Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS206286.roa
File:                     AS206286.roa (raw, json)
Hash identifier:          49IT0Gu5YZwsng+ZNlXARS/fYcxxljTf3uPVIo+Sl/4=
Subject key identifier:   E4:F0:DC:ED:C2:9D:F6:31:21:B0:34:D8:6E:54:BD:B3:13:6D:EA:48
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2E1E1F3C31549AD1A1E37BA9E8C9DBEBEB6A6029
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS206286.roa
Signing time:             Mon 21 Jul 2025 18:34:27 +0000
ROA not before:           Mon 21 Jul 2025 18:29:27 +0000
ROA not after:            Mon 20 Jul 2026 18:34:27 +0000
asID:                     206286
IP address blocks:        143.20.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:1e:1f:3c:31:54:9a:d1:a1:e3:7b:a9:e8:c9:db:eb:eb:6a:60:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 21 18:29:27 2025 GMT
            Not After : Jul 20 18:34:27 2026 GMT
        Subject: CN=E4F0DCEDC29DF63121B034D86E54BDB3136DEA48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:aa:eb:f0:c7:1e:4c:bb:b9:23:f2:ab:5a:2c:
                    49:63:3d:0b:8c:a7:79:7c:d4:7a:5f:00:08:55:f2:
                    23:3e:55:76:8b:4f:85:3b:b7:d0:49:bd:6e:63:6a:
                    47:39:d2:12:05:03:15:ae:a0:ae:c5:e9:1b:47:7b:
                    5e:71:13:65:e1:0c:47:de:bb:0c:0d:8e:94:da:77:
                    49:73:9a:27:f5:6d:f4:77:09:ad:d5:db:a2:fa:32:
                    ef:5e:65:3f:d7:59:30:44:14:fa:3f:49:3f:23:09:
                    a7:76:8f:0d:4d:5e:3d:08:29:8c:02:08:29:76:64:
                    6c:52:d1:da:b5:c3:a4:90:9c:3d:19:a3:d8:11:62:
                    c6:dd:1c:91:5b:d4:e1:af:9e:e6:3b:ef:44:87:ff:
                    4a:d3:16:ba:f9:43:4c:1d:a6:fd:8d:66:cf:89:52:
                    9c:6b:ce:86:c0:c2:24:db:44:ca:e8:0f:be:f6:fd:
                    dc:6c:5b:2d:c4:a2:48:e8:c7:e6:1b:7f:cf:5b:dc:
                    b0:24:79:37:eb:19:5b:37:b7:e6:60:7a:c3:2e:0b:
                    5b:fb:c0:18:83:da:d7:cb:cb:c0:43:59:d2:c7:c5:
                    02:60:28:77:80:47:5e:2b:76:89:83:08:de:90:d3:
                    31:ad:97:f5:ac:60:d0:3f:1a:11:72:ca:14:08:41:
                    bb:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F0:DC:ED:C2:9D:F6:31:21:B0:34:D8:6E:54:BD:B3:13:6D:EA:48
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS206286.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:b1:63:17:e7:d9:a3:22:1e:32:5a:0a:8a:b4:1b:fa:48:4b:
         2f:76:2e:7b:7f:28:16:a9:44:8c:64:7e:b7:12:a2:02:29:10:
         94:20:62:bd:ea:15:31:a8:38:e2:b4:55:2f:35:9c:00:6c:cd:
         a4:c9:76:d4:bf:f1:46:9f:6a:18:16:e1:1b:ee:74:99:35:93:
         7b:f4:92:41:b0:89:45:61:b7:8c:f7:4e:8a:9a:0e:e8:33:90:
         ee:3f:a3:4f:83:4b:37:e5:8e:de:74:bf:b5:52:9b:0c:3c:73:
         1d:56:c7:bd:bf:26:6c:d7:6e:31:af:32:e6:2f:93:cd:d5:25:
         19:9b:48:c0:37:8d:0b:43:5f:17:09:12:82:6c:3b:53:48:35:
         a3:59:c4:bd:e9:97:26:4c:40:69:67:0f:e2:be:09:7f:e0:08:
         99:6a:b1:75:b4:03:fb:ff:19:c4:2f:e7:fd:2d:3d:96:32:98:
         b1:c2:b8:05:cf:3c:a2:fd:d7:4e:2c:58:99:72:84:45:c9:4c:
         e5:7e:77:74:42:eb:b4:88:66:ea:0f:0f:27:0f:8a:b4:9e:06:
         f9:b3:f3:e2:ac:a1:41:7f:e6:bb:e0:2e:90:c5:6d:85:49:22:
         ab:76:d7:3c:4d:31:0a:51:69:44:24:07:d4:3a:11:3c:7b:1f:
         bb:d0:9e:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULh4fPDFUmtGh43up6Mnb6+tqYCkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjExODI5MjdaFw0yNjA3MjAxODM0MjdaMDMxMTAvBgNV
BAMTKEU0RjBEQ0VEQzI5REY2MzEyMUIwMzREODZFNTRCREIzMTM2REVBNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIquvwxx5Mu7kj8qtaLEljPQuM
p3l81HpfAAhV8iM+VXaLT4U7t9BJvW5jakc50hIFAxWuoK7F6RtHe15xE2XhDEfe
uwwNjpTad0lzmif1bfR3Ca3V26L6Mu9eZT/XWTBEFPo/ST8jCad2jw1NXj0IKYwC
CCl2ZGxS0dq1w6SQnD0Zo9gRYsbdHJFb1OGvnuY770SH/0rTFrr5Q0wdpv2NZs+J
UpxrzobAwiTbRMroD772/dxsWy3Eokjox+Ybf89b3LAkeTfrGVs3t+ZgesMuC1v7
wBiD2tfLy8BDWdLHxQJgKHeAR14rdomDCN6Q0zGtl/WsYNA/GhFyyhQIQbuNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5PDc7cKd9jEhsDTYblS9sxNt6kgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA2Mjg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxS4
MA0GCSqGSIb3DQEBCwUAA4IBAQBcsWMX59mjIh4yWgqKtBv6SEsvdi57fygWqUSM
ZH63EqICKRCUIGK96hUxqDjitFUvNZwAbM2kyXbUv/FGn2oYFuEb7nSZNZN79JJB
sIlFYbeM906Kmg7oM5DuP6NPg0s35Y7edL+1UpsMPHMdVse9vyZs124xrzLmL5PN
1SUZm0jAN40LQ18XCRKCbDtTSDWjWcS96ZcmTEBpZw/ivgl/4AiZarF1tAP7/xnE
L+f9LT2WMpixwrgFzzyi/ddOLFiZcoRFyUzlfnd0Quu0iGbqDw8nD4q0ngb5s/Pi
rKFBf+a74C6QxW2FSSKrdtc8TTEKUWlEJAfUOhE8ex+70J4D
-----END CERTIFICATE-----