Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS397423.roa
File:                     AS397423.roa (raw, json)
Hash identifier:          9wOxOi3OGwcFbM/+3qLFCTlmtFHiuDf5zdmt593SFLU=
Subject key identifier:   C7:A1:FD:E7:DF:13:DC:79:06:2B:86:A4:71:37:29:2B:91:F1:F4:42
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5B942EF84619F938624F5062D271166FB8A67312
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS397423.roa
Signing time:             Tue 28 Oct 2025 00:05:11 +0000
ROA not before:           Tue 28 Oct 2025 00:00:11 +0000
ROA not after:            Tue 27 Oct 2026 00:05:11 +0000
asID:                     397423
IP address blocks:        143.20.180.0/22 maxlen: 22
                          143.20.188.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:94:2e:f8:46:19:f9:38:62:4f:50:62:d2:71:16:6f:b8:a6:73:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 28 00:00:11 2025 GMT
            Not After : Oct 27 00:05:11 2026 GMT
        Subject: CN=C7A1FDE7DF13DC79062B86A47137292B91F1F442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f4:47:1c:7d:d0:c8:c7:03:46:b1:05:98:3e:
                    33:88:4a:55:e8:ff:79:66:2c:07:20:25:87:47:32:
                    1b:73:1f:39:f5:f6:3e:a8:1d:5e:81:06:db:5d:eb:
                    78:df:52:16:fe:b9:d3:29:9f:f8:c8:3c:0c:1f:18:
                    2c:fd:c9:9d:a5:bf:56:45:45:6d:cb:99:ad:d8:c9:
                    fc:b3:3b:b7:2b:71:bc:96:28:7b:f4:23:a1:cb:56:
                    db:fc:30:90:c7:83:b9:96:d0:fd:fc:e6:e0:a0:6d:
                    0b:43:7d:49:e5:5d:e5:93:f2:ad:3b:1a:38:c8:cc:
                    da:e0:2c:49:08:7c:46:bb:34:0d:d5:b1:16:27:93:
                    ae:08:ff:58:24:0e:da:dc:a5:a7:c4:8c:fd:d9:e8:
                    4a:5d:7b:6a:f0:ae:e7:96:b3:4d:51:32:b0:4f:97:
                    ae:db:b4:21:86:2b:6a:b2:c6:6d:31:8e:ab:fd:4d:
                    62:80:f8:28:31:9c:00:be:7f:cb:9b:75:e9:12:2f:
                    86:85:42:33:52:dd:a5:15:92:e1:be:7b:0c:fa:af:
                    30:32:5a:71:0d:55:00:3c:9e:f9:91:2b:ed:14:0f:
                    ed:fe:03:32:5d:51:5c:54:02:aa:dd:d3:0f:46:01:
                    95:2d:55:50:d9:ea:e2:6a:0f:84:fc:5a:2a:85:b1:
                    87:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:A1:FD:E7:DF:13:DC:79:06:2B:86:A4:71:37:29:2B:91:F1:F4:42
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS397423.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.180.0/22
                  143.20.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:7f:5f:22:7e:5d:6c:f7:7f:ce:7a:df:8b:47:75:c3:39:cc:
         ae:ba:5e:03:f6:c2:5e:52:e7:e8:ca:76:92:c4:a1:d0:f0:5a:
         10:04:e0:2c:bc:64:82:9d:85:23:a8:32:6c:6c:8e:7b:1e:b7:
         ea:ec:09:08:ea:d2:d8:ad:cc:ce:d5:29:e0:1b:a9:5a:38:56:
         e9:a7:76:5e:20:f7:1e:c8:41:cd:55:c7:1a:a7:c7:f7:43:f6:
         65:89:e9:69:1d:19:59:05:d7:38:3f:04:b5:00:69:a1:02:ee:
         fb:32:7b:56:ab:13:48:f4:13:e5:f6:d7:8a:2f:cb:79:b1:eb:
         b4:6f:be:dc:39:de:78:b5:3e:2c:72:af:6d:91:0d:5c:50:5d:
         30:20:54:ef:84:cd:28:cb:44:3c:39:16:35:96:0d:55:85:05:
         53:cf:6d:9d:b0:f9:23:b7:3f:ed:86:5d:d0:3f:0d:82:da:26:
         8b:03:34:67:a0:1c:e7:1a:7d:0b:73:5f:70:86:74:95:86:86:
         48:1c:8b:be:22:70:96:f0:8d:f0:83:ec:26:5e:23:d5:3a:71:
         47:fc:e6:46:78:58:3d:86:75:47:6a:b0:bb:e3:de:6e:00:3b:
         61:28:00:b0:ef:87:a8:00:4d:0c:77:cd:ba:31:f2:cd:a8:57:
         b5:ac:c9:72
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUW5Qu+EYZ+ThiT1Bi0nEWb7imcxIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjgwMDAwMTFaFw0yNjEwMjcwMDA1MTFaMDMxMTAvBgNV
BAMTKEM3QTFGREU3REYxM0RDNzkwNjJCODZBNDcxMzcyOTJCOTFGMUY0NDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF9EccfdDIxwNGsQWYPjOISlXo
/3lmLAcgJYdHMhtzHzn19j6oHV6BBttd63jfUhb+udMpn/jIPAwfGCz9yZ2lv1ZF
RW3Lma3YyfyzO7crcbyWKHv0I6HLVtv8MJDHg7mW0P385uCgbQtDfUnlXeWT8q07
GjjIzNrgLEkIfEa7NA3VsRYnk64I/1gkDtrcpafEjP3Z6Epde2rwrueWs01RMrBP
l67btCGGK2qyxm0xjqv9TWKA+CgxnAC+f8ubdekSL4aFQjNS3aUVkuG+ewz6rzAy
WnENVQA8nvmRK+0UD+3+AzJdUVxUAqrd0w9GAZUtVVDZ6uJqD4T8WiqFsYelAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUx6H9598T3HkGK4akcTcpK5Hx9EIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk3NDIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCjxS0
AwQCjxS8MA0GCSqGSIb3DQEBCwUAA4IBAQCgf18ifl1s93/Oet+LR3XDOcyuul4D
9sJeUufoynaSxKHQ8FoQBOAsvGSCnYUjqDJsbI57Hrfq7AkI6tLYrczO1SngG6la
OFbpp3ZeIPceyEHNVccap8f3Q/ZlielpHRlZBdc4PwS1AGmhAu77MntWqxNI9BPl
9teKL8t5seu0b77cOd54tT4scq9tkQ1cUF0wIFTvhM0oy0Q8ORY1lg1VhQVTz22d
sPkjtz/thl3QPw2C2iaLAzRnoBznGn0Lc19whnSVhoZIHIu+InCW8I3wg+wmXiPV
OnFH/OZGeFg9hnVHarC7495uADthKACw74eoAE0Md826MfLNqFe1rMly
-----END CERTIFICATE-----