Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS5650.roa
File:                     AS5650.roa (raw, json)
Hash identifier:          Cm6ebpohXnoK9c+Q1OXIbDctJodbQ+ovKLS40YU72Qo=
Subject key identifier:   88:67:8A:C1:E9:57:8F:10:74:E1:6A:F1:89:6A:7D:6C:43:07:24:04
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7E0A8711616D6530791E7B9CF55576C60DDDE0BC
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS5650.roa
Signing time:             Sun 26 Oct 2025 00:09:55 +0000
ROA not before:           Sun 26 Oct 2025 00:04:55 +0000
ROA not after:            Sun 25 Oct 2026 00:09:55 +0000
asID:                     5650
IP address blocks:        143.20.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:0a:87:11:61:6d:65:30:79:1e:7b:9c:f5:55:76:c6:0d:dd:e0:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 26 00:04:55 2025 GMT
            Not After : Oct 25 00:09:55 2026 GMT
        Subject: CN=88678AC1E9578F1074E16AF1896A7D6C43072404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5e:ff:4d:fa:7d:08:50:b2:14:89:cc:96:fb:
                    01:45:72:d8:01:a4:b7:b1:0f:fd:11:6d:9b:00:4a:
                    c6:cb:2e:82:75:83:5c:19:bc:f1:bb:c7:71:da:ca:
                    73:24:d4:af:12:b5:25:6a:84:40:f7:0b:15:0c:01:
                    7b:5e:fd:85:b2:0b:94:c6:05:1e:a0:3c:be:c8:49:
                    aa:4c:d0:96:9b:b2:24:c6:7e:35:ca:cc:dd:fd:d3:
                    ea:14:0a:10:d8:f9:1f:cb:c6:fc:5a:bc:6a:ee:1b:
                    50:7f:72:87:4d:af:d0:0c:51:a9:7b:a8:93:31:8e:
                    e2:99:05:d7:92:52:b4:58:77:c1:31:55:1b:b4:46:
                    db:0d:9b:4a:15:3c:5a:5d:3d:b5:0e:e2:8d:60:96:
                    5b:d2:3b:6d:d5:8b:71:80:58:7a:97:b1:6a:b4:8f:
                    50:cb:1e:69:4b:f0:2a:8b:46:a3:4a:e1:33:81:31:
                    62:49:a2:2f:7e:74:22:93:fd:2b:93:bf:a1:0b:fa:
                    a2:40:ca:85:36:8a:c9:79:fa:24:fb:30:89:3c:1f:
                    a0:9c:56:a3:02:eb:08:cf:db:87:21:da:fb:d4:a0:
                    d1:a1:af:94:dd:da:e3:c2:7c:61:fa:58:f3:9d:54:
                    7c:8e:36:f3:a9:c2:b9:d6:ca:41:20:0e:7e:f2:21:
                    85:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:67:8A:C1:E9:57:8F:10:74:E1:6A:F1:89:6A:7D:6C:43:07:24:04
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS5650.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:f4:1a:70:28:07:f7:27:41:8f:5b:17:15:45:36:91:fc:2a:
         5f:d1:ce:a4:87:08:49:2f:64:fa:05:72:3d:16:40:9d:2a:f7:
         06:2f:5f:c4:9c:49:a7:4c:35:89:e0:67:15:18:8f:e0:d4:04:
         0b:55:51:2a:8b:e6:da:10:b5:80:b0:7f:75:44:64:2d:84:f2:
         9b:cc:ea:30:c1:d7:52:4d:d3:5e:04:21:3e:f2:51:1f:c1:a3:
         a0:ab:e7:d3:4a:0f:2e:7a:2e:b3:a1:04:fc:5e:f9:bd:29:e6:
         ec:ca:57:dd:4c:c6:63:92:fa:74:50:5b:b0:a6:d8:26:e9:3f:
         70:ce:f2:2d:a3:76:f5:47:bc:44:18:8b:45:8b:90:db:03:cc:
         c9:72:ee:6e:b9:d7:47:83:8d:38:bc:ed:13:15:e1:1c:a6:a8:
         e3:81:96:0d:71:f5:ac:a3:bc:31:d2:a4:b8:fb:74:12:b5:cc:
         3c:1d:65:b5:5d:79:94:fa:c7:87:e6:36:59:38:0c:0a:21:6c:
         5a:69:85:c8:d0:fa:59:0c:4e:13:76:6e:f3:73:54:b8:46:7d:
         51:2d:4b:fc:42:a5:d4:3f:37:86:26:4d:54:a2:50:fa:69:be:
         3f:c6:aa:55:24:6a:9f:d7:05:23:b5:28:17:b8:10:1b:b7:e6:
         e2:75:12:38
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUfgqHEWFtZTB5Hnuc9VV2xg3d4LwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjYwMDA0NTVaFw0yNjEwMjUwMDA5NTVaMDMxMTAvBgNV
BAMTKDg4Njc4QUMxRTk1NzhGMTA3NEUxNkFGMTg5NkE3RDZDNDMwNzI0MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6Xv9N+n0IULIUicyW+wFFctgB
pLexD/0RbZsASsbLLoJ1g1wZvPG7x3HaynMk1K8StSVqhED3CxUMAXte/YWyC5TG
BR6gPL7ISapM0JabsiTGfjXKzN390+oUChDY+R/LxvxavGruG1B/codNr9AMUal7
qJMxjuKZBdeSUrRYd8ExVRu0RtsNm0oVPFpdPbUO4o1gllvSO23Vi3GAWHqXsWq0
j1DLHmlL8CqLRqNK4TOBMWJJoi9+dCKT/SuTv6EL+qJAyoU2isl5+iT7MIk8H6Cc
VqMC6wjP24ch2vvUoNGhr5Td2uPCfGH6WPOdVHyONvOpwrnWykEgDn7yIYXfAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUiGeKwelXjxB04WrxiWp9bEMHJAQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTY1MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UmTAN
BgkqhkiG9w0BAQsFAAOCAQEAtPQacCgH9ydBj1sXFUU2kfwqX9HOpIcISS9k+gVy
PRZAnSr3Bi9fxJxJp0w1ieBnFRiP4NQEC1VRKovm2hC1gLB/dURkLYTym8zqMMHX
Uk3TXgQhPvJRH8GjoKvn00oPLnous6EE/F75vSnm7MpX3UzGY5L6dFBbsKbYJuk/
cM7yLaN29Ue8RBiLRYuQ2wPMyXLubrnXR4ONOLztExXhHKao44GWDXH1rKO8MdKk
uPt0ErXMPB1ltV15lPrHh+Y2WTgMCiFsWmmFyND6WQxOE3Zu83NUuEZ9US1L/EKl
1D83hiZNVKJQ+mm+P8aqVSRqn9cFI7UoF7gQG7fm4nUSOA==
-----END CERTIFICATE-----