Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS53850.roa
File:                     AS53850.roa (raw, json)
Hash identifier:          WdWYswzr94SDRZ5h3uRoPuhjX8HKHFWWB+2ptM1qpDY=
Subject key identifier:   A0:39:44:80:5B:B7:AB:F7:3C:6D:DF:61:6F:28:03:98:4F:84:E8:AF
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7982EA6B83487124CDBBB823FE419AF16ECC4176
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS53850.roa
Signing time:             Mon 21 Jul 2025 13:23:22 +0000
ROA not before:           Mon 21 Jul 2025 13:18:22 +0000
ROA not after:            Mon 20 Jul 2026 13:23:22 +0000
asID:                     53850
IP address blocks:        143.20.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:24:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:82:ea:6b:83:48:71:24:cd:bb:b8:23:fe:41:9a:f1:6e:cc:41:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 21 13:18:22 2025 GMT
            Not After : Jul 20 13:23:22 2026 GMT
        Subject: CN=A03944805BB7ABF73C6DDF616F2803984F84E8AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7b:01:bb:f0:1f:c3:8b:5d:5a:c0:97:63:94:
                    80:56:5c:cd:51:29:67:9f:22:1f:ef:ab:8c:a5:09:
                    58:18:a9:7d:43:9b:d1:14:1e:ff:e6:a8:4d:25:49:
                    82:16:49:43:b4:75:3e:1e:0a:38:ac:9d:0e:5a:dc:
                    3f:99:d0:42:7b:36:8a:f4:90:d1:61:b6:90:03:19:
                    17:c8:19:67:0a:f8:a6:74:4e:e7:9f:f0:2f:3a:e5:
                    24:20:9d:3f:25:88:6a:83:fa:4e:23:85:df:b3:3e:
                    fb:63:73:2e:76:61:32:ee:b3:c0:f3:20:f0:df:56:
                    f3:a1:33:56:6e:6e:1c:d4:70:b8:98:4f:7c:ec:20:
                    d6:e0:07:d7:2f:72:cd:7c:fd:55:d2:5b:6d:0e:b3:
                    8a:53:88:b7:00:91:21:62:d1:e2:7b:70:ef:2a:3c:
                    3e:6f:c0:8c:72:91:c7:6c:dd:55:f0:eb:d8:86:99:
                    2b:33:33:3d:8b:01:37:0d:e4:f6:34:31:f1:19:64:
                    4d:7f:81:92:a2:c4:d1:f2:66:2b:32:4d:c0:7a:e9:
                    e6:7e:d2:a7:24:78:bf:02:2a:6e:21:54:01:84:ff:
                    bb:85:f9:56:59:a4:5d:9d:41:2d:87:4e:12:e0:ab:
                    5e:12:01:3c:eb:2e:95:ae:a5:6c:e8:33:97:73:85:
                    6b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:39:44:80:5B:B7:AB:F7:3C:6D:DF:61:6F:28:03:98:4F:84:E8:AF
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS53850.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:f5:31:ab:99:04:fd:77:82:1e:9a:21:87:8c:0c:b6:0a:3d:
         00:cc:a2:f2:72:72:c9:6c:be:87:e3:25:68:38:c1:00:dd:03:
         a9:09:73:c8:24:03:61:39:27:d6:4c:71:94:b6:07:ae:54:3d:
         be:ad:d4:50:c6:78:62:2a:81:a3:da:ec:e1:9c:f3:b9:74:a4:
         ba:0a:df:b3:5c:55:4d:46:fb:1a:7e:c0:6c:80:44:b3:3a:95:
         63:4f:e1:17:1d:9f:6d:4e:5a:6d:87:36:25:c6:ee:45:1f:87:
         33:d0:67:d7:09:1d:ef:15:4d:55:1b:b0:a9:c0:00:5a:c7:ad:
         7b:70:d2:0b:6c:70:01:ce:9f:da:23:f0:cd:8a:86:37:1a:bb:
         aa:0d:63:8f:9d:82:85:00:e8:63:f3:3b:86:ad:2b:c6:71:61:
         e9:40:08:c0:8b:b7:31:c8:14:5a:0b:35:21:53:cd:a1:ee:92:
         36:a6:08:96:ca:a4:2e:64:ef:78:50:74:ab:80:0d:fa:0d:37:
         40:64:28:3a:5c:ec:3d:84:21:8b:2f:af:cf:d1:ce:ec:f7:1e:
         47:33:9e:d4:99:ef:bf:9e:b1:5d:f9:b3:c5:60:ca:7a:96:15:
         bc:35:4c:cc:61:6a:35:a8:9d:32:a7:ff:ca:88:0c:7e:7b:37:
         88:70:09:04
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeYLqa4NIcSTNu7gj/kGa8W7MQXYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjExMzE4MjJaFw0yNjA3MjAxMzIzMjJaMDMxMTAvBgNV
BAMTKEEwMzk0NDgwNUJCN0FCRjczQzZEREY2MTZGMjgwMzk4NEY4NEU4QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3ewG78B/Di11awJdjlIBWXM1R
KWefIh/vq4ylCVgYqX1Dm9EUHv/mqE0lSYIWSUO0dT4eCjisnQ5a3D+Z0EJ7Nor0
kNFhtpADGRfIGWcK+KZ0Tuef8C865SQgnT8liGqD+k4jhd+zPvtjcy52YTLus8Dz
IPDfVvOhM1ZubhzUcLiYT3zsINbgB9cvcs18/VXSW20Os4pTiLcAkSFi0eJ7cO8q
PD5vwIxykcds3VXw69iGmSszMz2LATcN5PY0MfEZZE1/gZKixNHyZisyTcB66eZ+
0qckeL8CKm4hVAGE/7uF+VZZpF2dQS2HThLgq14SATzrLpWupWzoM5dzhWs1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUoDlEgFu3q/c8bd9hbygDmE+E6K8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTM4NTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFJUw
DQYJKoZIhvcNAQELBQADggEBAEP1MauZBP13gh6aIYeMDLYKPQDMovJycslsvofj
JWg4wQDdA6kJc8gkA2E5J9ZMcZS2B65UPb6t1FDGeGIqgaPa7OGc87l0pLoK37Nc
VU1G+xp+wGyARLM6lWNP4Rcdn21OWm2HNiXG7kUfhzPQZ9cJHe8VTVUbsKnAAFrH
rXtw0gtscAHOn9oj8M2Khjcau6oNY4+dgoUA6GPzO4atK8ZxYelACMCLtzHIFFoL
NSFTzaHukjamCJbKpC5k73hQdKuADfoNN0BkKDpc7D2EIYsvr8/Rzuz3HkczntSZ
77+esV35s8VgynqWFbw1TMxhajWonTKn/8qIDH57N4hwCQQ=
-----END CERTIFICATE-----