Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213734.roa
File:                     AS213734.roa (raw, json)
Hash identifier:          EkWMKg6fhqmlCUxuETa/yqpIUjVA0GedhpIMuZ4yivs=
Subject key identifier:   EC:AC:EF:28:97:38:C5:7D:7F:84:D8:88:A5:BA:BE:D6:FF:15:AB:92
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       29BA1C29690B29981BD7FA6D238AC214C8908C32
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213734.roa
Signing time:             Mon 14 Jul 2025 08:25:35 +0000
ROA not before:           Mon 14 Jul 2025 08:20:35 +0000
ROA not after:            Mon 13 Jul 2026 08:25:35 +0000
asID:                     213734
IP address blocks:        143.20.179.0/24 maxlen: 24
                          143.20.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:ba:1c:29:69:0b:29:98:1b:d7:fa:6d:23:8a:c2:14:c8:90:8c:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 14 08:20:35 2025 GMT
            Not After : Jul 13 08:25:35 2026 GMT
        Subject: CN=ECACEF289738C57D7F84D888A5BABED6FF15AB92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:77:7c:39:67:90:b3:51:60:ea:7c:86:4e:33:
                    66:a6:90:e1:e4:2b:73:f4:9c:69:cf:57:c7:15:8d:
                    99:3c:2b:21:c4:1b:5d:96:db:45:e5:55:c3:e4:3e:
                    6e:4d:29:a0:6e:7b:d1:e6:67:e3:08:df:4c:cd:b0:
                    88:fe:00:0e:34:e9:20:eb:e6:5e:ef:8a:e2:63:22:
                    b5:00:b7:d3:7a:0a:19:d0:29:c0:d5:4e:16:66:bd:
                    98:f4:83:d3:d6:b8:21:6b:c6:47:b6:c0:99:87:c2:
                    b8:77:2e:08:ad:ea:d7:61:5d:59:d8:1f:33:0a:5e:
                    0b:68:c5:12:2d:ea:fe:20:bb:c0:d5:a3:0e:a8:f6:
                    e8:e3:b0:99:37:0f:a1:2d:e7:1a:e6:65:96:a4:31:
                    c8:cb:65:49:ce:d8:fe:0c:da:89:d5:27:72:6a:6d:
                    28:1d:49:30:66:05:1b:6e:99:b8:e6:45:31:a2:c6:
                    46:f6:fd:7a:b8:72:41:22:cb:49:7e:b3:09:a3:01:
                    5f:7f:b4:fc:ac:f3:12:39:1d:d1:ae:eb:fa:80:69:
                    cf:4a:f6:6b:af:64:a6:97:a4:a5:30:51:53:a4:01:
                    70:16:46:d6:f0:fa:c5:04:1f:b8:45:82:fb:86:16:
                    a4:6d:38:68:9c:b2:c8:5c:ae:8d:8b:7f:ca:8c:20:
                    4d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:AC:EF:28:97:38:C5:7D:7F:84:D8:88:A5:BA:BE:D6:FF:15:AB:92
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.179.0/24
                  143.20.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:18:35:e2:d5:40:25:2e:26:26:6e:2e:03:40:f7:12:92:08:
         6f:41:b6:83:e7:c8:28:80:c8:c3:2f:5e:44:3b:70:d5:6a:fe:
         a1:61:c5:db:28:db:c1:e1:06:bc:6e:f9:e1:2c:7a:6e:cb:6a:
         8f:7d:0b:67:01:11:82:df:7f:5b:3c:a3:1c:ad:aa:c0:fb:d7:
         a1:a5:ac:40:ce:5d:7c:61:bf:39:43:53:00:b1:dd:fc:c3:71:
         af:e1:27:32:50:e5:43:86:15:77:d0:04:19:91:97:b5:2a:74:
         ac:db:f5:37:62:51:f6:fd:bd:2a:db:99:08:32:b4:3c:07:af:
         db:31:41:22:70:b2:54:12:df:c0:20:0b:96:b8:0a:b0:a1:9d:
         ef:9f:93:b0:74:7e:61:50:de:35:33:aa:15:1b:0e:4e:b3:ff:
         2e:4a:8c:75:d7:ef:80:e2:70:e5:98:63:87:91:c0:70:03:7b:
         19:11:30:d4:1d:e8:2e:49:80:dc:d4:25:f3:36:30:de:2d:44:
         89:3b:2e:08:ba:23:4e:11:bf:a4:5e:49:d2:28:f4:98:3a:40:
         c3:70:74:11:ad:fb:9d:fa:40:7e:cd:38:5b:43:25:04:81:41:
         0e:2e:ef:ec:7d:fa:6d:5b:2f:ba:0d:17:10:96:19:ff:62:bd:
         2d:30:8a:77
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKbocKWkLKZgb1/ptI4rCFMiQjDIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTQwODIwMzVaFw0yNjA3MTMwODI1MzVaMDMxMTAvBgNV
BAMTKEVDQUNFRjI4OTczOEM1N0Q3Rjg0RDg4OEE1QkFCRUQ2RkYxNUFCOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRd3w5Z5CzUWDqfIZOM2amkOHk
K3P0nGnPV8cVjZk8KyHEG12W20XlVcPkPm5NKaBue9HmZ+MI30zNsIj+AA406SDr
5l7viuJjIrUAt9N6ChnQKcDVThZmvZj0g9PWuCFrxke2wJmHwrh3Lgit6tdhXVnY
HzMKXgtoxRIt6v4gu8DVow6o9ujjsJk3D6Et5xrmZZakMcjLZUnO2P4M2onVJ3Jq
bSgdSTBmBRtumbjmRTGixkb2/Xq4ckEiy0l+swmjAV9/tPys8xI5HdGu6/qAac9K
9muvZKaXpKUwUVOkAXAWRtbw+sUEH7hFgvuGFqRtOGicsshcro2Lf8qMIE3HAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU7KzvKJc4xX1/hNiIpbq+1v8Vq5IwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEzNzM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxSz
AwQAjxTdMA0GCSqGSIb3DQEBCwUAA4IBAQBZGDXi1UAlLiYmbi4DQPcSkghvQbaD
58gogMjDL15EO3DVav6hYcXbKNvB4Qa8bvnhLHpuy2qPfQtnARGC339bPKMcrarA
+9ehpaxAzl18Yb85Q1MAsd38w3Gv4ScyUOVDhhV30AQZkZe1KnSs2/U3YlH2/b0q
25kIMrQ8B6/bMUEicLJUEt/AIAuWuAqwoZ3vn5OwdH5hUN41M6oVGw5Os/8uSox1
1++A4nDlmGOHkcBwA3sZETDUHeguSYDc1CXzNjDeLUSJOy4IuiNOEb+kXknSKPSY
OkDDcHQRrfud+kB+zThbQyUEgUEOLu/sffptWy+6DRcQlhn/Yr0tMIp3
-----END CERTIFICATE-----