Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa
File:                     AS207769.roa (raw, json)
Hash identifier:          L8HxMn0blibPBdYu6HA0VMVjksbqJHS76k8y5z7PqRw=
Subject key identifier:   0E:37:B1:34:E2:95:AB:35:8E:41:9C:93:5D:B7:DA:3F:54:16:6F:37
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1E1AD412308B16D750C678455CE68CFF72E19305
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa
Signing time:             Tue 01 Jul 2025 12:39:10 +0000
ROA not before:           Tue 01 Jul 2025 12:34:10 +0000
ROA not after:            Tue 30 Jun 2026 12:39:10 +0000
asID:                     207769
IP address blocks:        143.20.50.0/24 maxlen: 24
                          143.20.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:1a:d4:12:30:8b:16:d7:50:c6:78:45:5c:e6:8c:ff:72:e1:93:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul  1 12:34:10 2025 GMT
            Not After : Jun 30 12:39:10 2026 GMT
        Subject: CN=0E37B134E295AB358E419C935DB7DA3F54166F37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7a:36:35:a3:15:2e:30:12:6c:98:7e:ff:d3:
                    0f:27:49:47:7f:9d:6e:08:b4:f0:78:78:07:36:05:
                    61:7a:09:97:de:e7:f8:00:58:8f:09:11:8a:59:db:
                    e6:48:9f:99:d1:f4:8e:3e:dd:c9:d5:19:9e:c3:55:
                    93:d5:72:30:53:c3:1f:71:4f:00:1b:bf:e5:cf:c4:
                    ae:31:a2:b6:a6:6a:60:4f:2b:c4:d2:96:a4:e0:c2:
                    e3:7a:f8:2a:f3:db:34:24:0b:08:74:30:3e:3c:68:
                    6b:73:26:40:14:c2:03:02:97:df:ff:42:8f:6c:3e:
                    a8:2d:e4:c3:51:05:eb:78:e1:62:dd:71:51:bf:75:
                    f9:bf:fe:8a:e5:74:c3:24:30:2d:eb:a5:03:d7:73:
                    bf:d1:0c:85:8c:73:b2:b4:84:d2:a0:7e:f3:5c:38:
                    37:af:1d:47:4c:4d:6c:1c:71:7f:b7:25:ee:fe:89:
                    09:2d:ed:8b:ee:24:7b:17:a4:fa:ab:e8:d1:4b:f5:
                    1f:0b:7a:d3:11:3a:02:51:3d:50:eb:9a:46:eb:10:
                    7b:2c:fa:31:06:6b:27:88:f3:fb:d2:c3:19:96:8c:
                    1b:58:30:74:a3:5a:50:cc:14:8b:7d:ff:16:9b:68:
                    5d:70:d9:a9:7c:39:59:12:a7:88:4d:30:bd:7e:2c:
                    12:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:37:B1:34:E2:95:AB:35:8E:41:9C:93:5D:B7:DA:3F:54:16:6F:37
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.50.0/24
                  143.20.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:1a:0e:b8:26:9d:99:6e:09:f0:8f:5c:b2:c5:1d:93:13:79:
         81:cf:e6:85:42:6f:a4:97:99:ae:75:c7:c2:fd:81:d5:be:21:
         62:ea:78:20:7a:3d:74:f5:c6:da:f4:b4:ad:db:d4:02:f3:4f:
         7b:62:7c:e1:cb:81:4e:02:45:37:5f:78:02:8b:4a:58:4f:a2:
         4b:4d:95:a8:75:71:2e:62:57:85:17:6d:17:ef:18:db:1b:48:
         91:b4:ba:0a:8b:fd:1a:5a:d4:33:e0:b5:7c:0d:a4:5f:e6:f2:
         a2:7e:24:c1:16:fb:30:70:72:f3:bb:43:7a:29:58:d0:78:2d:
         d2:74:8a:5d:29:54:ba:20:d0:13:bd:93:82:4c:08:77:ab:5a:
         9e:16:1c:33:d3:15:ed:08:c1:54:b7:3c:3d:74:ca:19:80:05:
         67:e1:bc:60:e8:7b:0c:39:3d:03:a3:21:fd:0e:f8:62:54:46:
         ff:65:99:6e:5e:b5:b6:08:a3:43:62:ba:1e:e1:06:bd:24:3c:
         35:d5:20:86:0b:fa:1c:4a:6c:13:0b:57:16:4e:91:eb:58:5f:
         c4:b6:d8:30:19:cf:a5:c3:4f:24:47:76:d6:18:f1:5d:6d:8a:
         2e:bd:cc:f8:99:be:ec:13:8c:42:7c:cd:12:bb:1a:af:29:da:
         b6:2f:be:ef
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUHhrUEjCLFtdQxnhFXOaM/3LhkwUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MDExMjM0MTBaFw0yNjA2MzAxMjM5MTBaMDMxMTAvBgNV
BAMTKDBFMzdCMTM0RTI5NUFCMzU4RTQxOUM5MzVEQjdEQTNGNTQxNjZGMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKejY1oxUuMBJsmH7/0w8nSUd/
nW4ItPB4eAc2BWF6CZfe5/gAWI8JEYpZ2+ZIn5nR9I4+3cnVGZ7DVZPVcjBTwx9x
TwAbv+XPxK4xoramamBPK8TSlqTgwuN6+Crz2zQkCwh0MD48aGtzJkAUwgMCl9//
Qo9sPqgt5MNRBet44WLdcVG/dfm//orldMMkMC3rpQPXc7/RDIWMc7K0hNKgfvNc
ODevHUdMTWwccX+3Je7+iQkt7YvuJHsXpPqr6NFL9R8LetMROgJRPVDrmkbrEHss
+jEGayeI8/vSwxmWjBtYMHSjWlDMFIt9/xabaF1w2al8OVkSp4hNML1+LBLrAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUDjexNOKVqzWOQZyTXbfaP1QWbzcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3NzY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQy
AwQAjxRkMA0GCSqGSIb3DQEBCwUAA4IBAQAQGg64Jp2Zbgnwj1yyxR2TE3mBz+aF
Qm+kl5mudcfC/YHVviFi6nggej109cba9LSt29QC8097Ynzhy4FOAkU3X3gCi0pY
T6JLTZWodXEuYleFF20X7xjbG0iRtLoKi/0aWtQz4LV8DaRf5vKifiTBFvswcHLz
u0N6KVjQeC3SdIpdKVS6INATvZOCTAh3q1qeFhwz0xXtCMFUtzw9dMoZgAVn4bxg
6HsMOT0DoyH9DvhiVEb/ZZluXrW2CKNDYroe4Qa9JDw11SCGC/ocSmwTC1cWTpHr
WF/EttgwGc+lw08kR3bWGPFdbYouvcz4mb7sE4xCfM0SuxqvKdq2L77v
-----END CERTIFICATE-----