Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS202791.roa
File:                     AS202791.roa (raw, json)
Hash identifier:          n3ErTR5h098We2mbhdyPPvywYsF5guem1VZgBs7DOTM=
Subject key identifier:   6A:C2:AD:F3:6E:04:20:4D:7D:D4:B8:45:50:15:E2:46:4C:D9:39:EE
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3BD19E6EDA51BEAEA740B67E3DE8FC0683B4346D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS202791.roa
Signing time:             Mon 14 Jul 2025 10:11:15 +0000
ROA not before:           Mon 14 Jul 2025 10:06:15 +0000
ROA not after:            Mon 13 Jul 2026 10:11:15 +0000
asID:                     202791
IP address blocks:        143.20.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:d1:9e:6e:da:51:be:ae:a7:40:b6:7e:3d:e8:fc:06:83:b4:34:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 14 10:06:15 2025 GMT
            Not After : Jul 13 10:11:15 2026 GMT
        Subject: CN=6AC2ADF36E04204D7DD4B8455015E2464CD939EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:46:ad:37:78:3c:ac:b6:e2:94:f8:ec:14:42:
                    8f:72:21:d8:09:e7:ce:3d:e5:e6:38:ea:5e:2c:14:
                    e7:9b:b4:fe:95:94:78:73:7e:24:39:03:f9:d0:76:
                    62:79:59:1c:5a:52:ca:fc:c3:83:a3:b1:71:a6:13:
                    34:12:74:de:46:20:d1:e1:33:ab:d8:d4:ae:cb:cc:
                    62:2a:77:cb:4b:b0:74:29:95:b6:a1:37:b9:5b:bf:
                    54:ff:c3:3b:5d:dd:30:b0:b8:65:c2:4b:82:99:27:
                    cf:41:c2:0e:b4:42:7f:b3:d7:f9:9b:14:c3:e9:bd:
                    61:08:95:35:9f:be:07:5d:da:3f:99:6c:c6:6e:ce:
                    96:35:95:e3:86:cd:bd:40:fb:3c:ab:ec:66:38:92:
                    b4:3d:b9:7b:9d:b5:c5:b4:42:7b:9f:35:d1:10:a3:
                    8d:b8:ac:d8:51:b0:1a:0a:1b:9a:bc:67:03:64:b1:
                    0d:63:62:d0:c9:cc:ba:82:cd:db:d2:57:23:7a:b6:
                    16:6d:d5:e5:e2:f8:e4:d9:03:0c:6b:ae:bd:d2:96:
                    cb:6b:3e:f8:03:00:f6:73:f3:dd:6b:c2:59:03:c5:
                    2d:8e:72:60:64:6d:01:1b:67:fc:d9:51:02:15:e1:
                    ac:7b:56:6b:a7:31:e8:13:3d:b7:e9:7d:27:ec:2a:
                    3f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:C2:AD:F3:6E:04:20:4D:7D:D4:B8:45:50:15:E2:46:4C:D9:39:EE
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS202791.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:f8:06:24:bf:5f:5c:79:79:1d:f2:c6:4c:eb:f8:31:f7:b6:
         05:bd:05:ce:3e:b7:16:e1:9c:bc:52:01:54:92:24:b9:e7:2d:
         aa:01:e0:50:cc:61:6b:cf:b3:6a:e0:d5:61:48:9a:6b:9e:2f:
         57:48:0d:d6:54:3a:49:b7:73:51:63:9d:94:b5:fb:33:f6:3a:
         63:fc:92:3a:33:7c:26:db:b2:f5:f4:b3:ff:49:a6:c6:fa:12:
         96:34:9e:46:a0:58:2c:77:45:c1:fc:4b:cc:94:67:4f:23:18:
         3a:74:35:4a:35:92:f8:02:cb:05:9e:fd:a1:99:85:fb:32:ef:
         c7:eb:18:ac:d8:46:47:1e:e7:b6:0b:ba:eb:df:de:af:77:1e:
         32:76:d0:12:6b:41:35:89:2c:30:26:82:19:7d:dc:58:86:e7:
         64:05:27:79:a1:ce:99:c8:92:83:b9:ea:78:60:f0:68:c9:c6:
         a3:b9:1b:c9:3c:32:2f:3d:11:74:a6:41:37:7b:17:4f:94:6b:
         50:d3:84:92:46:f8:16:8c:56:25:ef:4b:f9:99:3d:c3:47:15:
         97:86:c0:9b:e4:db:91:df:c1:79:79:f2:44:79:39:c6:08:85:
         f4:67:4f:41:4a:be:47:ee:75:20:71:7c:a2:8b:3b:c9:2e:08:
         3c:68:40:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUO9GebtpRvq6nQLZ+Pej8BoO0NG0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTQxMDA2MTVaFw0yNjA3MTMxMDExMTVaMDMxMTAvBgNV
BAMTKDZBQzJBREYzNkUwNDIwNEQ3REQ0Qjg0NTUwMTVFMjQ2NENEOTM5RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVRq03eDystuKU+OwUQo9yIdgJ
58495eY46l4sFOebtP6VlHhzfiQ5A/nQdmJ5WRxaUsr8w4OjsXGmEzQSdN5GINHh
M6vY1K7LzGIqd8tLsHQplbahN7lbv1T/wztd3TCwuGXCS4KZJ89Bwg60Qn+z1/mb
FMPpvWEIlTWfvgdd2j+ZbMZuzpY1leOGzb1A+zyr7GY4krQ9uXudtcW0QnufNdEQ
o424rNhRsBoKG5q8ZwNksQ1jYtDJzLqCzdvSVyN6thZt1eXi+OTZAwxrrr3Slstr
PvgDAPZz891rwlkDxS2OcmBkbQEbZ/zZUQIV4ax7VmunMegTPbfpfSfsKj/nAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUasKt824EIE191LhFUBXiRkzZOe4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjAyNzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxTs
MA0GCSqGSIb3DQEBCwUAA4IBAQB8+AYkv19ceXkd8sZM6/gx97YFvQXOPrcW4Zy8
UgFUkiS55y2qAeBQzGFrz7Nq4NVhSJprni9XSA3WVDpJt3NRY52Utfsz9jpj/JI6
M3wm27L19LP/SabG+hKWNJ5GoFgsd0XB/EvMlGdPIxg6dDVKNZL4AssFnv2hmYX7
Mu/H6xis2EZHHue2C7rr396vdx4ydtASa0E1iSwwJoIZfdxYhudkBSd5oc6ZyJKD
uep4YPBoycajuRvJPDIvPRF0pkE3exdPlGtQ04SSRvgWjFYl70v5mT3DRxWXhsCb
5NuR38F5efJEeTnGCIX0Z09BSr5H7nUgcXyiizvJLgg8aECc
-----END CERTIFICATE-----