Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401776.roa
File:                     AS401776.roa (raw, json)
Hash identifier:          v7ezxxYksKsy3FZ6v+oR3wKX4PmOulbfE17ZXjv7xFk=
Subject key identifier:   B4:5C:B7:2E:1B:CC:DD:6B:D8:03:89:AC:13:83:D3:7D:A4:B8:53:C4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       40FF7A465CBBD0F7B88C80ED47F02CE6908B7F19
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401776.roa
Signing time:             Tue 28 Oct 2025 09:06:37 +0000
ROA not before:           Tue 28 Oct 2025 09:01:37 +0000
ROA not after:            Tue 27 Oct 2026 09:06:37 +0000
asID:                     401776
IP address blocks:        143.20.106.0/24 maxlen: 24
                          143.20.178.0/24 maxlen: 24
                          143.20.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:ff:7a:46:5c:bb:d0:f7:b8:8c:80:ed:47:f0:2c:e6:90:8b:7f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 28 09:01:37 2025 GMT
            Not After : Oct 27 09:06:37 2026 GMT
        Subject: CN=B45CB72E1BCCDD6BD80389AC1383D37DA4B853C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:84:23:13:70:0b:b9:cc:64:21:83:14:ae:52:
                    07:0e:99:c1:53:b3:bc:e8:88:ea:b8:4a:4f:c3:d9:
                    03:64:a3:fb:38:ef:96:3d:eb:e9:9b:02:71:19:04:
                    10:5f:fd:e3:01:6d:51:65:41:e6:7c:cb:82:bc:92:
                    92:1f:f3:1c:41:35:34:ac:48:47:75:90:e7:26:18:
                    e0:42:1f:df:6b:57:99:13:92:9e:6f:dd:38:0b:56:
                    65:2b:44:aa:5b:7d:24:4c:d4:14:f5:4a:db:42:b1:
                    f9:dd:c6:06:45:41:74:e8:5e:72:0c:ce:c4:a1:b9:
                    e8:b7:c5:f0:ca:1b:ab:73:7e:03:50:5d:be:2b:3b:
                    ab:37:6e:8b:8a:c3:7e:2f:69:5e:68:d8:6f:04:a8:
                    7a:c2:e5:ec:82:34:29:f9:44:73:c8:a7:0a:7b:ae:
                    6e:01:cf:2f:1b:d3:ec:02:b2:d6:6b:7f:53:d4:ba:
                    d2:9c:ca:0b:93:5b:75:1d:64:59:66:00:ec:7e:79:
                    a9:36:c4:bb:ac:c6:da:8a:6c:be:ac:e1:a1:e8:f4:
                    a3:d6:92:4d:1f:12:82:7e:85:ee:3f:8c:67:22:50:
                    2f:00:c2:a4:1d:2e:3d:d6:6d:4e:29:0f:01:f9:f6:
                    4f:ec:0f:e2:6a:32:8b:66:98:54:9e:47:6f:f6:6f:
                    b4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5C:B7:2E:1B:CC:DD:6B:D8:03:89:AC:13:83:D3:7D:A4:B8:53:C4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401776.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.106.0/24
                  143.20.178.0/24
                  143.20.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:d0:e9:5a:a2:ac:5f:4e:fd:c1:b0:66:f8:18:b2:2e:a1:8c:
         26:0e:34:2b:09:94:1e:3b:7b:47:1f:09:77:61:4e:5e:64:f2:
         d2:2c:e7:a4:57:34:f2:fb:c5:5c:d6:cf:1f:e5:8e:56:d9:fe:
         14:8f:c2:55:83:7b:64:cb:79:db:35:97:2d:d5:ff:6a:cc:0b:
         6d:e4:ef:57:3d:6d:93:0a:0a:a1:a2:85:0c:b0:a7:90:39:d2:
         fe:c7:5c:fc:9a:c2:95:a1:d4:68:d9:28:9c:76:f8:e6:18:41:
         4f:e6:af:5e:6e:2c:c6:b8:a6:49:0a:b0:a0:af:60:97:bc:b9:
         b7:65:b6:2e:3d:f8:6d:94:0d:b2:fe:70:37:2b:ab:a6:54:4a:
         d3:f5:4c:09:34:0c:f2:b6:e9:c9:50:30:74:36:19:e8:41:45:
         bf:3c:8d:fa:dc:f4:eb:bf:83:da:bd:ba:fc:b3:9a:73:f7:31:
         34:ac:22:a2:04:a5:a8:51:2b:56:83:ff:89:a1:57:c1:bd:eb:
         cf:10:ba:8a:38:a3:d9:ef:e5:06:06:ad:ee:0f:9d:b9:de:11:
         4c:76:c8:5e:b0:ae:33:52:21:4e:da:3a:60:99:36:cc:a8:1c:
         41:57:7e:bc:7d:0b:28:1d:d9:d6:1e:bf:55:b7:20:73:2b:02:
         a4:1d:f8:97
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUQP96Rly70Pe4jIDtR/As5pCLfxkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjgwOTAxMzdaFw0yNjEwMjcwOTA2MzdaMDMxMTAvBgNV
BAMTKEI0NUNCNzJFMUJDQ0RENkJEODAzODlBQzEzODNEMzdEQTRCODUzQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKhCMTcAu5zGQhgxSuUgcOmcFT
s7zoiOq4Sk/D2QNko/s475Y96+mbAnEZBBBf/eMBbVFlQeZ8y4K8kpIf8xxBNTSs
SEd1kOcmGOBCH99rV5kTkp5v3TgLVmUrRKpbfSRM1BT1SttCsfndxgZFQXToXnIM
zsShuei3xfDKG6tzfgNQXb4rO6s3bouKw34vaV5o2G8EqHrC5eyCNCn5RHPIpwp7
rm4Bzy8b0+wCstZrf1PUutKcyguTW3UdZFlmAOx+eak2xLusxtqKbL6s4aHo9KPW
kk0fEoJ+he4/jGciUC8AwqQdLj3WbU4pDwH59k/sD+JqMotmmFSeR2/2b7R3AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUtFy3LhvM3WvYA4msE4PTfaS4U8QwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAxNzc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxRq
AwQAjxSyAwQAjxTGMA0GCSqGSIb3DQEBCwUAA4IBAQB10OlaoqxfTv3BsGb4GLIu
oYwmDjQrCZQeO3tHHwl3YU5eZPLSLOekVzTy+8Vc1s8f5Y5W2f4Uj8JVg3tky3nb
NZct1f9qzAtt5O9XPW2TCgqhooUMsKeQOdL+x1z8msKVodRo2SicdvjmGEFP5q9e
bizGuKZJCrCgr2CXvLm3ZbYuPfhtlA2y/nA3K6umVErT9UwJNAzytunJUDB0Nhno
QUW/PI363PTrv4Pavbr8s5pz9zE0rCKiBKWoUStWg/+JoVfBvevPELqKOKPZ7+UG
Bq3uD5253hFMdshesK4zUiFO2jpgmTbMqBxBV368fQsoHdnWHr9VtyBzKwKkHfiX
-----END CERTIFICATE-----