Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          l0DxIoKXSrHY4eG3LqJ6DoDcDdEF0V3fH1psXzuw3Jg=
Subject key identifier:   0B:C5:55:9A:24:A5:61:61:31:49:5F:22:DA:4D:C6:1C:6B:B2:30:D0
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5BD66B5FD6DE0FAF8C93EADE69D8209B2F1BFDE2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS393942.roa
Signing time:             Mon 03 Nov 2025 09:56:33 +0000
ROA not before:           Mon 03 Nov 2025 09:51:33 +0000
ROA not after:            Mon 02 Nov 2026 09:56:33 +0000
asID:                     393942
IP address blocks:        143.20.91.0/24 maxlen: 24
                          143.20.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:d6:6b:5f:d6:de:0f:af:8c:93:ea:de:69:d8:20:9b:2f:1b:fd:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov  3 09:51:33 2025 GMT
            Not After : Nov  2 09:56:33 2026 GMT
        Subject: CN=0BC5559A24A5616131495F22DA4DC61C6BB230D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fc:02:a8:7a:7b:bb:bd:4e:b0:4d:8e:3e:c2:
                    e6:2d:4d:5d:8f:7c:d9:b6:c3:c2:2f:a2:4d:8e:46:
                    10:19:6c:3d:b3:50:5b:e4:95:ae:8f:89:c2:0e:9a:
                    86:5d:f1:14:fd:a5:28:a3:c9:1b:20:17:9d:98:c5:
                    f9:ee:ed:18:96:a5:d4:b5:76:3c:94:19:cd:90:19:
                    74:5a:01:80:37:b6:36:61:e0:31:eb:25:12:b3:fe:
                    29:c9:2e:74:ce:56:5d:ac:3b:cd:f9:42:2f:cb:37:
                    a1:5b:73:7c:df:7e:40:25:7b:08:d1:83:c7:f2:a5:
                    50:a6:69:90:d2:a4:ec:53:fd:66:b1:38:af:09:29:
                    c6:10:d9:b5:b9:02:27:cc:2a:ac:62:45:a9:4f:c0:
                    22:ef:76:ed:d3:00:ba:ed:73:54:6c:15:82:a9:81:
                    5b:0d:10:03:db:8b:30:dd:f7:2a:e4:82:1b:4b:01:
                    48:fb:8c:d4:c3:06:dd:e9:57:2f:f5:a7:99:17:61:
                    05:6b:09:8c:e8:1e:31:70:14:25:75:f8:f0:6d:d4:
                    9f:51:98:6f:9e:30:4b:27:1a:7b:c3:64:ae:27:3c:
                    ad:b7:e4:e8:bf:1c:3a:7e:94:92:99:18:88:65:c0:
                    01:21:a3:16:63:1b:24:2b:96:82:a6:7a:2f:21:70:
                    c8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C5:55:9A:24:A5:61:61:31:49:5F:22:DA:4D:C6:1C:6B:B2:30:D0
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.91.0/24
                  143.20.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:46:72:a6:78:3b:3b:32:9a:04:9b:d2:fb:da:37:96:19:d3:
         83:78:48:5f:d2:2d:32:f8:ed:61:09:b1:54:90:5e:a8:0d:75:
         9e:89:18:47:70:ba:59:43:b8:1a:24:4e:1a:3f:6d:2f:97:e4:
         bf:1f:eb:6c:ce:3b:92:cc:90:0b:35:4d:e9:80:dd:80:a9:e1:
         f7:a5:cf:f5:38:1c:5b:49:ba:a8:45:ab:24:2c:85:64:1c:5f:
         56:ab:0e:8f:af:f7:e3:55:a8:b1:74:94:d8:55:51:fd:b4:c9:
         f1:90:a4:b8:56:bc:50:c6:81:12:e1:bf:8a:d4:51:d7:0d:e4:
         45:47:f9:d3:73:cd:23:63:2e:06:a6:57:66:61:f5:a9:ef:49:
         5a:5e:ae:3b:15:2a:5f:fd:5d:cb:a4:6e:5e:db:e1:19:a0:cf:
         09:69:10:49:83:85:2a:34:b4:55:89:11:4a:94:11:c2:fa:88:
         94:35:d8:e9:6e:4e:52:f0:44:67:50:56:b1:0d:e2:55:05:6a:
         22:87:4a:f1:9e:23:09:94:48:ae:5e:40:0d:cc:5b:25:89:8f:
         22:60:19:20:dc:e6:64:9e:0f:89:da:38:be:8e:79:9e:8b:ff:
         4c:07:8d:2d:cf:20:27:98:37:d2:ea:5b:55:03:b7:c3:8f:7c:
         aa:53:e6:9c
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUW9ZrX9beD6+Mk+readggmy8b/eIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMDMwOTUxMzNaFw0yNjExMDIwOTU2MzNaMDMxMTAvBgNV
BAMTKDBCQzU1NTlBMjRBNTYxNjEzMTQ5NUYyMkRBNERDNjFDNkJCMjMwRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ/AKoenu7vU6wTY4+wuYtTV2P
fNm2w8Ivok2ORhAZbD2zUFvkla6PicIOmoZd8RT9pSijyRsgF52Yxfnu7RiWpdS1
djyUGc2QGXRaAYA3tjZh4DHrJRKz/inJLnTOVl2sO835Qi/LN6Fbc3zffkAlewjR
g8fypVCmaZDSpOxT/WaxOK8JKcYQ2bW5AifMKqxiRalPwCLvdu3TALrtc1RsFYKp
gVsNEAPbizDd9yrkghtLAUj7jNTDBt3pVy/1p5kXYQVrCYzoHjFwFCV1+PBt1J9R
mG+eMEsnGnvDZK4nPK235Oi/HDp+lJKZGIhlwAEhoxZjGyQrloKmei8hcMj9AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUC8VVmiSlYWExSV8i2k3GHGuyMNAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRb
AwQAjxTCMA0GCSqGSIb3DQEBCwUAA4IBAQDKRnKmeDs7MpoEm9L72jeWGdODeEhf
0i0y+O1hCbFUkF6oDXWeiRhHcLpZQ7gaJE4aP20vl+S/H+tszjuSzJALNU3pgN2A
qeH3pc/1OBxbSbqoRaskLIVkHF9Wqw6Pr/fjVaixdJTYVVH9tMnxkKS4VrxQxoES
4b+K1FHXDeRFR/nTc80jYy4GpldmYfWp70laXq47FSpf/V3LpG5e2+EZoM8JaRBJ
g4UqNLRViRFKlBHC+oiUNdjpbk5S8ERnUFaxDeJVBWoih0rxniMJlEiuXkANzFsl
iY8iYBkg3OZkng+J2ji+jnmei/9MB40tzyAnmDfS6ltVA7fDj3yqU+ac
-----END CERTIFICATE-----