Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          JiEhfbJbSIgyb44vUEgQ0hIb2Nlrpr1k2pbT9GcT3Jo=
Subject key identifier:   E0:E9:55:5C:93:1D:4C:4A:C4:64:3E:7E:6A:19:E3:58:6F:DD:E5:4E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3A87F45FBC0715D78F2E65A5D5A27CC59B9CCAFE
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400909.roa
Signing time:             Mon 28 Jul 2025 07:14:39 +0000
ROA not before:           Mon 28 Jul 2025 07:09:39 +0000
ROA not after:            Mon 27 Jul 2026 07:14:39 +0000
asID:                     400909
IP address blocks:        143.20.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:87:f4:5f:bc:07:15:d7:8f:2e:65:a5:d5:a2:7c:c5:9b:9c:ca:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 28 07:09:39 2025 GMT
            Not After : Jul 27 07:14:39 2026 GMT
        Subject: CN=E0E9555C931D4C4AC4643E7E6A19E3586FDDE54E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ff:39:f9:b1:a6:d5:63:68:9d:6b:60:85:b2:
                    26:00:0a:91:8f:9e:4c:0e:14:31:1b:bf:ee:90:9c:
                    62:a8:67:ae:69:c7:71:e0:25:08:39:12:59:2c:83:
                    21:c8:7e:96:d7:22:c9:c8:c2:09:51:9f:5d:a4:6b:
                    81:61:cf:17:fd:e2:96:e3:61:55:8e:ef:20:41:1e:
                    33:b6:aa:1e:da:55:bc:ae:0c:eb:eb:7e:5b:af:d7:
                    b1:81:a3:30:0b:b7:fd:2b:02:f3:cd:50:75:f5:11:
                    d2:0a:a5:1d:39:fe:d0:b5:b8:86:df:b4:3e:04:2e:
                    3a:52:ac:50:86:16:aa:27:a2:72:0f:f9:ac:64:5d:
                    0e:18:28:99:a1:c7:28:5d:5f:46:cc:db:4d:ef:a9:
                    6b:81:6e:b4:fe:b6:a3:f2:eb:f4:dd:e5:c6:a0:03:
                    34:1f:8d:8b:f3:c2:de:92:e1:cd:f5:30:ef:75:fc:
                    06:66:cb:e4:62:d4:b3:ff:9f:89:7a:c1:61:c5:b2:
                    33:29:94:cb:1c:8c:29:c1:7e:b2:e1:3b:8e:7c:1d:
                    d1:06:1b:b3:26:98:31:10:20:40:74:ae:71:11:97:
                    b1:6a:36:c0:69:4b:63:69:6e:05:3a:f3:74:56:09:
                    b9:68:d3:9a:49:79:70:c3:f3:3d:a5:a4:5b:46:92:
                    bf:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:E9:55:5C:93:1D:4C:4A:C4:64:3E:7E:6A:19:E3:58:6F:DD:E5:4E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:61:b2:6d:0d:3d:55:cf:ce:4d:14:52:8c:32:d6:2c:80:fa:
         72:ab:5c:2b:2c:73:94:76:2c:45:98:7e:a6:c1:f5:d9:a5:80:
         14:73:db:a6:7a:ea:53:f2:0b:62:80:ae:27:d8:19:cc:40:cb:
         fc:be:ab:fd:b6:60:60:8d:89:1e:bf:1e:11:18:d3:56:e4:7f:
         17:cd:e3:79:3a:dc:c0:db:40:35:54:02:46:e6:07:84:60:bb:
         25:a6:c3:0c:0a:d2:a0:b8:87:c8:1d:c4:18:0b:f9:5c:2c:35:
         75:9f:e0:14:c2:c3:a7:bc:5e:90:b3:b4:59:d8:6d:0e:55:93:
         f8:9a:31:e2:7d:1f:13:0e:e4:7b:b8:a6:c9:46:cc:af:2c:42:
         f7:1a:cc:55:1f:9e:22:21:a7:be:07:94:40:c5:69:50:56:58:
         b9:10:c7:d2:67:6e:9c:e2:2d:d6:39:1b:52:78:4b:46:7e:b7:
         50:f1:26:a0:84:e6:bf:b4:17:f3:6f:ac:1a:ca:bd:2e:4d:50:
         c2:bd:8d:f3:f5:f0:89:12:5b:49:5f:2c:e5:c1:44:4a:cd:92:
         78:6a:08:92:76:36:29:3e:61:20:a3:2b:32:63:8e:c3:19:77:
         f0:11:3b:b3:25:5f:e2:b5:de:f2:82:9b:02:dd:a9:68:fb:d9:
         d9:2a:92:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOof0X7wHFdePLmWl1aJ8xZucyv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjgwNzA5MzlaFw0yNjA3MjcwNzE0MzlaMDMxMTAvBgNV
BAMTKEUwRTk1NTVDOTMxRDRDNEFDNDY0M0U3RTZBMTlFMzU4NkZEREU1NEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8/zn5sabVY2ida2CFsiYACpGP
nkwOFDEbv+6QnGKoZ65px3HgJQg5ElksgyHIfpbXIsnIwglRn12ka4Fhzxf94pbj
YVWO7yBBHjO2qh7aVbyuDOvrfluv17GBozALt/0rAvPNUHX1EdIKpR05/tC1uIbf
tD4ELjpSrFCGFqononIP+axkXQ4YKJmhxyhdX0bM203vqWuBbrT+tqPy6/Td5cag
AzQfjYvzwt6S4c31MO91/AZmy+Ri1LP/n4l6wWHFsjMplMscjCnBfrLhO458HdEG
G7MmmDEQIEB0rnERl7FqNsBpS2NpbgU683RWCblo05pJeXDD8z2lpFtGkr/rAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4OlVXJMdTErEZD5+ahnjWG/d5U4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRh
MA0GCSqGSIb3DQEBCwUAA4IBAQBUYbJtDT1Vz85NFFKMMtYsgPpyq1wrLHOUdixF
mH6mwfXZpYAUc9umeupT8gtigK4n2BnMQMv8vqv9tmBgjYkevx4RGNNW5H8XzeN5
OtzA20A1VAJG5geEYLslpsMMCtKguIfIHcQYC/lcLDV1n+AUwsOnvF6Qs7RZ2G0O
VZP4mjHifR8TDuR7uKbJRsyvLEL3GsxVH54iIae+B5RAxWlQVli5EMfSZ26c4i3W
ORtSeEtGfrdQ8SaghOa/tBfzb6wayr0uTVDCvY3z9fCJEltJXyzlwURKzZJ4agiS
djYpPmEgoysyY47DGXfwETuzJV/itd7ygpsC3alo+9nZKpLf
-----END CERTIFICATE-----