Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS265919.roa
File:                     AS265919.roa (raw, json)
Hash identifier:          oF6qJxtLeOccxuz7dQHA8EGEwpP6hI41j2NfkP8Pr8g=
Subject key identifier:   F5:80:ED:C8:44:CD:20:24:79:92:58:84:C0:93:01:4C:5F:B8:5B:83
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4C869F1495920D74E51F0E6180B8B1CF30604A8A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS265919.roa
Signing time:             Thu 11 Jun 2026 14:47:33 +0000
ROA not before:           Thu 11 Jun 2026 14:42:33 +0000
ROA not after:            Thu 10 Jun 2027 14:47:33 +0000
asID:                     265919
IP address blocks:        143.20.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:39:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:86:9f:14:95:92:0d:74:e5:1f:0e:61:80:b8:b1:cf:30:60:4a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 11 14:42:33 2026 GMT
            Not After : Jun 10 14:47:33 2027 GMT
        Subject: CN=F580EDC844CD202479925884C093014C5FB85B83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9a:8c:a8:8e:20:7b:94:99:00:57:1d:0d:b7:
                    f3:45:3e:6c:9b:1d:c6:f8:77:45:d2:33:9d:95:a5:
                    84:17:da:ba:81:4d:a0:bc:99:3a:0b:9e:74:eb:5d:
                    c5:c0:02:cc:77:26:44:ed:8c:45:43:64:51:df:3c:
                    e4:11:f9:fb:bb:ad:a5:b1:2c:b9:25:b0:d0:bc:f7:
                    b3:fa:fd:e5:1d:b2:ba:9b:ae:12:08:bb:37:22:8c:
                    8f:5f:a0:1c:74:70:90:ce:fd:63:9f:2a:fa:ec:ff:
                    a0:08:fb:fb:77:82:22:87:c2:87:6d:3e:58:6f:4e:
                    6f:2c:b0:5a:86:09:cc:e1:43:37:96:d5:3f:c5:12:
                    68:14:9d:1c:3e:f7:18:1a:3e:17:c1:73:4e:59:0c:
                    c6:74:f3:ee:64:fb:34:3c:2a:a2:bd:57:d3:79:89:
                    f3:45:1c:7f:74:a5:53:5b:37:15:44:49:bf:41:7b:
                    1f:aa:e3:29:25:9b:22:0f:41:f7:e0:a1:9e:8b:7d:
                    bb:e8:b5:10:6b:10:cd:0a:f8:c1:f7:64:a1:f4:99:
                    de:32:d1:da:70:ce:cf:ac:1f:ce:2c:36:a8:ed:e1:
                    7e:c3:14:db:25:e4:77:06:8d:2f:fe:56:1c:e5:ed:
                    db:a1:1d:37:83:db:76:4b:69:0d:66:e9:3e:6b:f8:
                    78:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:80:ED:C8:44:CD:20:24:79:92:58:84:C0:93:01:4C:5F:B8:5B:83
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS265919.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:02:45:ca:fc:59:02:21:02:e0:ca:45:79:0a:3f:ff:b3:d5:
         74:83:6d:ee:e6:52:1c:cc:b1:03:91:10:08:ce:44:19:6d:8a:
         1d:d2:ef:3a:26:96:2c:a7:16:07:95:5b:72:54:78:db:d8:7a:
         a8:41:0e:56:dd:71:a8:fa:b6:b4:bc:af:04:a2:fb:82:9c:54:
         e3:c9:5f:ac:2d:3c:51:c6:e4:3c:63:cc:82:a3:02:79:5c:34:
         55:85:67:58:38:d3:70:35:34:c8:78:0c:db:04:46:9c:23:2a:
         11:d8:f9:6a:6d:a4:63:9b:9a:04:42:10:ab:88:29:cc:c3:dd:
         cc:c8:29:22:b2:e3:a0:2d:5e:03:4f:ba:3f:ca:04:2c:50:5e:
         c1:3a:1e:37:6a:19:15:d6:ff:20:a9:44:32:5f:2a:0a:68:44:
         54:51:82:28:26:1a:94:1f:3f:12:bc:c7:cb:76:f1:8f:2d:52:
         6c:66:51:19:b0:47:70:58:1c:ac:19:2f:2c:48:1c:c9:df:d9:
         5c:c6:1c:e0:0c:6b:a6:8e:d1:62:35:95:dc:13:fa:e7:1f:d5:
         06:d2:d6:cb:48:b3:3a:a8:58:5b:bc:ea:79:9b:29:89:25:f4:
         d8:09:07:87:18:4e:82:3e:ff:43:62:d5:79:fd:2e:6f:df:f1:
         b7:21:1d:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTIafFJWSDXTlHw5hgLixzzBgSoowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA2MTExNDQyMzNaFw0yNzA2MTAxNDQ3MzNaMDMxMTAvBgNV
BAMTKEY1ODBFREM4NDRDRDIwMjQ3OTkyNTg4NEMwOTMwMTRDNUZCODVCODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBmoyojiB7lJkAVx0Nt/NFPmyb
Hcb4d0XSM52VpYQX2rqBTaC8mToLnnTrXcXAAsx3JkTtjEVDZFHfPOQR+fu7raWx
LLklsNC897P6/eUdsrqbrhIIuzcijI9foBx0cJDO/WOfKvrs/6AI+/t3giKHwodt
PlhvTm8ssFqGCczhQzeW1T/FEmgUnRw+9xgaPhfBc05ZDMZ08+5k+zQ8KqK9V9N5
ifNFHH90pVNbNxVESb9Bex+q4yklmyIPQffgoZ6LfbvotRBrEM0K+MH3ZKH0md4y
0dpwzs+sH84sNqjt4X7DFNsl5HcGjS/+Vhzl7duhHTeD23ZLaQ1m6T5r+Hh9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9YDtyETNICR5kliEwJMBTF+4W4MwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjY1OTE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQA
MA0GCSqGSIb3DQEBCwUAA4IBAQBoAkXK/FkCIQLgykV5Cj//s9V0g23u5lIczLED
kRAIzkQZbYod0u86JpYspxYHlVtyVHjb2HqoQQ5W3XGo+ra0vK8EovuCnFTjyV+s
LTxRxuQ8Y8yCowJ5XDRVhWdYONNwNTTIeAzbBEacIyoR2PlqbaRjm5oEQhCriCnM
w93MyCkisuOgLV4DT7o/ygQsUF7BOh43ahkV1v8gqUQyXyoKaERUUYIoJhqUHz8S
vMfLdvGPLVJsZlEZsEdwWBysGS8sSBzJ39lcxhzgDGumjtFiNZXcE/rnH9UG0tbL
SLM6qFhbvOp5mymJJfTYCQeHGE6CPv9DYtV5/S5v3/G3IR3M
-----END CERTIFICATE-----