Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS329007.roa
File:                     AS329007.roa (raw, json)
Hash identifier:          f6REFRwUjm4BspP23fhUJFmYr0hNlLsNfSG72Dx9MU4=
Subject key identifier:   C9:71:95:30:13:E2:36:52:DA:26:6E:19:3B:43:38:5E:AF:92:B1:27
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       217C5F7A0FA2308FA3E4ECFE1D259610AFFD2481
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS329007.roa
Signing time:             Fri 18 Jul 2025 16:27:27 +0000
ROA not before:           Fri 18 Jul 2025 16:22:27 +0000
ROA not after:            Fri 17 Jul 2026 16:27:27 +0000
asID:                     329007
IP address blocks:        143.20.10.0/24 maxlen: 24
                          143.20.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 13:31:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:7c:5f:7a:0f:a2:30:8f:a3:e4:ec:fe:1d:25:96:10:af:fd:24:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 18 16:22:27 2025 GMT
            Not After : Jul 17 16:27:27 2026 GMT
        Subject: CN=C971953013E23652DA266E193B43385EAF92B127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:74:6d:f1:c9:5e:2d:80:22:ae:ff:24:1c:7d:
                    65:fb:ed:47:b6:7d:97:98:30:e7:16:3b:30:eb:f1:
                    b2:b6:7f:54:6e:2e:68:95:2c:27:ba:02:8b:27:f0:
                    46:5b:25:bc:3e:5a:3d:c3:08:db:c0:3c:c8:11:ca:
                    bc:13:b1:88:9a:c7:98:87:85:8f:57:9c:e3:d3:4b:
                    2f:c9:0f:88:ec:6e:e1:a1:64:fb:ff:e0:41:dd:74:
                    8b:22:05:88:11:ae:af:0f:7f:74:bd:62:bf:3c:9d:
                    d0:3b:79:8a:66:81:b2:78:e2:e5:1e:59:80:a4:d8:
                    17:3a:c8:9b:1b:85:85:e3:2c:24:33:05:aa:94:75:
                    e5:57:14:98:e2:29:39:97:68:39:6b:e5:1d:7a:26:
                    19:e3:48:ad:b6:61:72:2f:89:20:87:36:3f:9f:52:
                    4e:86:3c:ba:4b:59:a9:29:5b:14:9d:7f:06:b4:42:
                    ce:41:20:47:2f:61:71:f2:d0:72:f4:9a:21:89:39:
                    f8:5a:27:e0:20:8c:a7:3f:c4:39:c0:b3:42:f4:24:
                    85:8c:b4:b5:08:41:65:99:2f:87:52:28:d1:93:33:
                    96:63:0b:32:1f:42:d8:4e:4a:44:ea:49:01:39:3c:
                    54:d7:db:87:2f:bf:17:0e:9f:80:dd:c7:c1:ea:d4:
                    41:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:71:95:30:13:E2:36:52:DA:26:6E:19:3B:43:38:5E:AF:92:B1:27
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS329007.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.10.0/24
                  143.20.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:1b:02:1d:fa:47:5b:cc:e4:63:30:4f:3e:85:0c:52:47:16:
         08:3b:79:cf:e2:e8:92:41:03:56:7a:fb:54:78:ba:a5:3a:16:
         2d:38:e2:5d:8d:08:ef:4d:da:93:88:3e:1c:23:e4:6c:94:8c:
         0f:3b:c6:b7:cd:4b:0e:2a:ca:a7:08:02:45:d8:8d:47:8c:7a:
         68:38:d4:fc:d1:f8:55:fe:13:c4:d7:9f:cc:67:3c:c2:31:61:
         04:5a:80:1f:c2:80:ed:1d:d4:cf:fc:3f:4a:5b:44:f1:cf:61:
         5a:fb:d4:43:64:a5:77:13:39:0e:ac:98:46:a9:2b:f9:33:1a:
         22:ea:f6:d4:ab:ae:a7:08:29:7e:e0:8a:8b:b4:95:87:b3:17:
         99:2a:fd:51:65:c8:3a:c6:a5:ec:ff:f3:20:fd:df:b9:aa:ef:
         c7:41:47:2a:a5:93:e0:ef:f9:85:49:8b:0c:6f:d3:d1:cb:60:
         e2:ca:31:a3:0a:19:91:8c:e6:52:0b:a3:ff:ed:47:8c:9f:d5:
         b9:98:df:fd:3a:fb:c3:9e:8d:d3:f5:60:01:2e:83:43:61:50:
         63:db:e3:bc:a8:d2:cd:ea:aa:30:56:79:5f:1f:4c:74:50:42:
         5a:98:31:85:1e:d4:8a:80:17:13:22:a2:f6:2f:36:80:cb:ab:
         54:f4:5f:61
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUIXxfeg+iMI+j5Oz+HSWWEK/9JIEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTgxNjIyMjdaFw0yNjA3MTcxNjI3MjdaMDMxMTAvBgNV
BAMTKEM5NzE5NTMwMTNFMjM2NTJEQTI2NkUxOTNCNDMzODVFQUY5MkIxMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCudG3xyV4tgCKu/yQcfWX77Ue2
fZeYMOcWOzDr8bK2f1RuLmiVLCe6Aosn8EZbJbw+Wj3DCNvAPMgRyrwTsYiax5iH
hY9XnOPTSy/JD4jsbuGhZPv/4EHddIsiBYgRrq8Pf3S9Yr88ndA7eYpmgbJ44uUe
WYCk2Bc6yJsbhYXjLCQzBaqUdeVXFJjiKTmXaDlr5R16JhnjSK22YXIviSCHNj+f
Uk6GPLpLWakpWxSdfwa0Qs5BIEcvYXHy0HL0miGJOfhaJ+AgjKc/xDnAs0L0JIWM
tLUIQWWZL4dSKNGTM5ZjCzIfQthOSkTqSQE5PFTX24cvvxcOn4Ddx8Hq1EFfAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUyXGVMBPiNlLaJm4ZO0M4Xq+SsScwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzI5MDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQK
AwQAjxROMA0GCSqGSIb3DQEBCwUAA4IBAQCrGwId+kdbzORjME8+hQxSRxYIO3nP
4uiSQQNWevtUeLqlOhYtOOJdjQjvTdqTiD4cI+RslIwPO8a3zUsOKsqnCAJF2I1H
jHpoONT80fhV/hPE15/MZzzCMWEEWoAfwoDtHdTP/D9KW0Txz2Fa+9RDZKV3EzkO
rJhGqSv5Mxoi6vbUq66nCCl+4IqLtJWHsxeZKv1RZcg6xqXs//Mg/d+5qu/HQUcq
pZPg7/mFSYsMb9PRy2DiyjGjChmRjOZSC6P/7UeMn9W5mN/9OvvDno3T9WABLoND
YVBj2+O8qNLN6qowVnlfH0x0UEJamDGFHtSKgBcTIqL2LzaAy6tU9F9h
-----END CERTIFICATE-----