Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208063.roa
File:                     AS208063.roa (raw, json)
Hash identifier:          nwQKhA0LRUCuiSB3XUOpAiZTszXk00Qkv+B7UMFTBdI=
Subject key identifier:   A8:77:F8:69:54:A4:E2:DE:D3:6B:BD:CD:8A:1E:D0:EB:E3:A4:ED:47
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7E8FD81E0E1DE4BAF6C0AD177F7C40F211146866
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208063.roa
Signing time:             Sun 20 Jul 2025 02:52:52 +0000
ROA not before:           Sun 20 Jul 2025 02:47:52 +0000
ROA not after:            Sun 19 Jul 2026 02:52:52 +0000
asID:                     208063
IP address blocks:        143.20.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:8f:d8:1e:0e:1d:e4:ba:f6:c0:ad:17:7f:7c:40:f2:11:14:68:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 20 02:47:52 2025 GMT
            Not After : Jul 19 02:52:52 2026 GMT
        Subject: CN=A877F86954A4E2DED36BBDCD8A1ED0EBE3A4ED47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:86:9c:ae:4b:8d:be:e1:c9:e9:f1:a4:c0:8d:
                    df:17:c6:d1:32:54:43:6a:ad:3f:31:73:9e:52:35:
                    c7:ca:cf:d4:3e:5d:68:07:52:ab:2e:de:1a:d4:da:
                    8e:05:86:d7:7f:36:c4:e4:ee:a1:92:bb:50:6d:e4:
                    4d:e7:49:4e:21:b4:41:1f:6e:c2:c4:6c:6e:cb:9a:
                    be:0d:c9:db:63:18:d9:42:8e:7f:96:22:d6:ee:1c:
                    de:0b:22:42:4f:1e:96:fe:3f:2e:55:05:67:7b:a9:
                    0a:dd:b8:bd:14:0c:a0:fb:95:08:3b:5f:5a:af:6b:
                    a0:05:75:66:3d:75:b4:15:03:f7:f4:10:22:f9:a7:
                    af:d8:36:b2:d2:89:93:32:c0:34:1e:98:20:1a:f3:
                    68:22:9b:87:4b:43:46:3e:90:57:e8:8b:3a:b9:c3:
                    47:97:2f:b2:71:5a:93:48:f3:4e:d8:28:7e:36:81:
                    3d:16:35:67:ae:f0:ba:6d:da:ab:25:09:bf:91:3d:
                    89:85:7d:7d:31:9e:8e:de:09:bf:12:f8:fd:68:df:
                    22:e0:89:a3:62:42:47:d5:08:e9:2e:8a:4b:8f:b6:
                    4a:ad:88:cd:d1:01:44:63:8c:8f:e9:5a:99:6a:c8:
                    e5:5e:4c:be:92:5a:bb:f9:5d:46:63:ca:cd:53:2f:
                    a9:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:77:F8:69:54:A4:E2:DE:D3:6B:BD:CD:8A:1E:D0:EB:E3:A4:ED:47
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208063.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:93:ff:6f:16:2c:07:8a:df:9e:a9:1c:16:96:45:75:a9:c1:
         bb:4b:a4:74:09:83:c0:14:70:2b:96:2d:af:8f:8d:49:ad:95:
         41:ab:3a:4c:6d:4e:2d:d4:49:a1:1a:e6:eb:d1:ab:86:2c:73:
         e8:17:cb:3b:9f:55:5d:75:ec:d0:2b:1c:e7:66:bd:a0:91:a8:
         0a:e7:10:b6:4a:19:38:aa:13:9f:69:18:37:fa:e1:a6:3b:0c:
         bc:a1:0b:1b:22:d4:56:c1:3f:f3:a3:58:48:d4:19:46:cf:da:
         73:fc:3e:ec:08:e2:f6:01:e7:9e:d1:89:40:19:8c:61:9c:63:
         ec:47:57:6c:34:d3:f3:6a:14:ec:3a:ed:24:7c:b7:d3:0f:90:
         3a:8e:c9:34:d3:6b:e3:1f:0f:d9:1c:a1:b1:bf:f1:e8:3f:f2:
         00:84:69:53:14:35:9f:fe:f4:a3:e1:b4:52:22:cc:e6:d5:e7:
         e9:38:26:4c:79:5e:9e:aa:98:fe:c0:41:0b:fd:44:b4:d5:bb:
         03:81:87:1b:36:0a:0d:9e:4f:06:f6:b2:1b:20:7a:bf:9b:81:
         34:7a:35:66:9d:09:29:c4:84:e3:0f:83:b3:d4:35:fb:bd:2e:
         15:9a:cb:95:33:1e:27:a2:da:a6:05:29:22:6a:90:e2:40:4b:
         83:75:91:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfo/YHg4d5Lr2wK0Xf3xA8hEUaGYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjAwMjQ3NTJaFw0yNjA3MTkwMjUyNTJaMDMxMTAvBgNV
BAMTKEE4NzdGODY5NTRBNEUyREVEMzZCQkRDRDhBMUVEMEVCRTNBNEVENDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJhpyuS42+4cnp8aTAjd8XxtEy
VENqrT8xc55SNcfKz9Q+XWgHUqsu3hrU2o4Fhtd/NsTk7qGSu1Bt5E3nSU4htEEf
bsLEbG7Lmr4NydtjGNlCjn+WItbuHN4LIkJPHpb+Py5VBWd7qQrduL0UDKD7lQg7
X1qva6AFdWY9dbQVA/f0ECL5p6/YNrLSiZMywDQemCAa82gim4dLQ0Y+kFfoizq5
w0eXL7JxWpNI807YKH42gT0WNWeu8Lpt2qslCb+RPYmFfX0xno7eCb8S+P1o3yLg
iaNiQkfVCOkuikuPtkqtiM3RAURjjI/pWplqyOVeTL6SWrv5XUZjys1TL6mpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqHf4aVSk4t7Ta73Nih7Q6+Ok7UcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA4MDYzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRn
MA0GCSqGSIb3DQEBCwUAA4IBAQCak/9vFiwHit+eqRwWlkV1qcG7S6R0CYPAFHAr
li2vj41JrZVBqzpMbU4t1EmhGubr0auGLHPoF8s7n1VddezQKxznZr2gkagK5xC2
Shk4qhOfaRg3+uGmOwy8oQsbItRWwT/zo1hI1BlGz9pz/D7sCOL2Aeee0YlAGYxh
nGPsR1dsNNPzahTsOu0kfLfTD5A6jsk002vjHw/ZHKGxv/HoP/IAhGlTFDWf/vSj
4bRSIszm1efpOCZMeV6eqpj+wEEL/US01bsDgYcbNgoNnk8G9rIbIHq/m4E0ejVm
nQkpxITjD4Oz1DX7vS4VmsuVMx4notqmBSkiapDiQEuDdZEQ
-----END CERTIFICATE-----