Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS36530.roa
File:                     AS36530.roa (raw, json)
Hash identifier:          VCH6LC9y8AFB+Jdy2auh1R34LOd5xRAUrRLnVgnaoMs=
Subject key identifier:   60:22:CC:0C:AA:6B:25:21:9C:B1:2A:A1:D9:4C:21:97:DC:53:A1:6B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       02C79A08F9F5239864BE50D98EB46790FE7E1FC2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS36530.roa
Signing time:             Sun 26 Oct 2025 15:01:46 +0000
ROA not before:           Sun 26 Oct 2025 14:56:46 +0000
ROA not after:            Sun 25 Oct 2026 15:01:46 +0000
asID:                     36530
IP address blocks:        143.20.22.0/24 maxlen: 24
                          143.20.146.0/24 maxlen: 24
                          143.20.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:48:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:c7:9a:08:f9:f5:23:98:64:be:50:d9:8e:b4:67:90:fe:7e:1f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 26 14:56:46 2025 GMT
            Not After : Oct 25 15:01:46 2026 GMT
        Subject: CN=6022CC0CAA6B25219CB12AA1D94C2197DC53A16B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:55:af:a6:6e:f4:a8:c5:95:cb:89:3c:c3:0e:
                    90:9e:49:95:24:ba:02:f8:57:c8:ba:af:12:7c:5d:
                    74:78:c1:b9:29:33:29:81:fb:36:bb:a5:49:eb:24:
                    2f:6c:ab:3c:1e:d6:c9:93:0f:54:6e:3d:70:7f:41:
                    de:9a:cf:a0:b9:5f:73:18:cf:da:b5:2f:52:ff:dc:
                    1f:84:9c:02:24:95:61:93:b8:3e:92:47:7a:63:f5:
                    a3:99:94:24:3c:8e:9c:f1:7c:c3:8f:9d:76:3d:59:
                    9d:0e:9d:1e:9b:15:fc:77:34:26:b2:d3:95:11:76:
                    a3:fe:20:1b:15:82:55:07:59:19:bf:c5:a4:c4:98:
                    7c:e3:f4:2d:47:67:ac:15:64:8b:ea:5e:f2:46:ac:
                    ff:7e:e3:3e:62:5a:aa:85:ed:d9:a4:3c:51:cc:d7:
                    38:6c:96:9b:7e:eb:09:8c:e5:ed:c0:62:35:68:5b:
                    58:dd:9a:68:18:1e:e9:b7:70:d1:8f:6b:75:64:de:
                    9a:b9:0b:c5:b2:11:f5:33:89:dd:b4:d3:2b:f6:4c:
                    f3:08:97:3c:7c:66:b7:cd:8b:27:c5:45:de:a5:17:
                    cc:c2:1b:e5:a7:88:0d:95:6d:37:f9:5b:72:31:3b:
                    ec:0e:16:2c:29:d6:ce:91:70:7a:9e:39:a7:d9:9d:
                    05:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:22:CC:0C:AA:6B:25:21:9C:B1:2A:A1:D9:4C:21:97:DC:53:A1:6B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS36530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.22.0/24
                  143.20.146.0/24
                  143.20.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:7c:39:68:61:81:dc:c7:ad:d3:34:1c:77:ef:d1:9d:bd:d7:
         5b:0c:80:f5:97:12:8c:cc:3c:22:88:f2:76:32:d9:80:09:00:
         35:9a:6c:fb:dd:b6:b1:13:bb:57:2f:67:d1:0c:e5:9e:8f:9c:
         8a:2c:49:59:bf:ee:b8:3e:d9:12:71:50:eb:e5:7f:5c:5b:08:
         bb:fc:44:33:2b:84:ab:7e:6c:c2:8d:8e:df:f3:4d:fa:66:8e:
         8c:d8:98:4e:3f:ca:19:51:df:b4:2e:94:89:88:68:b5:ac:63:
         c4:ff:cd:29:02:13:34:b5:b8:e9:06:30:8d:9a:c5:e1:91:b2:
         7a:ca:39:9b:cc:4b:6a:9c:40:5a:2a:17:08:cf:d6:3c:cc:9e:
         e1:16:ed:8a:bf:ab:76:c0:59:9e:42:60:94:cd:46:c3:6f:0a:
         0b:44:c4:20:ec:24:6a:08:a8:3a:ce:b1:db:55:52:f5:76:73:
         ef:a9:d1:97:5d:8c:06:b8:e8:8c:0f:aa:17:dc:73:64:13:93:
         5c:79:33:6f:3b:bf:f4:7e:18:ae:48:1f:26:03:fd:8b:63:05:
         a9:10:b1:29:6c:0a:eb:8a:b8:b9:7b:f5:e5:04:ac:f5:49:eb:
         07:62:71:ae:ee:f1:1c:c2:01:ee:9f:d0:aa:d8:31:c1:07:05:
         fe:65:80:97
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUAseaCPn1I5hkvlDZjrRnkP5+H8IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjYxNDU2NDZaFw0yNjEwMjUxNTAxNDZaMDMxMTAvBgNV
BAMTKDYwMjJDQzBDQUE2QjI1MjE5Q0IxMkFBMUQ5NEMyMTk3REM1M0ExNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYVa+mbvSoxZXLiTzDDpCeSZUk
ugL4V8i6rxJ8XXR4wbkpMymB+za7pUnrJC9sqzwe1smTD1RuPXB/Qd6az6C5X3MY
z9q1L1L/3B+EnAIklWGTuD6SR3pj9aOZlCQ8jpzxfMOPnXY9WZ0OnR6bFfx3NCay
05URdqP+IBsVglUHWRm/xaTEmHzj9C1HZ6wVZIvqXvJGrP9+4z5iWqqF7dmkPFHM
1zhslpt+6wmM5e3AYjVoW1jdmmgYHum3cNGPa3Vk3pq5C8WyEfUzid200yv2TPMI
lzx8ZrfNiyfFRd6lF8zCG+WniA2VbTf5W3IxO+wOFiwp1s6RcHqeOafZnQWNAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUYCLMDKprJSGcsSqh2Uwhl9xToWswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzY1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPFBYD
BACPFJIDBACPFJQwDQYJKoZIhvcNAQELBQADggEBANp8OWhhgdzHrdM0HHfv0Z29
11sMgPWXEozMPCKI8nYy2YAJADWabPvdtrETu1cvZ9EM5Z6PnIosSVm/7rg+2RJx
UOvlf1xbCLv8RDMrhKt+bMKNjt/zTfpmjozYmE4/yhlR37QulImIaLWsY8T/zSkC
EzS1uOkGMI2axeGRsnrKOZvMS2qcQFoqFwjP1jzMnuEW7Yq/q3bAWZ5CYJTNRsNv
CgtExCDsJGoIqDrOsdtVUvV2c++p0ZddjAa46IwPqhfcc2QTk1x5M287v/R+GK5I
HyYD/YtjBakQsSlsCuuKuLl79eUErPVJ6wdica7u8RzCAe6f0KrYMcEHBf5lgJc=
-----END CERTIFICATE-----