Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS216059.roa
File:                     AS216059.roa (raw, json)
Hash identifier:          yatxrp4Ie8VUk14XhmfC2rKrLIqMgD46iEZpXC7Pt8Y=
Subject key identifier:   61:FF:C3:58:9B:D1:33:7C:39:2A:B2:F8:33:34:4C:24:5D:14:6D:F4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5D412FB01A5281EE754980C052CD1B7AD27E37EA
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS216059.roa
Signing time:             Sun 13 Jul 2025 16:06:28 +0000
ROA not before:           Sun 13 Jul 2025 16:01:28 +0000
ROA not after:            Sun 12 Jul 2026 16:06:28 +0000
asID:                     216059
IP address blocks:        143.20.214.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:41:2f:b0:1a:52:81:ee:75:49:80:c0:52:cd:1b:7a:d2:7e:37:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 13 16:01:28 2025 GMT
            Not After : Jul 12 16:06:28 2026 GMT
        Subject: CN=61FFC3589BD1337C392AB2F833344C245D146DF4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:92:85:ed:2b:a9:15:5f:e3:df:4e:72:42:69:
                    f2:e0:65:18:e7:69:4d:06:71:c9:fa:5e:4c:5b:5f:
                    6d:33:1f:21:76:df:1b:c0:de:81:d2:d0:09:5c:6e:
                    41:a0:3a:b0:2f:dc:4c:a5:21:27:42:e5:48:fb:32:
                    ac:e0:8e:d8:0e:28:e0:e9:0f:cd:77:a8:86:9a:b9:
                    65:6e:8b:2f:e5:a8:58:47:82:5a:cd:44:88:b0:ef:
                    65:69:36:30:34:c6:b7:3d:42:bb:dd:71:fd:78:34:
                    9d:4f:4b:97:e2:17:42:e0:8e:52:42:46:ca:68:c2:
                    f9:db:c3:5e:02:73:76:ad:77:34:a7:5f:6c:39:cb:
                    99:6f:d9:27:fe:12:ec:6a:25:83:73:0f:57:fd:29:
                    2d:0b:5b:e5:1b:4b:2b:f1:52:2c:e8:d0:fa:cf:1c:
                    5e:49:8f:35:b0:96:f5:79:cc:6e:61:39:2e:cc:ea:
                    6e:d9:50:94:d9:b8:3b:cf:07:7b:7b:b5:fd:23:e0:
                    ca:91:62:60:2d:4d:1e:19:b3:5a:a8:60:d7:9d:48:
                    e1:0d:67:da:2a:bd:23:78:e6:a4:21:4f:5c:53:4b:
                    91:73:91:96:d6:fd:cc:2d:f3:9c:5b:bd:6a:e4:b4:
                    bf:72:e5:66:1f:e7:72:bb:07:18:12:d4:8a:ee:20:
                    ad:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:FF:C3:58:9B:D1:33:7C:39:2A:B2:F8:33:34:4C:24:5D:14:6D:F4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS216059.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:73:a3:85:31:61:99:b8:4b:de:69:81:4a:e3:5f:bf:e2:f2:
         c5:a1:59:c6:24:2b:86:e3:8f:fc:94:a6:f6:f8:ac:50:d0:dd:
         dd:51:36:89:c2:c3:aa:9d:36:8b:89:55:63:3b:87:8a:09:c7:
         bd:44:68:28:5a:b4:46:27:66:bb:45:3e:5f:4b:55:25:d0:d8:
         2f:67:44:d1:bc:6f:4e:b4:ad:28:7d:74:41:75:eb:d9:ba:15:
         fe:70:44:36:6a:87:a3:48:13:c1:ad:78:3c:83:1b:dc:4c:36:
         54:99:38:42:55:84:a8:46:55:56:2a:6b:02:45:ad:37:99:8d:
         68:79:34:fe:e6:92:16:3a:b4:40:70:ee:94:03:e3:58:e3:a9:
         bb:b0:89:25:8f:92:90:ce:dd:7c:6f:bf:39:c8:96:35:28:73:
         43:2a:cd:4c:b1:d4:03:18:94:65:79:79:d8:75:cb:4c:f5:2f:
         f6:96:68:d2:08:25:97:0a:78:41:e8:55:03:6d:c2:48:0f:b5:
         e5:9f:02:84:1a:17:00:54:ca:08:82:3f:56:a4:6a:ee:24:92:
         4a:aa:fa:a0:f9:ea:39:d6:4d:7e:c3:98:b9:1e:1f:4d:f4:71:
         82:af:ac:33:2d:be:06:0f:b6:99:85:35:42:60:88:6f:28:5f:
         c0:f8:80:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXUEvsBpSge51SYDAUs0betJ+N+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTMxNjAxMjhaFw0yNjA3MTIxNjA2MjhaMDMxMTAvBgNV
BAMTKDYxRkZDMzU4OUJEMTMzN0MzOTJBQjJGODMzMzQ0QzI0NUQxNDZERjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5koXtK6kVX+PfTnJCafLgZRjn
aU0Gccn6XkxbX20zHyF23xvA3oHS0AlcbkGgOrAv3EylISdC5Uj7MqzgjtgOKODp
D813qIaauWVuiy/lqFhHglrNRIiw72VpNjA0xrc9Qrvdcf14NJ1PS5fiF0LgjlJC
Rspowvnbw14Cc3atdzSnX2w5y5lv2Sf+EuxqJYNzD1f9KS0LW+UbSyvxUizo0PrP
HF5JjzWwlvV5zG5hOS7M6m7ZUJTZuDvPB3t7tf0j4MqRYmAtTR4Zs1qoYNedSOEN
Z9oqvSN45qQhT1xTS5FzkZbW/cwt85xbvWrktL9y5WYf53K7BxgS1IruIK1BAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYf/DWJvRM3w5KrL4MzRMJF0UbfQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE2MDU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjxTW
MA0GCSqGSIb3DQEBCwUAA4IBAQCwc6OFMWGZuEveaYFK41+/4vLFoVnGJCuG44/8
lKb2+KxQ0N3dUTaJwsOqnTaLiVVjO4eKCce9RGgoWrRGJ2a7RT5fS1Ul0NgvZ0TR
vG9OtK0ofXRBdevZuhX+cEQ2aoejSBPBrXg8gxvcTDZUmThCVYSoRlVWKmsCRa03
mY1oeTT+5pIWOrRAcO6UA+NY46m7sIklj5KQzt18b785yJY1KHNDKs1MsdQDGJRl
eXnYdctM9S/2lmjSCCWXCnhB6FUDbcJID7XlnwKEGhcAVMoIgj9WpGruJJJKqvqg
+eo51k1+w5i5Hh9N9HGCr6wzLb4GD7aZhTVCYIhvKF/A+IBN
-----END CERTIFICATE-----