Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS19318.roa
File:                     AS19318.roa (raw, json)
Hash identifier:          5QH1Ne7v8CUIHHcAmU9H9Zln3v0sEq1x7ItdaVO+dwQ=
Subject key identifier:   D9:E6:9C:32:6F:BA:7D:23:9E:53:A4:3F:95:77:5F:9B:CB:B7:E1:60
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       550A1FB943DF86F52797C76576A974118C0A8A24
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS19318.roa
Signing time:             Sat 19 Jul 2025 16:30:02 +0000
ROA not before:           Sat 19 Jul 2025 16:25:02 +0000
ROA not after:            Sat 18 Jul 2026 16:30:02 +0000
asID:                     19318
IP address blocks:        143.20.118.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:18:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:0a:1f:b9:43:df:86:f5:27:97:c7:65:76:a9:74:11:8c:0a:8a:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 19 16:25:02 2025 GMT
            Not After : Jul 18 16:30:02 2026 GMT
        Subject: CN=D9E69C326FBA7D239E53A43F95775F9BCBB7E160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2d:6f:0a:58:8e:da:78:e8:0a:5d:03:65:8a:
                    d4:71:17:5e:20:70:b0:f2:26:0a:31:c8:6a:89:6c:
                    44:b8:30:bc:45:0e:f5:94:f3:bb:29:65:71:9e:55:
                    07:3a:97:0a:55:dc:3e:6f:2c:50:7c:8a:22:59:11:
                    e1:3e:ff:8b:e2:c9:a7:25:38:38:de:83:10:99:39:
                    4f:24:23:bf:72:d3:ee:06:18:a8:9f:3e:1b:ac:b6:
                    6a:58:de:25:45:8e:5c:bf:3d:c1:3d:a2:4c:5b:a2:
                    b7:af:6a:7c:22:82:5f:d9:07:ef:51:d0:8f:e7:c0:
                    1b:50:38:80:f9:3a:59:8d:17:63:a4:1c:9e:13:82:
                    7f:80:ab:8e:f6:56:10:f2:dd:e7:09:f0:a1:3f:63:
                    bf:10:d0:3e:ed:fa:12:23:85:ff:37:b3:17:37:e6:
                    85:46:d1:74:93:bf:18:3b:32:d7:4d:17:93:0f:61:
                    85:ce:b4:55:2a:bf:1b:56:80:6c:67:7f:89:2a:22:
                    9a:e7:ce:cb:69:08:12:fb:5d:cc:49:8e:ba:96:71:
                    0a:1c:09:c5:7f:d0:02:61:9c:a1:19:7c:9f:f8:44:
                    d5:98:54:be:5c:d0:b9:69:a3:9d:ca:63:17:33:9e:
                    27:0f:b9:3c:2b:52:d0:a4:b4:d3:5d:8d:7d:de:9c:
                    a4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:E6:9C:32:6F:BA:7D:23:9E:53:A4:3F:95:77:5F:9B:CB:B7:E1:60
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS19318.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:99:59:2e:dd:8e:7b:43:1a:63:d5:ae:d0:71:4f:9b:6f:5f:
         06:49:aa:72:6a:ed:d9:74:6d:66:58:42:0d:a8:e9:0b:73:db:
         76:35:20:b1:e3:5b:2c:a9:ce:07:e2:57:a9:1e:9e:bb:e8:18:
         81:b0:70:d7:31:76:63:76:da:7b:44:7e:3e:1a:6b:25:64:64:
         17:54:ab:86:35:33:f4:68:23:3b:03:49:89:4b:e9:0c:27:6b:
         40:ad:98:99:20:06:21:a0:fb:8d:57:07:d8:8f:f9:bc:07:94:
         4f:aa:f7:d6:94:5f:dc:9a:90:49:24:a3:22:ca:0f:8c:b1:58:
         ed:be:59:2a:40:49:36:a8:bf:8f:a4:69:8d:30:f4:5c:14:68:
         a1:bc:02:69:c7:0a:49:cd:16:13:9e:c0:30:7d:cf:ed:ea:fa:
         b4:7d:c9:26:0a:6a:9f:8f:8e:b8:15:41:7c:7d:8b:40:7e:30:
         68:15:93:d5:06:b8:5e:6b:f2:22:f4:25:ff:d0:49:15:56:ea:
         d2:9c:67:7e:4f:0e:e7:b8:b1:12:3b:ca:2f:2e:84:43:3a:e4:
         e9:c2:f3:57:d6:7d:d4:30:23:f2:4d:69:57:09:68:2c:e4:82:
         a4:3f:28:23:cf:97:80:b0:97:2f:17:9c:06:28:d7:54:dc:f3:
         85:b8:04:f4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVQofuUPfhvUnl8dldql0EYwKiiQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTkxNjI1MDJaFw0yNjA3MTgxNjMwMDJaMDMxMTAvBgNV
BAMTKEQ5RTY5QzMyNkZCQTdEMjM5RTUzQTQzRjk1Nzc1RjlCQ0JCN0UxNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwLW8KWI7aeOgKXQNlitRxF14g
cLDyJgoxyGqJbES4MLxFDvWU87spZXGeVQc6lwpV3D5vLFB8iiJZEeE+/4viyacl
ODjegxCZOU8kI79y0+4GGKifPhustmpY3iVFjly/PcE9okxborevanwigl/ZB+9R
0I/nwBtQOID5OlmNF2OkHJ4Tgn+Aq472VhDy3ecJ8KE/Y78Q0D7t+hIjhf83sxc3
5oVG0XSTvxg7MtdNF5MPYYXOtFUqvxtWgGxnf4kqIprnzstpCBL7XcxJjrqWcQoc
CcV/0AJhnKEZfJ/4RNWYVL5c0Llpo53KYxcznicPuTwrUtCktNNdjX3enKQHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU2eacMm+6fSOeU6Q/lXdfm8u34WAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTkzMTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGPFHYw
DQYJKoZIhvcNAQELBQADggEBAMOZWS7djntDGmPVrtBxT5tvXwZJqnJq7dl0bWZY
Qg2o6Qtz23Y1ILHjWyypzgfiV6kenrvoGIGwcNcxdmN22ntEfj4aayVkZBdUq4Y1
M/RoIzsDSYlL6Qwna0CtmJkgBiGg+41XB9iP+bwHlE+q99aUX9yakEkkoyLKD4yx
WO2+WSpASTaov4+kaY0w9FwUaKG8AmnHCknNFhOewDB9z+3q+rR9ySYKap+PjrgV
QXx9i0B+MGgVk9UGuF5r8iL0Jf/QSRVW6tKcZ35PDue4sRI7yi8uhEM65OnC81fW
fdQwI/JNaVcJaCzkgqQ/KCPPl4Cwly8XnAYo11Tc84W4BPQ=
-----END CERTIFICATE-----