Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          cd2On0QdQPlOTKr0YiQNR3zLA7HA1nIG0AUFnpl1q8A=
Subject key identifier:   8C:82:4C:DB:CE:06:C5:BE:51:13:70:BF:47:10:3B:48:29:E1:68:89
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       337313AE7D7E456C20D9F0C67BF0983957968DBE
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS395374.roa
Signing time:             Mon 27 Oct 2025 11:02:01 +0000
ROA not before:           Mon 27 Oct 2025 10:57:01 +0000
ROA not after:            Mon 26 Oct 2026 11:02:01 +0000
asID:                     395374
IP address blocks:        143.20.90.0/24 maxlen: 24
                          143.20.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:73:13:ae:7d:7e:45:6c:20:d9:f0:c6:7b:f0:98:39:57:96:8d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 27 10:57:01 2025 GMT
            Not After : Oct 26 11:02:01 2026 GMT
        Subject: CN=8C824CDBCE06C5BE511370BF47103B4829E16889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5f:e3:83:a3:4c:b8:b1:7e:29:ec:e5:3d:7b:
                    43:9c:09:3b:e4:11:b2:67:c1:5b:38:6c:fb:32:cb:
                    69:24:cf:b3:f9:8d:bf:30:99:97:a0:a6:80:5f:6e:
                    e2:41:38:2d:b4:98:14:3e:5a:28:00:f1:29:a9:94:
                    ee:3e:4b:f3:c7:f7:7c:78:87:6a:db:6c:dc:b0:45:
                    32:8f:fc:21:30:b5:63:39:f3:a7:6d:0c:0b:f9:cb:
                    1f:42:5b:18:40:cc:b1:27:8d:c3:a4:bc:4a:00:19:
                    8b:bb:76:63:9f:53:6e:02:f4:25:e4:86:cb:ce:09:
                    d4:63:9e:20:8a:10:c9:88:80:33:96:31:d4:b6:6c:
                    8a:81:ea:4f:d1:7b:41:d4:b8:d2:7e:51:e1:4a:45:
                    91:99:59:57:f1:22:06:4c:c7:62:4d:2e:46:b9:8e:
                    43:6b:32:58:ef:33:95:e2:9e:b9:ba:8a:94:9d:ad:
                    3b:25:41:04:29:89:9b:78:f6:e9:e3:b4:34:3b:6b:
                    69:4e:58:4a:81:5b:ab:9f:53:39:ec:5d:d7:38:5e:
                    61:dd:fb:56:1d:c6:f5:fc:94:de:04:d9:2b:c2:0e:
                    f7:ec:dc:66:e0:fc:66:21:41:f8:b9:77:ce:cb:fe:
                    2d:fd:92:6b:8c:1a:71:02:c1:56:e1:99:0a:00:a6:
                    0c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:82:4C:DB:CE:06:C5:BE:51:13:70:BF:47:10:3B:48:29:E1:68:89
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.90.0/24
                  143.20.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:59:64:50:23:6e:b1:ea:c5:32:a7:60:30:ca:20:90:9e:62:
         4c:60:91:de:77:7b:b2:fd:cd:e7:5b:1c:81:35:b3:14:72:8b:
         62:87:65:40:98:55:5b:81:5d:f1:e9:18:56:08:97:5a:b4:da:
         3b:9a:0b:93:4d:54:ae:a2:68:0a:11:bc:8c:7a:2a:1d:e8:fd:
         b5:83:16:88:92:bb:10:e3:c7:12:aa:25:49:a7:c2:d1:33:cd:
         6c:3a:bf:84:00:52:56:a8:37:1f:ea:b9:c0:b0:4d:66:8a:5d:
         49:01:bc:41:84:a5:ba:5b:43:48:75:63:15:90:20:9c:44:f3:
         99:77:6d:ba:e6:17:4c:4e:31:a9:cb:f0:35:ca:70:ea:e4:21:
         ee:86:36:15:fb:6c:33:07:60:71:e5:41:c4:b1:10:de:94:d6:
         f0:a4:17:87:77:85:fa:66:68:d7:80:c5:9d:64:3e:63:53:e5:
         88:d5:d0:81:06:9b:bd:52:dc:cf:74:f0:c0:6a:b0:5d:bc:4b:
         83:fe:c7:88:0d:79:7e:41:bf:3d:cb:4e:76:ec:11:fc:b5:32:
         fa:d9:08:6e:19:89:7b:5e:9d:10:f9:bf:dc:ae:07:d8:46:da:
         2c:58:90:38:94:53:c8:91:8d:2e:76:aa:29:e8:51:ac:de:99:
         a5:79:a6:3d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUM3MTrn1+RWwg2fDGe/CYOVeWjb4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjcxMDU3MDFaFw0yNjEwMjYxMTAyMDFaMDMxMTAvBgNV
BAMTKDhDODI0Q0RCQ0UwNkM1QkU1MTEzNzBCRjQ3MTAzQjQ4MjlFMTY4ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAX+ODo0y4sX4p7OU9e0OcCTvk
EbJnwVs4bPsyy2kkz7P5jb8wmZegpoBfbuJBOC20mBQ+WigA8SmplO4+S/PH93x4
h2rbbNywRTKP/CEwtWM586dtDAv5yx9CWxhAzLEnjcOkvEoAGYu7dmOfU24C9CXk
hsvOCdRjniCKEMmIgDOWMdS2bIqB6k/Re0HUuNJ+UeFKRZGZWVfxIgZMx2JNLka5
jkNrMljvM5Xinrm6ipSdrTslQQQpiZt49unjtDQ7a2lOWEqBW6ufUznsXdc4XmHd
+1YdxvX8lN4E2SvCDvfs3Gbg/GYhQfi5d87L/i39kmuMGnECwVbhmQoApgz5AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUjIJM284Gxb5RE3C/RxA7SCnhaIkwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRa
AwQAjxSXMA0GCSqGSIb3DQEBCwUAA4IBAQB2WWRQI26x6sUyp2AwyiCQnmJMYJHe
d3uy/c3nWxyBNbMUcotih2VAmFVbgV3x6RhWCJdatNo7mguTTVSuomgKEbyMeiod
6P21gxaIkrsQ48cSqiVJp8LRM81sOr+EAFJWqDcf6rnAsE1mil1JAbxBhKW6W0NI
dWMVkCCcRPOZd2265hdMTjGpy/A1ynDq5CHuhjYV+2wzB2Bx5UHEsRDelNbwpBeH
d4X6ZmjXgMWdZD5jU+WI1dCBBpu9UtzPdPDAarBdvEuD/seIDXl+Qb89y0527BH8
tTL62QhuGYl7Xp0Q+b/crgfYRtosWJA4lFPIkY0udqop6FGs3pmleaY9
-----END CERTIFICATE-----