Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214402.roa
File:                     AS214402.roa (raw, json)
Hash identifier:          WVY3ychtceFgqYTIV9C1c3l71haAXfhF4GKcS/jqOaI=
Subject key identifier:   7F:CA:C4:3C:5E:84:69:E6:AB:14:0F:93:E1:58:07:9E:D3:26:FA:00
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       36715837D6CC9A11DC806FC48E53D167C0FF4992
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214402.roa
Signing time:             Mon 21 Jul 2025 11:26:39 +0000
ROA not before:           Mon 21 Jul 2025 11:21:39 +0000
ROA not after:            Mon 20 Jul 2026 11:26:39 +0000
asID:                     214402
IP address blocks:        143.20.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:71:58:37:d6:cc:9a:11:dc:80:6f:c4:8e:53:d1:67:c0:ff:49:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 21 11:21:39 2025 GMT
            Not After : Jul 20 11:26:39 2026 GMT
        Subject: CN=7FCAC43C5E8469E6AB140F93E158079ED326FA00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ff:99:b1:7a:bc:85:56:28:41:c4:5a:73:b3:
                    72:a3:ec:60:af:45:2f:08:5d:4f:94:cf:93:8d:ee:
                    96:85:1d:8c:c5:2a:a8:67:0f:c6:0d:3a:44:e3:c2:
                    0e:df:ee:b4:0a:0b:27:12:35:1c:83:2f:7f:85:71:
                    f0:f4:b3:bc:aa:28:44:85:c8:83:2d:7a:44:92:2b:
                    d7:4f:11:b7:26:ff:cc:5c:17:b5:1c:cf:b6:43:14:
                    70:20:0c:4e:a1:5c:88:1e:a9:67:cd:0a:26:55:7f:
                    a2:9c:19:f6:e2:fe:75:7b:44:b6:70:d7:c2:34:ee:
                    5b:3f:82:90:71:2e:67:c0:b3:c6:3f:b1:df:80:49:
                    f5:1d:c7:04:73:99:a0:aa:1a:3e:52:ae:b4:36:20:
                    e9:5e:ff:f1:21:83:af:1a:09:00:3b:64:02:bf:7a:
                    f1:5a:25:35:c6:cb:98:55:01:0f:ac:74:53:83:25:
                    22:39:43:e2:e9:12:9c:0c:03:e6:5d:4c:e1:a1:b8:
                    ba:ec:e1:f3:2a:58:94:6f:2b:c4:1e:ea:99:e0:9c:
                    a7:bd:d5:da:5a:ab:09:80:be:35:d7:c3:af:b9:c7:
                    97:f4:bc:39:f1:9a:d3:cb:14:2b:10:5c:05:34:d5:
                    9f:40:1c:cb:63:16:4f:0c:87:fa:d6:5a:86:e7:ca:
                    a6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:CA:C4:3C:5E:84:69:E6:AB:14:0F:93:E1:58:07:9E:D3:26:FA:00
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:45:d4:bc:c9:1e:5e:27:4c:d0:dc:68:08:5b:67:81:8e:d7:
         e1:fc:56:f7:9a:9d:33:b9:ef:ca:f0:86:1d:6f:d1:54:d8:ae:
         f9:e6:4d:29:59:54:ec:5d:e7:d4:25:ec:da:66:fe:04:7f:c2:
         7c:3f:0b:fb:93:d8:68:ba:a4:98:48:94:af:27:08:e8:50:32:
         57:46:8c:f4:75:24:9d:e7:9c:aa:53:05:fe:cc:b9:96:5c:59:
         2e:3a:23:c7:ce:88:99:43:55:30:9e:1f:c4:fe:a5:b4:a1:d8:
         43:1d:ec:a3:38:63:2a:61:70:ee:8b:98:f1:58:41:ad:e4:1d:
         d4:5e:b9:3b:0d:23:a3:5a:63:b2:2a:94:fe:ff:9d:5b:45:fc:
         26:01:dd:33:76:db:a9:95:b3:d4:8e:a4:51:de:e7:0d:4b:11:
         b2:30:86:8c:bc:0b:ed:0d:29:d2:bb:ef:b1:df:33:56:5d:91:
         68:67:b9:49:62:5c:ab:32:29:1c:99:9a:5e:05:f3:d8:d7:0c:
         9c:40:7c:46:64:c8:0b:c4:90:2a:5d:e2:59:c8:4a:bf:b9:ad:
         4a:9d:16:73:19:46:c5:61:da:65:bc:20:e2:0e:59:b7:4f:65:
         55:bd:c9:e3:fa:23:50:81:c1:07:f7:6c:a5:22:81:43:e2:7e:
         fc:f9:19:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNnFYN9bMmhHcgG/EjlPRZ8D/SZIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjExMTIxMzlaFw0yNjA3MjAxMTI2MzlaMDMxMTAvBgNV
BAMTKDdGQ0FDNDNDNUU4NDY5RTZBQjE0MEY5M0UxNTgwNzlFRDMyNkZBMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq/5mxeryFVihBxFpzs3Kj7GCv
RS8IXU+Uz5ON7paFHYzFKqhnD8YNOkTjwg7f7rQKCycSNRyDL3+FcfD0s7yqKESF
yIMtekSSK9dPEbcm/8xcF7Ucz7ZDFHAgDE6hXIgeqWfNCiZVf6KcGfbi/nV7RLZw
18I07ls/gpBxLmfAs8Y/sd+ASfUdxwRzmaCqGj5SrrQ2IOle//Ehg68aCQA7ZAK/
evFaJTXGy5hVAQ+sdFODJSI5Q+LpEpwMA+ZdTOGhuLrs4fMqWJRvK8Qe6pngnKe9
1dpaqwmAvjXXw6+5x5f0vDnxmtPLFCsQXAU01Z9AHMtjFk8Mh/rWWobnyqb1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUf8rEPF6EaearFA+T4VgHntMm+gAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQV
MA0GCSqGSIb3DQEBCwUAA4IBAQCkRdS8yR5eJ0zQ3GgIW2eBjtfh/Fb3mp0zue/K
8IYdb9FU2K755k0pWVTsXefUJezaZv4Ef8J8Pwv7k9houqSYSJSvJwjoUDJXRoz0
dSSd55yqUwX+zLmWXFkuOiPHzoiZQ1Uwnh/E/qW0odhDHeyjOGMqYXDui5jxWEGt
5B3UXrk7DSOjWmOyKpT+/51bRfwmAd0zdtuplbPUjqRR3ucNSxGyMIaMvAvtDSnS
u++x3zNWXZFoZ7lJYlyrMikcmZpeBfPY1wycQHxGZMgLxJAqXeJZyEq/ua1KnRZz
GUbFYdplvCDiDlm3T2VVvcnj+iNQgcEH92ylIoFD4n78+RlP
-----END CERTIFICATE-----