Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS206822.roa
File:                     AS206822.roa (raw, json)
Hash identifier:          iS5yt6H8SglbnlZRIvIQN1ivX8/r7OHYe9JmZHZSOdc=
Subject key identifier:   0B:72:A0:32:CB:DA:6E:DE:E7:CC:7D:B6:F8:07:26:83:70:4C:66:2B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0A6C64EEE28C6463A111577091C931D54354E08F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS206822.roa
Signing time:             Mon 14 Jul 2025 09:14:21 +0000
ROA not before:           Mon 14 Jul 2025 09:09:21 +0000
ROA not after:            Mon 13 Jul 2026 09:14:21 +0000
asID:                     206822
IP address blocks:        143.20.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:6c:64:ee:e2:8c:64:63:a1:11:57:70:91:c9:31:d5:43:54:e0:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 14 09:09:21 2025 GMT
            Not After : Jul 13 09:14:21 2026 GMT
        Subject: CN=0B72A032CBDA6EDEE7CC7DB6F8072683704C662B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fa:85:f3:32:47:de:16:cc:36:fd:0b:9d:a7:
                    57:f4:74:8b:41:a5:db:10:af:91:17:5c:e9:1a:40:
                    ac:86:bc:2d:04:44:88:a0:2b:22:6f:de:35:98:75:
                    c3:ab:b5:f0:46:fd:1d:ea:55:80:fa:c9:63:6a:b8:
                    42:ec:02:28:da:a4:ed:bb:4c:05:f0:d7:80:9a:ef:
                    34:60:39:3a:a6:3f:d2:dc:fa:fe:a0:1d:91:21:8d:
                    7a:9f:36:ae:05:19:c2:5b:36:3c:f1:a9:6b:40:79:
                    d6:9b:8d:f3:28:fb:46:bc:d8:99:8b:72:fd:33:af:
                    9f:a8:28:4d:01:b1:72:e8:ee:97:22:ba:40:d9:af:
                    a9:4f:78:b8:92:f3:1f:c6:8d:40:e2:60:b9:93:b9:
                    ef:ef:0b:8e:1a:7d:82:4b:fa:3c:21:41:67:87:0f:
                    fc:06:80:64:62:06:d8:2b:d9:4d:3b:e7:cb:26:51:
                    a1:12:79:a1:0b:fa:91:ec:c0:9d:98:8c:57:9e:cf:
                    45:41:07:7c:36:00:96:d3:dd:35:14:b4:ac:f0:59:
                    e9:99:61:50:ee:cc:1e:63:94:70:28:c0:8a:d2:71:
                    7d:57:34:2b:a4:41:1c:21:c5:e0:70:f7:35:45:87:
                    d2:96:83:ce:00:d1:85:52:64:5c:cb:ac:04:4b:1f:
                    71:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:72:A0:32:CB:DA:6E:DE:E7:CC:7D:B6:F8:07:26:83:70:4C:66:2B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS206822.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:c9:0a:cd:ba:ab:3e:d1:b5:96:cf:d7:5d:3d:52:02:50:10:
         7e:9e:f7:f1:69:49:18:3a:26:a1:1c:c0:e6:0b:4a:24:51:bc:
         6e:2f:b0:27:73:17:fa:65:32:72:d5:af:0d:dc:c7:c2:38:20:
         f7:04:78:fc:ee:47:7c:fa:a8:27:75:55:5c:c5:45:db:b5:31:
         09:28:14:f2:dc:cd:8f:3c:d0:bd:7c:cf:f1:44:3b:70:22:8a:
         53:1e:de:39:3a:95:fd:a2:6c:1d:26:74:ab:4b:39:d8:9c:1d:
         bd:e1:86:0d:43:64:19:10:4b:41:f5:b5:c1:49:88:59:a1:01:
         f1:51:94:91:69:3b:95:eb:52:ad:1f:d2:1d:a1:39:9b:94:37:
         63:25:27:31:c8:b3:58:3a:20:8f:f4:b9:fe:5a:4e:4b:9e:08:
         84:a9:ee:25:0d:4b:29:97:a5:c3:af:19:6c:35:1f:28:b8:81:
         ea:f6:60:e7:f4:87:18:e2:4e:0a:27:90:5a:76:17:8b:d8:0f:
         16:46:84:48:50:8b:94:ba:b8:d7:2c:76:b5:04:75:91:50:3d:
         55:8e:98:80:fa:1a:8a:43:9e:c4:0b:63:87:7b:d6:57:4e:f7:
         33:bf:3c:4f:d3:7f:08:3b:c5:c5:33:5c:c1:d3:be:5d:70:a8:
         e7:8c:95:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCmxk7uKMZGOhEVdwkckx1UNU4I8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTQwOTA5MjFaFw0yNjA3MTMwOTE0MjFaMDMxMTAvBgNV
BAMTKDBCNzJBMDMyQ0JEQTZFREVFN0NDN0RCNkY4MDcyNjgzNzA0QzY2MkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+oXzMkfeFsw2/Qudp1f0dItB
pdsQr5EXXOkaQKyGvC0ERIigKyJv3jWYdcOrtfBG/R3qVYD6yWNquELsAijapO27
TAXw14Ca7zRgOTqmP9Lc+v6gHZEhjXqfNq4FGcJbNjzxqWtAedabjfMo+0a82JmL
cv0zr5+oKE0BsXLo7pciukDZr6lPeLiS8x/GjUDiYLmTue/vC44afYJL+jwhQWeH
D/wGgGRiBtgr2U0758smUaESeaEL+pHswJ2YjFeez0VBB3w2AJbT3TUUtKzwWemZ
YVDuzB5jlHAowIrScX1XNCukQRwhxeBw9zVFh9KWg84A0YVSZFzLrARLH3GbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUC3KgMsvabt7nzH22+Acmg3BMZiswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA2ODIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxTV
MA0GCSqGSIb3DQEBCwUAA4IBAQAayQrNuqs+0bWWz9ddPVICUBB+nvfxaUkYOiah
HMDmC0okUbxuL7Ancxf6ZTJy1a8N3MfCOCD3BHj87kd8+qgndVVcxUXbtTEJKBTy
3M2PPNC9fM/xRDtwIopTHt45OpX9omwdJnSrSznYnB294YYNQ2QZEEtB9bXBSYhZ
oQHxUZSRaTuV61KtH9IdoTmblDdjJScxyLNYOiCP9Ln+Wk5LngiEqe4lDUspl6XD
rxlsNR8ouIHq9mDn9IcY4k4KJ5BadheL2A8WRoRIUIuUurjXLHa1BHWRUD1VjpiA
+hqKQ57EC2OHe9ZXTvczvzxP038IO8XFM1zB075dcKjnjJVx
-----END CERTIFICATE-----