Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS47690.roa
File:                     AS47690.roa (raw, json)
Hash identifier:          PUpJ08Ba9yHru+2izqSa4LTVuvV5u2YFX1DD9zufL6Y=
Subject key identifier:   EA:2F:37:EC:E6:B6:50:E6:A1:95:A5:EE:CD:1A:80:54:1F:B7:99:B6
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       70EFF7E1DEE3FBDF50A6AB5F858839CF1A1A2C61
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS47690.roa
Signing time:             Sun 02 Nov 2025 00:23:51 +0000
ROA not before:           Sun 02 Nov 2025 00:18:51 +0000
ROA not after:            Sun 01 Nov 2026 00:23:51 +0000
asID:                     47690
IP address blocks:        143.20.173.0/24 maxlen: 24
                          143.20.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:ef:f7:e1:de:e3:fb:df:50:a6:ab:5f:85:88:39:cf:1a:1a:2c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov  2 00:18:51 2025 GMT
            Not After : Nov  1 00:23:51 2026 GMT
        Subject: CN=EA2F37ECE6B650E6A195A5EECD1A80541FB799B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b4:e1:36:11:60:03:d4:30:fc:31:82:68:20:
                    4e:00:ee:d1:de:a7:fe:51:76:5e:b8:5b:18:a9:82:
                    22:0e:ab:4f:93:ba:c8:ec:04:e3:7b:96:da:3a:5d:
                    91:51:61:81:a7:56:65:14:34:82:69:df:7f:57:40:
                    26:3e:38:00:2c:50:11:73:22:2a:3a:2b:a0:48:e7:
                    d1:19:1d:62:1e:e9:1b:60:56:67:9a:f6:18:14:7d:
                    51:3e:79:d9:f6:72:a5:ab:72:c3:77:6a:1e:ef:38:
                    e8:c8:7c:81:82:d0:62:a9:ca:b7:a8:db:85:f3:80:
                    c0:ad:5b:f2:67:eb:7f:59:3f:00:ce:b0:2a:c2:fb:
                    8b:df:b9:87:2f:12:73:49:6a:82:0b:d1:03:7a:4d:
                    cf:8f:8a:7e:17:96:18:7c:23:33:92:27:93:2a:0a:
                    b9:57:b3:7f:e1:34:c7:49:6d:b4:0b:a9:da:91:17:
                    11:21:6b:45:47:3b:fd:6f:48:ce:0e:a1:68:f0:7e:
                    dc:5b:e4:33:2e:11:9b:cb:c4:d5:c4:31:e3:3f:43:
                    5a:df:45:17:2f:e8:6e:a5:03:32:b8:d0:f4:28:9d:
                    7a:24:67:d9:5d:b9:43:da:bf:3c:b1:05:a9:a4:07:
                    02:86:2a:ff:58:70:44:c2:58:df:a6:e4:e6:ec:ca:
                    09:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2F:37:EC:E6:B6:50:E6:A1:95:A5:EE:CD:1A:80:54:1F:B7:99:B6
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS47690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.173.0/24
                  143.20.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:93:4b:8d:be:5d:e6:13:3d:cf:5f:51:89:d2:31:9a:f8:26:
         96:5e:58:33:31:ea:f2:a5:fd:60:03:98:89:7e:1d:0f:52:06:
         95:57:c6:cd:af:71:6e:a4:97:04:1c:58:e0:9f:27:db:fe:da:
         4c:8c:33:38:8b:e3:95:df:68:1f:a0:3c:0b:eb:52:4f:2d:54:
         81:e8:c9:7b:1c:a6:91:78:4b:51:ee:2c:83:b3:6f:29:3c:0e:
         5d:ee:a9:71:62:00:a9:b5:41:8a:7d:8b:35:b1:ae:da:0e:76:
         38:58:62:6b:1f:e1:d0:1a:38:a3:02:f7:09:31:b4:4e:ad:6b:
         fd:ee:78:04:ef:ce:51:d6:1a:e5:8b:1e:21:b3:6c:26:74:4c:
         23:58:2b:b5:be:a9:c0:29:d1:8f:90:bb:9e:a0:57:c4:81:c1:
         fc:88:00:b0:af:d6:1c:68:fa:33:24:69:c0:e7:6c:45:19:76:
         ab:b4:f9:81:ba:41:f3:90:ca:15:63:44:b7:42:6b:f4:19:37:
         6b:f7:13:49:3a:53:25:37:92:1f:25:7c:83:80:21:1d:d0:dd:
         3f:b2:2f:d6:0d:dd:db:9f:1a:ff:bb:24:57:b3:8e:d1:21:41:
         3e:ce:f6:a2:1d:2e:9b:34:02:01:02:e0:cc:d3:da:ee:b0:fd:
         91:02:13:c7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUcO/34d7j+99QpqtfhYg5zxoaLGEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMDIwMDE4NTFaFw0yNjExMDEwMDIzNTFaMDMxMTAvBgNV
BAMTKEVBMkYzN0VDRTZCNjUwRTZBMTk1QTVFRUNEMUE4MDU0MUZCNzk5QjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJtOE2EWAD1DD8MYJoIE4A7tHe
p/5Rdl64WxipgiIOq0+TusjsBON7lto6XZFRYYGnVmUUNIJp339XQCY+OAAsUBFz
Iio6K6BI59EZHWIe6RtgVmea9hgUfVE+edn2cqWrcsN3ah7vOOjIfIGC0GKpyreo
24XzgMCtW/Jn639ZPwDOsCrC+4vfuYcvEnNJaoIL0QN6Tc+Pin4Xlhh8IzOSJ5Mq
CrlXs3/hNMdJbbQLqdqRFxEha0VHO/1vSM4OoWjwftxb5DMuEZvLxNXEMeM/Q1rf
RRcv6G6lAzK40PQonXokZ9lduUPavzyxBamkBwKGKv9YcETCWN+m5ObsyglHAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU6i837Oa2UOahlaXuzRqAVB+3mbYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDc2OTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFK0D
BACPFNwwDQYJKoZIhvcNAQELBQADggEBACCTS42+XeYTPc9fUYnSMZr4JpZeWDMx
6vKl/WADmIl+HQ9SBpVXxs2vcW6klwQcWOCfJ9v+2kyMMziL45XfaB+gPAvrUk8t
VIHoyXscppF4S1HuLIOzbyk8Dl3uqXFiAKm1QYp9izWxrtoOdjhYYmsf4dAaOKMC
9wkxtE6ta/3ueATvzlHWGuWLHiGzbCZ0TCNYK7W+qcAp0Y+Qu56gV8SBwfyIALCv
1hxo+jMkacDnbEUZdqu0+YG6QfOQyhVjRLdCa/QZN2v3E0k6UyU3kh8lfIOAIR3Q
3T+yL9YN3dufGv+7JFezjtEhQT7O9qIdLps0AgEC4MzT2u6w/ZECE8c=
-----END CERTIFICATE-----