Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213124.roa
File:                     AS213124.roa (raw, json)
Hash identifier:          nmHDIRE1cY8lhqXDL05MuRafFEt9FUuwIq5xD1N75WQ=
Subject key identifier:   53:3E:0F:E0:21:70:C6:D6:E9:5E:B5:7B:5F:A0:AE:65:F2:51:85:F9
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       72652FEB870F9B4419AADB846F9F90A74CEC50E3
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213124.roa
Signing time:             Wed 16 Jul 2025 10:49:10 +0000
ROA not before:           Wed 16 Jul 2025 10:44:10 +0000
ROA not after:            Wed 15 Jul 2026 10:49:10 +0000
asID:                     213124
IP address blocks:        143.20.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:65:2f:eb:87:0f:9b:44:19:aa:db:84:6f:9f:90:a7:4c:ec:50:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 16 10:44:10 2025 GMT
            Not After : Jul 15 10:49:10 2026 GMT
        Subject: CN=533E0FE02170C6D6E95EB57B5FA0AE65F25185F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b2:d3:88:04:b0:ff:1a:3e:61:db:28:cc:bb:
                    85:ef:7e:d1:b4:a6:37:43:92:5b:1c:93:76:e9:92:
                    2b:bc:37:91:c1:18:b6:a3:69:d4:9c:a3:ee:97:09:
                    90:26:d6:d3:21:f1:c1:ed:40:d6:ec:a8:29:0d:f0:
                    d8:42:81:d7:13:f6:de:bd:c5:4b:88:7b:6f:ad:9d:
                    ef:ab:31:ce:4c:88:34:d8:17:6e:fc:b7:4f:cf:ee:
                    45:3c:54:80:6a:8b:fa:fb:99:23:c0:bb:25:db:33:
                    76:bf:f8:d3:08:22:d9:3b:26:0f:cc:c0:c3:d5:3a:
                    de:b1:bb:aa:a7:34:76:8a:66:ec:25:90:a0:d0:32:
                    dd:3f:89:9f:42:d1:d7:d5:2b:17:14:65:7b:46:4b:
                    45:86:c0:f9:8b:f6:bd:f3:ee:55:d6:1b:f4:86:44:
                    5d:11:af:08:19:07:ba:84:b0:7a:32:27:35:cf:76:
                    40:85:a1:eb:e9:76:06:85:cf:dc:2e:09:18:a2:ed:
                    a7:96:db:af:52:30:b1:d8:4f:aa:f7:d8:d4:90:9e:
                    b5:c6:b3:b8:0f:f0:dc:c8:91:b1:21:f8:46:f0:bf:
                    97:d0:30:f9:c9:c9:0e:39:cb:11:ac:15:04:84:ef:
                    66:bd:f6:c0:51:7d:21:f6:b8:65:b4:39:d8:fc:5f:
                    5f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:3E:0F:E0:21:70:C6:D6:E9:5E:B5:7B:5F:A0:AE:65:F2:51:85:F9
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213124.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:3e:7c:f5:92:03:0c:39:6b:88:70:67:09:01:bc:ef:ef:3e:
         71:b2:e8:3f:54:9e:3d:38:9f:84:61:6a:ec:8c:9f:8a:43:73:
         68:10:3f:88:1e:2f:79:2f:c3:ae:af:d6:4e:d8:98:70:f5:48:
         5e:c0:4b:c0:37:67:fc:c9:25:f0:35:f6:6c:15:e1:ac:c4:66:
         97:b9:e7:56:94:44:e3:3e:89:d4:31:3d:06:c5:ec:d6:15:73:
         64:b8:fa:5f:79:91:12:23:af:32:d4:fb:d7:9d:89:de:18:e6:
         04:87:d4:7b:68:00:7f:22:af:6c:be:23:64:3e:7e:11:68:97:
         ce:e0:d7:a2:94:e6:c7:62:f6:7d:67:16:68:82:3c:91:82:71:
         0b:b7:18:08:be:0f:f2:22:e6:18:37:17:11:64:81:8e:8c:45:
         57:2e:27:03:7f:cb:a9:e8:5e:32:6f:39:b3:ff:2e:3c:9a:b2:
         63:db:49:3c:2a:d5:db:24:83:3c:8e:99:32:62:5d:58:76:96:
         ef:2c:eb:f8:44:0c:47:4f:12:cb:ef:04:4e:af:a4:a2:07:e0:
         46:4b:d7:04:c1:b2:0e:ca:b9:90:97:7a:83:2d:bb:c2:0b:4f:
         ba:88:83:32:b9:55:98:30:ba:84:4b:12:49:45:32:56:00:fd:
         50:40:1d:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcmUv64cPm0QZqtuEb5+Qp0zsUOMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTYxMDQ0MTBaFw0yNjA3MTUxMDQ5MTBaMDMxMTAvBgNV
BAMTKDUzM0UwRkUwMjE3MEM2RDZFOTVFQjU3QjVGQTBBRTY1RjI1MTg1RjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCistOIBLD/Gj5h2yjMu4XvftG0
pjdDklsck3bpkiu8N5HBGLajadSco+6XCZAm1tMh8cHtQNbsqCkN8NhCgdcT9t69
xUuIe2+tne+rMc5MiDTYF278t0/P7kU8VIBqi/r7mSPAuyXbM3a/+NMIItk7Jg/M
wMPVOt6xu6qnNHaKZuwlkKDQMt0/iZ9C0dfVKxcUZXtGS0WGwPmL9r3z7lXWG/SG
RF0RrwgZB7qEsHoyJzXPdkCFoevpdgaFz9wuCRii7aeW269SMLHYT6r32NSQnrXG
s7gP8NzIkbEh+Ebwv5fQMPnJyQ45yxGsFQSE72a99sBRfSH2uGW0Odj8X197AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUz4P4CFwxtbpXrV7X6CuZfJRhfkwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEzMTI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSR
MA0GCSqGSIb3DQEBCwUAA4IBAQBmPnz1kgMMOWuIcGcJAbzv7z5xsug/VJ49OJ+E
YWrsjJ+KQ3NoED+IHi95L8Our9ZO2Jhw9UhewEvAN2f8ySXwNfZsFeGsxGaXuedW
lETjPonUMT0GxezWFXNkuPpfeZESI68y1PvXnYneGOYEh9R7aAB/Iq9sviNkPn4R
aJfO4NeilObHYvZ9ZxZogjyRgnELtxgIvg/yIuYYNxcRZIGOjEVXLicDf8up6F4y
bzmz/y48mrJj20k8KtXbJIM8jpkyYl1YdpbvLOv4RAxHTxLL7wROr6SiB+BGS9cE
wbIOyrmQl3qDLbvCC0+6iIMyuVWYMLqESxJJRTJWAP1QQB0c
-----END CERTIFICATE-----