Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS397423.roa
File:                     AS397423.roa (raw, json)
Hash identifier:          6maKALH3y8jG1HL9JXBkiVFI/8eczeP6NdIJWU3M92g=
Subject key identifier:   90:BB:5F:FF:A6:3F:F8:17:DE:EF:51:40:6F:8B:0A:2A:B7:8C:F1:8C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7E8BC5F9B00CB74335465B04F5783E8D9272F5B6
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS397423.roa
Signing time:             Sun 28 Sep 2025 00:04:53 +0000
ROA not before:           Sat 27 Sep 2025 23:59:53 +0000
ROA not after:            Sun 27 Sep 2026 00:04:53 +0000
asID:                     397423
IP address blocks:        143.20.180.0/22 maxlen: 22
                          143.20.188.0/22 maxlen: 22
                          143.20.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 17:49:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:8b:c5:f9:b0:0c:b7:43:35:46:5b:04:f5:78:3e:8d:92:72:f5:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 27 23:59:53 2025 GMT
            Not After : Sep 27 00:04:53 2026 GMT
        Subject: CN=90BB5FFFA63FF817DEEF51406F8B0A2AB78CF18C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2c:a4:06:94:b2:17:c6:11:82:61:a6:ca:2e:
                    ae:c1:bd:bc:81:1b:5c:00:55:28:40:75:cb:1b:ae:
                    38:84:44:ba:88:57:17:d2:67:fc:4d:ef:25:20:01:
                    e2:38:3d:a7:93:5a:c9:f7:d7:88:31:66:52:b0:d9:
                    6e:8e:6e:6d:3e:e6:a3:3b:d3:5e:7b:bb:43:7e:72:
                    f2:ee:f2:11:21:fe:ab:54:31:18:97:0f:6d:70:62:
                    b2:a8:5a:e5:98:56:2c:f5:f9:09:97:30:76:98:00:
                    95:0b:25:e0:ca:ad:46:81:47:2d:e8:1a:2f:5d:b6:
                    ea:28:ad:15:9c:fa:fc:69:f6:8e:64:ae:f7:5c:87:
                    9d:30:ea:91:a7:20:8e:46:61:32:d4:07:1e:9b:a7:
                    37:54:c4:f9:09:78:db:94:99:e9:ed:18:bd:8e:30:
                    90:b5:1e:2b:d1:93:6a:03:12:09:d9:d9:e9:56:e3:
                    c1:15:40:8b:22:31:8b:6b:ba:f8:9a:34:3d:90:27:
                    f1:04:71:4c:5f:91:00:da:da:ac:fa:b3:f5:f7:cb:
                    f0:72:a3:10:49:91:42:80:88:32:c2:40:df:33:1b:
                    0b:5a:69:a7:cf:90:42:55:f8:35:14:88:fc:5a:d5:
                    96:e2:1f:cc:7f:aa:11:7b:95:2b:99:a1:a8:92:37:
                    11:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:BB:5F:FF:A6:3F:F8:17:DE:EF:51:40:6F:8B:0A:2A:B7:8C:F1:8C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS397423.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.180.0/22
                  143.20.188.0/22
                  143.20.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:6b:db:05:3d:99:a4:d5:c9:30:68:c4:4c:1a:96:57:37:69:
         84:3f:0c:69:1b:ba:bc:44:41:21:e0:b2:3e:b9:cc:34:2a:e8:
         31:00:de:b5:80:e8:fd:12:83:cd:69:69:35:69:83:00:9a:53:
         19:8d:63:2d:a9:03:4a:0e:00:b5:79:8c:83:33:12:13:bd:6e:
         f5:cb:0f:0f:31:29:75:bf:33:7c:33:ae:26:ba:3b:e5:a0:b6:
         95:db:b5:00:90:1d:80:d9:e9:0f:0d:95:dc:b1:98:1b:bb:b8:
         08:a2:12:34:d3:15:5c:73:ad:b5:e1:f4:5f:30:b0:64:d1:97:
         69:06:8b:b4:0b:39:6c:8c:b6:66:5a:1d:a7:be:1e:f2:36:9d:
         48:b9:44:9e:ca:38:aa:65:03:fa:10:d7:59:af:86:18:2e:aa:
         09:53:f7:49:e9:45:3d:34:27:f3:0a:5c:4c:d8:a4:fd:9e:1b:
         85:c8:53:d0:26:1c:75:29:c5:1b:55:1d:34:96:47:04:d6:7d:
         cd:7c:58:91:12:5e:ad:f2:57:49:47:5c:34:32:15:51:e7:e9:
         f4:f4:04:82:cd:e0:3e:ec:7a:d4:8b:ce:9e:34:02:ae:b8:b2:
         a4:ee:79:76:19:32:99:8e:ba:f9:d2:06:7f:a5:d9:ce:21:a9:
         d8:c2:19:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUfovF+bAMt0M1RlsE9Xg+jZJy9bYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjcyMzU5NTNaFw0yNjA5MjcwMDA0NTNaMDMxMTAvBgNV
BAMTKDkwQkI1RkZGQTYzRkY4MTdERUVGNTE0MDZGOEIwQTJBQjc4Q0YxOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcLKQGlLIXxhGCYabKLq7BvbyB
G1wAVShAdcsbrjiERLqIVxfSZ/xN7yUgAeI4PaeTWsn314gxZlKw2W6Obm0+5qM7
0157u0N+cvLu8hEh/qtUMRiXD21wYrKoWuWYViz1+QmXMHaYAJULJeDKrUaBRy3o
Gi9dtuoorRWc+vxp9o5krvdch50w6pGnII5GYTLUBx6bpzdUxPkJeNuUmentGL2O
MJC1HivRk2oDEgnZ2elW48EVQIsiMYtruviaND2QJ/EEcUxfkQDa2qz6s/X3y/By
oxBJkUKAiDLCQN8zGwtaaafPkEJV+DUUiPxa1ZbiH8x/qhF7lSuZoaiSNxEbAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUkLtf/6Y/+Bfe71FAb4sKKreM8YwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk3NDIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCjxS0
AwQCjxS8AwQCjxTEMA0GCSqGSIb3DQEBCwUAA4IBAQBSa9sFPZmk1ckwaMRMGpZX
N2mEPwxpG7q8REEh4LI+ucw0KugxAN61gOj9EoPNaWk1aYMAmlMZjWMtqQNKDgC1
eYyDMxITvW71yw8PMSl1vzN8M64mujvloLaV27UAkB2A2ekPDZXcsZgbu7gIohI0
0xVcc6214fRfMLBk0ZdpBou0CzlsjLZmWh2nvh7yNp1IuUSeyjiqZQP6ENdZr4YY
LqoJU/dJ6UU9NCfzClxM2KT9nhuFyFPQJhx1KcUbVR00lkcE1n3NfFiREl6t8ldJ
R1w0MhVR5+n09ASCzeA+7HrUi86eNAKuuLKk7nl2GTKZjrr50gZ/pdnOIanYwhls
-----END CERTIFICATE-----