Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9009.roa
File:                     AS9009.roa (raw, json)
Hash identifier:          SUrRZZ2SepsaRk6cR5tj6GQZ2dJQk/pg3c/Mvm2o9lo=
Subject key identifier:   31:ED:90:9B:9F:9E:E5:8B:02:60:BD:66:99:3A:F1:D0:91:9C:8A:2F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       258E8BDA950AB8638384B017DCDC6575971A9D28
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9009.roa
Signing time:             Wed 23 Jul 2025 12:13:40 +0000
ROA not before:           Wed 23 Jul 2025 12:08:40 +0000
ROA not after:            Wed 22 Jul 2026 12:13:40 +0000
asID:                     9009
IP address blocks:        143.20.106.0/24 maxlen: 24
                          143.20.155.0/24 maxlen: 24
                          143.20.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:8e:8b:da:95:0a:b8:63:83:84:b0:17:dc:dc:65:75:97:1a:9d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 23 12:08:40 2025 GMT
            Not After : Jul 22 12:13:40 2026 GMT
        Subject: CN=31ED909B9F9EE58B0260BD66993AF1D0919C8A2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e3:bd:fc:f6:d2:aa:6c:8e:b2:ee:63:4b:ab:
                    a4:db:b0:b3:ef:4f:16:63:30:bb:33:c0:f6:48:e3:
                    0c:b8:9a:43:18:61:a3:98:d0:e3:99:ec:c8:1c:12:
                    b1:18:8c:46:8d:d4:2b:a5:ab:74:1a:0b:52:02:1d:
                    0c:d6:14:70:a9:d2:c8:92:8b:66:12:03:14:c0:ef:
                    26:9f:15:8c:85:a8:b1:64:5d:85:93:8c:e0:35:8d:
                    f3:ca:6c:a3:05:dd:db:79:cd:cf:4c:e9:35:ac:33:
                    bf:f1:31:69:b3:6c:6e:b6:47:d3:40:53:05:dd:e2:
                    0a:2f:c3:e0:b5:e8:07:19:86:62:ba:73:82:f0:ed:
                    11:15:7c:0c:9c:cb:71:e5:68:76:91:73:3f:05:92:
                    e6:cc:da:dc:a7:60:b1:7a:78:70:9c:7c:71:73:3d:
                    69:7d:0a:e2:fb:dc:fd:83:bc:3a:12:4b:c4:32:8b:
                    e1:db:ee:3d:e5:af:87:b0:e1:86:db:04:95:88:ed:
                    1c:4f:bf:bf:9b:e9:89:6d:c7:39:57:c7:2b:df:48:
                    d5:93:ed:57:10:cc:be:d9:07:cc:71:5f:68:d3:eb:
                    e8:ec:aa:f3:c3:1f:34:52:04:e9:3e:9b:c7:cf:4f:
                    69:02:4f:11:c9:81:90:34:16:08:64:25:4a:f6:1d:
                    5b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:ED:90:9B:9F:9E:E5:8B:02:60:BD:66:99:3A:F1:D0:91:9C:8A:2F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9009.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.106.0/24
                  143.20.155.0/24
                  143.20.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:ec:41:a8:7a:ca:eb:04:6d:d8:83:6a:78:56:ac:c9:e8:2a:
         3a:cb:6a:31:bf:20:38:e7:82:98:b7:80:cd:d9:0e:7f:2c:9b:
         f7:c2:e5:6f:56:e3:cb:fb:b0:9d:82:48:a7:b6:56:dc:cb:2b:
         a3:8b:da:be:53:35:8c:59:1f:74:30:59:cf:78:8a:fa:14:4e:
         f7:cc:3e:96:b7:7c:46:c5:52:27:86:e4:46:a8:c4:de:88:e4:
         af:db:59:51:0a:dc:66:b7:2b:3a:6a:c6:1f:d9:4d:3e:61:5e:
         61:62:42:14:a7:ec:33:bd:7c:c5:d3:38:68:75:e5:be:62:ec:
         b4:a4:82:a7:1b:92:dd:5c:89:b1:2f:6a:f3:7f:34:53:c5:31:
         79:19:35:52:e2:9f:7f:33:8e:ba:a7:64:d5:6d:a3:4d:62:de:
         ea:7a:c2:86:2f:ae:0b:b7:63:c5:20:ac:11:60:24:69:87:b5:
         97:27:aa:3f:bf:b6:aa:4e:a9:c0:d2:d4:31:db:6d:21:8c:66:
         8b:9f:f7:ab:44:59:fd:e7:23:af:74:72:1e:6c:41:7e:7e:53:
         b6:08:80:08:77:a8:3f:72:ea:3b:4d:78:29:49:d9:27:bb:87:
         b1:0e:0a:07:51:87:b8:4f:d1:53:7f:86:51:be:47:47:91:7e:
         d2:6e:77:1f
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUJY6L2pUKuGODhLAX3NxldZcanSgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjMxMjA4NDBaFw0yNjA3MjIxMjEzNDBaMDMxMTAvBgNV
BAMTKDMxRUQ5MDlCOUY5RUU1OEIwMjYwQkQ2Njk5M0FGMUQwOTE5QzhBMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp47389tKqbI6y7mNLq6TbsLPv
TxZjMLszwPZI4wy4mkMYYaOY0OOZ7MgcErEYjEaN1Culq3QaC1ICHQzWFHCp0siS
i2YSAxTA7yafFYyFqLFkXYWTjOA1jfPKbKMF3dt5zc9M6TWsM7/xMWmzbG62R9NA
UwXd4govw+C16AcZhmK6c4Lw7REVfAycy3HlaHaRcz8FkubM2tynYLF6eHCcfHFz
PWl9CuL73P2DvDoSS8Qyi+Hb7j3lr4ew4YbbBJWI7RxPv7+b6YltxzlXxyvfSNWT
7VcQzL7ZB8xxX2jT6+jsqvPDHzRSBOk+m8fPT2kCTxHJgZA0FghkJUr2HVstAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUMe2Qm5+e5YsCYL1mmTrx0JGcii8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTOTAwOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAI8UagME
AI8UmwMEAI8UsjANBgkqhkiG9w0BAQsFAAOCAQEApOxBqHrK6wRt2INqeFasyegq
OstqMb8gOOeCmLeAzdkOfyyb98Llb1bjy/uwnYJIp7ZW3Msro4vavlM1jFkfdDBZ
z3iK+hRO98w+lrd8RsVSJ4bkRqjE3ojkr9tZUQrcZrcrOmrGH9lNPmFeYWJCFKfs
M718xdM4aHXlvmLstKSCpxuS3VyJsS9q8380U8UxeRk1UuKffzOOuqdk1W2jTWLe
6nrChi+uC7djxSCsEWAkaYe1lyeqP7+2qk6pwNLUMdttIYxmi5/3q0RZ/ecjr3Ry
HmxBfn5TtgiACHeoP3LqO014KUnZJ7uHsQ4KB1GHuE/RU3+GUb5HR5F+0m53Hw==
-----END CERTIFICATE-----