Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          aaigJ/zCHXq2dsscXa9PF9pkfe8JsjXcbPE/8Kc0bqs=
Subject key identifier:   5F:05:7A:8C:8A:E5:09:64:99:55:04:C1:96:0F:99:24:8F:AA:9C:7E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7C33BBF1B7224F0659E8E1AFBD4BAD7CAC3B7409
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS23470.roa
Signing time:             Thu 17 Jul 2025 06:47:54 +0000
ROA not before:           Thu 17 Jul 2025 06:42:54 +0000
ROA not after:            Thu 16 Jul 2026 06:47:54 +0000
asID:                     23470
IP address blocks:        143.20.156.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:33:bb:f1:b7:22:4f:06:59:e8:e1:af:bd:4b:ad:7c:ac:3b:74:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 17 06:42:54 2025 GMT
            Not After : Jul 16 06:47:54 2026 GMT
        Subject: CN=5F057A8C8AE50964995504C1960F99248FAA9C7E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c6:d3:79:f0:bd:9f:00:61:42:4d:74:12:57:
                    8b:08:9d:5a:b5:02:10:f5:7d:a1:33:f4:2f:4e:b3:
                    dc:55:ae:19:b5:58:8b:e5:ff:9b:a0:85:24:72:b3:
                    97:e5:fd:44:a8:8b:9a:dc:ad:db:08:07:d4:95:10:
                    bb:a2:16:33:5d:13:f5:82:34:61:03:25:11:6e:58:
                    b1:d2:49:7f:6f:68:cd:74:9a:01:ea:e8:e3:c5:9d:
                    bf:b6:e4:a6:15:81:4c:d6:79:83:e3:c7:cf:d0:b7:
                    9c:30:97:31:d7:26:dd:7e:ae:dd:6a:12:48:96:5b:
                    05:df:9a:b8:2d:ec:41:e9:12:76:d2:16:e0:b8:28:
                    82:c1:34:8b:5c:ae:cc:94:5c:08:89:cb:0d:db:b4:
                    24:70:54:6b:72:eb:b0:4a:d1:34:b5:61:35:54:52:
                    24:3a:40:9f:b9:8f:ea:f4:1e:86:17:1a:b7:08:4c:
                    3a:05:83:e9:46:5a:d1:a6:b3:23:13:1f:c9:4f:97:
                    29:cf:6e:25:d4:96:d2:bc:99:ff:31:2d:8b:73:b8:
                    e6:24:86:ef:a6:a4:04:0c:0c:ec:9f:e5:d1:c5:13:
                    c9:8a:47:5f:14:9a:9b:98:5f:7b:e1:79:ea:9a:c9:
                    be:82:bc:f2:58:00:4f:d9:61:42:78:90:08:98:14:
                    25:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:05:7A:8C:8A:E5:09:64:99:55:04:C1:96:0F:99:24:8F:AA:9C:7E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:28:75:ec:9d:65:b9:5e:df:0f:dc:07:b5:68:22:76:5c:12:
         bd:5d:37:f2:d0:cc:29:e7:6e:93:b8:1c:97:38:bf:2a:e2:9e:
         18:61:e4:9f:e0:58:21:34:fb:de:06:2a:af:38:ce:49:b3:c0:
         df:1d:76:36:81:94:b8:95:bc:e3:38:4e:64:ef:30:bd:12:7c:
         65:c2:66:c7:42:3b:90:1d:9c:ca:3f:28:ea:df:5e:be:8b:42:
         7c:84:7e:96:24:ca:e7:b4:8d:a1:f5:bb:d1:80:81:32:c0:10:
         8a:55:01:bc:46:15:60:00:42:61:19:c6:4f:99:c8:92:7a:79:
         8c:fd:3c:5c:c2:19:82:75:7f:07:a0:2e:fb:3a:e3:ae:40:80:
         55:dc:26:2d:16:fe:b9:9c:9e:2b:3a:1a:5a:c2:fc:09:3f:8c:
         0a:79:50:c9:9f:7c:27:85:da:3b:01:25:e1:56:3e:a2:15:03:
         38:3f:8a:a4:3c:c6:fe:50:e6:4f:44:06:b0:e4:7c:10:cf:00:
         16:d7:3d:8f:8e:17:08:06:93:47:be:1d:ea:2c:f7:a3:d9:44:
         f0:4f:19:cd:03:89:a0:5f:7d:4a:6c:49:27:cd:1a:78:65:5e:
         78:30:62:f1:d2:60:b1:7e:16:94:7c:00:e5:30:ae:5e:c2:ca:
         e7:25:b9:e9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfDO78bciTwZZ6OGvvUutfKw7dAkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTcwNjQyNTRaFw0yNjA3MTYwNjQ3NTRaMDMxMTAvBgNV
BAMTKDVGMDU3QThDOEFFNTA5NjQ5OTU1MDRDMTk2MEY5OTI0OEZBQTlDN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJxtN58L2fAGFCTXQSV4sInVq1
AhD1faEz9C9Os9xVrhm1WIvl/5ughSRys5fl/USoi5rcrdsIB9SVELuiFjNdE/WC
NGEDJRFuWLHSSX9vaM10mgHq6OPFnb+25KYVgUzWeYPjx8/Qt5wwlzHXJt1+rt1q
EkiWWwXfmrgt7EHpEnbSFuC4KILBNItcrsyUXAiJyw3btCRwVGty67BK0TS1YTVU
UiQ6QJ+5j+r0HoYXGrcITDoFg+lGWtGmsyMTH8lPlynPbiXUltK8mf8xLYtzuOYk
hu+mpAQMDOyf5dHFE8mKR18UmpuYX3vheeqayb6CvPJYAE/ZYUJ4kAiYFCXhAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUXwV6jIrlCWSZVQTBlg+ZJI+qnH4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGPFJww
DQYJKoZIhvcNAQELBQADggEBALoodeydZble3w/cB7VoInZcEr1dN/LQzCnnbpO4
HJc4vyrinhhh5J/gWCE0+94GKq84zkmzwN8ddjaBlLiVvOM4TmTvML0SfGXCZsdC
O5AdnMo/KOrfXr6LQnyEfpYkyue0jaH1u9GAgTLAEIpVAbxGFWAAQmEZxk+ZyJJ6
eYz9PFzCGYJ1fwegLvs6465AgFXcJi0W/rmcnis6GlrC/Ak/jAp5UMmffCeF2jsB
JeFWPqIVAzg/iqQ8xv5Q5k9EBrDkfBDPABbXPY+OFwgGk0e+Heos96PZRPBPGc0D
iaBffUpsSSfNGnhlXngwYvHSYLF+FpR8AOUwrl7Cyucluek=
-----END CERTIFICATE-----