:e1:4f:fc:93:8e:b9:10:4c:4c:66:33:b9:cc:79:c4:
         7a:34:13:14:58:b2:26:05:46:f4:67:77:f4:28:64:14:27:20:
         0d:92:77:b1:05:25:8e:fd:b8:52:42:ea:85:f3:0b:cf:a6:84:
         a7:75:ea:29:f6:45:8f:b2:2e:ea:f4:f3:28:ff:77:21:f9:dc:
         36:da:6e:80:94:bc:db:0f:13:46:cc:b6:67:2e:af:bc:ac:c9:
         3c:27:f6:d9:ec:8b:2d:0e:26:7d:6b:99:d5:b9:52:f9:86:89:
         74:d2:84:3a:3e:27:b3:fe:71:11:5c:ad:e6:e0:33:53:b1:ed:
         a9:9b:f2:43:b8:eb:a0:85:8f:f9:45:51:ae:2e:55:25:18:e1:
         6e:e9:3c:68:bd:4f:d4:0b:7b:28:da:13:75:f5:39:03:43:91:
         f4:b4:1f:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGSkPLvr3XZT+83Bjo4FK73gxcBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MzEyMzU4MzVaFw0yNjA3MzEwMDAzMzVaMDMxMTAvBgNV
BAMTKDhBNzM2NDYwRUU4RjI4ODI4M0ZCRTM4QTg0NTM3RjBCNUU4RkZFQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCVNdLdoBGWa1m/1GRt5xAmpNy
YPu2PNKIBxkB7x0oFml9hu8eForBI00SRXASN4na+vxoPGSwNJWxiD837bbt+zti
k6RsAA5f6+8NCueLomStA1h2sP+/OkgsPT98y5e9DDpKhCRan4IZGNlrBMBM6JXv
l7hWtZsLXM4E32zZPFApIaI8K9RamXCR11YsPP61TjWr3i8yFwt/P/lhR7bg8t5C
rUo31ISneXJmqoSvfcKVY19iBd6A3jgVNv1go6Zk8QtVqggIadIL8cuKfRUX/S7E
c8+E1HZJn6yU6HcedezkdFLVyMXG8dx0lsjNVaPke/DCZFEOAPX3bYuq7CYFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUinNkYO6PKIKD++OKhFN/C16P/rkwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0Njc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRP
MA0GCSqGSIb3DQEBCwUAA4IBAQCwpgE/ALjdnLgoumCPGUSM2tqQCmcSb+OPQ79k
MmnUdXFX+Ey0ijuf1DhnferqriZPPGGxC5TPmwwGhboYUMy9uw+SajFv2Ul9gd21
kBs72164WHGd9zG+/qdSn1DhT/yTjrkQTExmM7nMecR6NBMUWLImBUb0Z3f0KGQU
JyANknexBSWO/bhSQuqF8wvPpoSndeop9kWPsi7q9PMo/3ch+dw22m6AlLzbDxNG
zLZnLq+8rMk8J/bZ7IstDiZ9a5nVuVL5hol00oQ6Piez/nERXK3m4DNTse2pm/JD
uOughY/5RVGuLlUlGOFu6TxovU/UC3so2hN19TkDQ5H0tB+p
-----END CERTIFICATE-----