Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS265919.roa
File:                     AS265919.roa (raw, json)
Hash identifier:          RtPeXS6qikL+Mgzl7dxrQRPx/4wjpuSKJ//aqjLgUBk=
Subject key identifier:   82:15:30:45:37:0E:7F:89:72:62:CC:D4:CD:55:8B:00:D9:56:47:12
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       056E009E2CDCB0119FD7F977EDBAD841F240C6F3
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS265919.roa
Signing time:             Thu 10 Jul 2025 14:31:50 +0000
ROA not before:           Thu 10 Jul 2025 14:26:50 +0000
ROA not after:            Thu 09 Jul 2026 14:31:50 +0000
asID:                     265919
IP address blocks:        143.20.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:6e:00:9e:2c:dc:b0:11:9f:d7:f9:77:ed:ba:d8:41:f2:40:c6:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 10 14:26:50 2025 GMT
            Not After : Jul  9 14:31:50 2026 GMT
        Subject: CN=82153045370E7F897262CCD4CD558B00D9564712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:95:88:66:6b:68:b5:29:97:4b:6a:59:e9:04:
                    49:5d:32:76:ee:37:36:62:8d:b5:46:69:fb:cf:ba:
                    9c:eb:f9:e5:02:92:99:bc:19:35:c2:3c:d3:f5:10:
                    c1:6f:c9:12:80:9b:d5:47:b5:79:34:bb:e7:e0:59:
                    7f:24:6a:c7:92:3f:eb:e8:27:63:8a:2a:6b:f8:9f:
                    df:ed:1b:6d:f5:c2:63:86:85:40:39:02:ba:cc:86:
                    1f:66:98:ac:30:af:71:a5:fc:82:44:57:2e:05:b4:
                    ff:cf:ed:79:7d:84:f1:4a:f2:80:d4:d9:5d:4c:34:
                    b0:b5:75:37:0d:00:15:d3:7c:26:fb:32:fa:dd:74:
                    3c:80:e8:c8:00:93:5a:4d:ac:17:44:72:79:a9:64:
                    a0:96:c2:dc:7e:8e:ae:71:58:6b:02:d4:15:62:00:
                    ee:46:86:87:b4:74:ca:7f:0e:fb:08:b1:de:27:df:
                    9c:33:8e:22:eb:e7:33:e6:bf:b0:93:23:76:d5:74:
                    8f:11:63:c4:07:7c:86:7b:7d:fd:77:1d:c7:12:e9:
                    29:09:42:5f:25:1a:82:98:ec:fe:6c:4a:39:a6:22:
                    77:69:d5:df:08:73:9e:1a:43:76:9d:18:64:f5:3c:
                    b1:ec:64:95:82:d1:53:1b:0b:b9:27:e7:67:7e:4d:
                    4a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:15:30:45:37:0E:7F:89:72:62:CC:D4:CD:55:8B:00:D9:56:47:12
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS265919.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:ef:08:74:5e:c6:10:b2:ae:90:c0:a7:c2:16:41:c0:b3:de:
         db:96:cd:84:5a:62:31:73:a0:c1:8b:9e:e7:15:f6:fc:66:df:
         0c:3e:19:56:b4:25:16:13:f1:00:36:55:5d:8b:40:2e:99:56:
         2d:2a:bf:bc:ae:24:b1:09:15:3e:51:73:24:b4:a4:97:b9:d1:
         2d:83:88:82:79:79:db:2e:6b:73:da:ad:d7:1b:8a:ae:d2:4f:
         f4:ab:a5:86:8b:e0:3a:3e:b7:33:60:f5:a8:5d:f7:4b:73:fa:
         20:7f:ee:07:34:09:3c:ee:e7:6c:98:15:76:a5:12:70:31:9f:
         5b:49:be:bf:5c:b8:98:66:b2:00:2c:ba:2c:17:a6:fc:88:59:
         9a:b6:82:0a:eb:1e:db:7a:50:9f:52:c9:f3:93:f8:3b:21:16:
         5d:fb:e9:0a:2b:34:34:55:2d:fb:35:a0:86:ec:cd:b6:da:82:
         bd:99:91:3a:8e:8d:dd:6e:7f:a7:b5:0c:34:71:94:3a:c9:74:
         cf:6d:2a:ea:80:86:c9:e0:fb:b0:30:b2:74:a1:11:e4:74:e8:
         2e:3d:fa:15:5f:8a:73:da:17:1a:71:fe:07:3e:82:4d:39:0f:
         cb:cb:cf:66:35:d6:8d:4b:7d:d7:0f:bc:14:53:1f:c4:41:59:
         af:bd:81:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBW4AnizcsBGf1/l37brYQfJAxvMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTAxNDI2NTBaFw0yNjA3MDkxNDMxNTBaMDMxMTAvBgNV
BAMTKDgyMTUzMDQ1MzcwRTdGODk3MjYyQ0NENENENTU4QjAwRDk1NjQ3MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNlYhma2i1KZdLalnpBEldMnbu
NzZijbVGafvPupzr+eUCkpm8GTXCPNP1EMFvyRKAm9VHtXk0u+fgWX8kaseSP+vo
J2OKKmv4n9/tG231wmOGhUA5ArrMhh9mmKwwr3Gl/IJEVy4FtP/P7Xl9hPFK8oDU
2V1MNLC1dTcNABXTfCb7MvrddDyA6MgAk1pNrBdEcnmpZKCWwtx+jq5xWGsC1BVi
AO5Ghoe0dMp/DvsIsd4n35wzjiLr5zPmv7CTI3bVdI8RY8QHfIZ7ff13HccS6SkJ
Ql8lGoKY7P5sSjmmIndp1d8Ic54aQ3adGGT1PLHsZJWC0VMbC7kn52d+TUphAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUghUwRTcOf4lyYszUzVWLANlWRxIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjY1OTE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQA
MA0GCSqGSIb3DQEBCwUAA4IBAQBj7wh0XsYQsq6QwKfCFkHAs97bls2EWmIxc6DB
i57nFfb8Zt8MPhlWtCUWE/EANlVdi0AumVYtKr+8riSxCRU+UXMktKSXudEtg4iC
eXnbLmtz2q3XG4qu0k/0q6WGi+A6PrczYPWoXfdLc/ogf+4HNAk87udsmBV2pRJw
MZ9bSb6/XLiYZrIALLosF6b8iFmatoIK6x7belCfUsnzk/g7IRZd++kKKzQ0VS37
NaCG7M222oK9mZE6jo3dbn+ntQw0cZQ6yXTPbSrqgIbJ4PuwMLJ0oRHkdOguPfoV
X4pz2hcacf4HPoJNOQ/Ly89mNdaNS33XD7wUUx/EQVmvvYFO
-----END CERTIFICATE-----