Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213738.roa
File:                     AS213738.roa (raw, json)
Hash identifier:          aejoWtuufqHm47+L7A838emcW26LxdIlq0fsRdUm71Q=
Subject key identifier:   8A:2A:67:B8:2E:21:2E:0B:F9:8F:AD:65:CC:E5:1F:8A:BB:A3:2F:6B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       629BB8C0ABB57628A55C3225E536C0F0BB9A139F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213738.roa
Signing time:             Sat 12 Jul 2025 17:14:27 +0000
ROA not before:           Sat 12 Jul 2025 17:09:27 +0000
ROA not after:            Sat 11 Jul 2026 17:14:27 +0000
asID:                     213738
IP address blocks:        143.20.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:9b:b8:c0:ab:b5:76:28:a5:5c:32:25:e5:36:c0:f0:bb:9a:13:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 12 17:09:27 2025 GMT
            Not After : Jul 11 17:14:27 2026 GMT
        Subject: CN=8A2A67B82E212E0BF98FAD65CCE51F8ABBA32F6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:23:6c:9d:16:92:d7:9c:43:6e:b6:91:f1:70:
                    2b:a4:a7:8d:d0:d7:75:7b:dd:4a:de:9b:ee:ad:47:
                    05:cd:d3:a8:ec:6b:9b:49:5e:c6:fc:54:83:b9:e6:
                    03:d3:f8:cd:35:ce:f1:80:f8:5e:c3:f6:b5:c5:df:
                    ec:a2:f8:2f:29:a8:d6:61:89:7a:79:bf:f3:44:37:
                    1d:29:7d:c4:0d:58:17:81:8a:94:ed:96:a1:a9:7a:
                    8f:3e:65:17:71:ef:54:30:ba:7c:78:35:62:92:82:
                    68:45:f4:69:5f:1f:40:e7:60:13:55:f4:21:99:c1:
                    3f:a2:5e:d3:ca:99:37:08:6e:25:29:9c:04:bd:5c:
                    b1:0d:23:8e:9a:96:59:62:b1:6d:11:19:59:e6:16:
                    f0:2b:8e:99:08:a4:46:40:f8:2d:36:e4:25:e0:4b:
                    dd:50:9b:11:31:a6:86:42:7a:65:19:ba:93:54:a0:
                    15:f4:db:c2:80:ee:73:6c:3f:d0:09:7c:4b:a9:83:
                    1c:95:c2:13:21:2f:77:49:56:cb:5f:09:15:84:e2:
                    45:71:ef:92:3a:02:2a:69:35:62:83:dd:47:11:e8:
                    80:df:5d:7c:78:d7:01:38:6e:9e:3f:cb:af:6d:e5:
                    19:c9:44:fb:ba:3f:86:ca:25:d3:1a:2f:2f:41:b4:
                    57:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:2A:67:B8:2E:21:2E:0B:F9:8F:AD:65:CC:E5:1F:8A:BB:A3:2F:6B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:c6:be:27:de:ee:16:70:a9:78:88:be:d7:8b:a8:95:c3:d7:
         17:30:0f:3d:39:e1:34:9a:ff:e1:21:ff:c2:43:bf:49:ac:e0:
         49:9b:c9:8b:99:ea:e9:47:e6:8f:b1:29:77:dc:23:4e:61:b1:
         45:4a:07:02:0f:ed:07:40:8d:86:a1:3c:c2:f7:42:65:95:70:
         a9:73:95:7e:52:96:06:3d:c5:f7:6b:28:3e:b3:0d:eb:fd:39:
         b8:4d:4c:44:70:1f:90:d3:e5:20:92:2b:b8:1c:8f:79:cd:54:
         2a:3d:5d:aa:e5:98:11:43:b3:2b:e4:f0:3c:e6:81:fd:2b:bd:
         6b:31:f5:fc:a7:d0:c6:42:db:48:c4:77:9a:ce:e0:bc:c7:47:
         a7:a1:ee:fe:66:b5:a7:2e:d0:33:45:ae:4a:e4:cc:09:a7:fe:
         60:05:68:d4:16:c5:96:f6:d4:f9:1c:b3:ef:74:d0:60:ef:6b:
         a2:55:a0:a2:b1:f7:fb:86:f3:68:5f:d7:4e:ac:22:e0:db:6e:
         2d:1b:5c:49:85:d1:7e:11:1b:a9:1c:33:1b:11:4a:92:b8:dd:
         c4:a1:ba:8e:81:4d:f0:2a:81:1a:69:7b:44:13:bc:2c:e4:b0:
         87:74:84:eb:25:14:b4:6f:f2:44:89:84:2c:86:e1:9e:64:c4:
         ad:af:9a:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYpu4wKu1diilXDIl5TbA8LuaE58wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTIxNzA5MjdaFw0yNjA3MTExNzE0MjdaMDMxMTAvBgNV
BAMTKDhBMkE2N0I4MkUyMTJFMEJGOThGQUQ2NUNDRTUxRjhBQkJBMzJGNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4I2ydFpLXnENutpHxcCukp43Q
13V73Urem+6tRwXN06jsa5tJXsb8VIO55gPT+M01zvGA+F7D9rXF3+yi+C8pqNZh
iXp5v/NENx0pfcQNWBeBipTtlqGpeo8+ZRdx71Qwunx4NWKSgmhF9GlfH0DnYBNV
9CGZwT+iXtPKmTcIbiUpnAS9XLENI46alllisW0RGVnmFvArjpkIpEZA+C025CXg
S91QmxExpoZCemUZupNUoBX028KA7nNsP9AJfEupgxyVwhMhL3dJVstfCRWE4kVx
75I6AippNWKD3UcR6IDfXXx41wE4bp4/y69t5RnJRPu6P4bKJdMaLy9BtFdhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiipnuC4hLgv5j61lzOUfirujL2swHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEzNzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxT/
MA0GCSqGSIb3DQEBCwUAA4IBAQCnxr4n3u4WcKl4iL7Xi6iVw9cXMA89OeE0mv/h
If/CQ79JrOBJm8mLmerpR+aPsSl33CNOYbFFSgcCD+0HQI2GoTzC90JllXCpc5V+
UpYGPcX3ayg+sw3r/Tm4TUxEcB+Q0+Ugkiu4HI95zVQqPV2q5ZgRQ7Mr5PA85oH9
K71rMfX8p9DGQttIxHeazuC8x0enoe7+ZrWnLtAzRa5K5MwJp/5gBWjUFsWW9tT5
HLPvdNBg72uiVaCisff7hvNoX9dOrCLg224tG1xJhdF+ERupHDMbEUqSuN3EobqO
gU3wKoEaaXtEE7ws5LCHdITrJRS0b/JEiYQshuGeZMStr5on
-----END CERTIFICATE-----