Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS11059.roa
File:                     AS11059.roa (raw, json)
Hash identifier:          zHUGwEOtf3yVd91zbeuMc9FFcglpJcy6+GzRSOY4Kb0=
Subject key identifier:   8A:3D:58:16:15:6F:7E:C6:C6:E7:D4:EA:11:57:9E:6C:7D:9F:18:6E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       21AC59C141C59F5C08BE6ED201C27867C8439379
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS11059.roa
Signing time:             Thu 14 May 2026 09:43:34 +0000
ROA not before:           Thu 14 May 2026 09:38:34 +0000
ROA not after:            Thu 13 May 2027 09:43:34 +0000
asID:                     11059
IP address blocks:        143.20.224.0/22 maxlen: 24
                          143.20.232.0/22 maxlen: 24
                          143.20.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:ac:59:c1:41:c5:9f:5c:08:be:6e:d2:01:c2:78:67:c8:43:93:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 14 09:38:34 2026 GMT
            Not After : May 13 09:43:34 2027 GMT
        Subject: CN=8A3D5816156F7EC6C6E7D4EA11579E6C7D9F186E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:47:eb:d7:46:56:83:f7:45:d5:66:7d:f0:50:
                    79:c2:51:27:c6:91:3d:66:21:5b:36:da:6c:14:54:
                    ed:e2:55:44:11:0b:94:e1:70:83:c2:12:0b:de:1a:
                    b8:2e:44:16:1d:db:95:e6:ee:19:dd:34:db:93:8a:
                    69:63:87:84:45:10:36:dc:3c:eb:b9:91:f9:d0:c4:
                    75:2b:e1:46:6a:69:55:f5:f8:cb:92:2c:08:f5:dd:
                    af:ef:07:a0:8a:c2:17:29:7f:50:00:eb:f0:cb:56:
                    76:06:3f:cd:2f:a6:1b:89:f6:aa:7d:8f:2e:bf:18:
                    7f:d2:cd:24:bd:40:79:5c:6b:92:46:d5:8b:98:d8:
                    17:98:cc:e7:f1:f0:e0:4c:c2:97:c8:77:4a:51:9b:
                    d0:d9:ed:8f:29:1e:98:cf:a7:38:84:83:cc:03:62:
                    4e:76:33:ae:ea:31:81:9b:49:c8:b5:3c:1d:ff:09:
                    4f:dd:ff:00:53:86:c3:d7:ae:da:da:8c:b2:06:f7:
                    1e:02:1e:65:61:7f:a3:3c:c1:39:4c:9e:78:02:14:
                    47:ce:97:ae:86:b0:4e:d1:b0:76:f9:1e:35:05:44:
                    e9:dc:28:c5:9b:bf:ef:4a:b3:53:6e:16:67:9b:17:
                    9c:af:34:5a:84:b7:fd:02:13:33:f3:30:f5:57:f9:
                    74:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:3D:58:16:15:6F:7E:C6:C6:E7:D4:EA:11:57:9E:6C:7D:9F:18:6E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS11059.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.224.0/22
                  143.20.232.0/22
                  143.20.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ba:ae:31:9e:92:65:f4:5f:c6:2d:a0:a5:f1:d3:1b:9e:80:32:
         b2:5d:75:58:fe:2b:4d:87:25:ed:35:01:33:cc:6b:7d:32:ca:
         f4:c5:eb:66:d4:7b:49:68:8f:4a:1c:02:e8:72:c2:39:b3:04:
         65:ad:29:2d:d9:94:eb:ba:3a:5e:f9:66:90:ed:55:61:ea:eb:
         8f:6e:f9:91:55:7b:9e:eb:c3:2a:6d:a8:6c:50:a0:05:e2:fc:
         88:98:3a:4c:35:22:39:34:57:91:88:2e:6f:f3:be:93:7c:7d:
         8f:dc:32:a0:6e:94:da:48:c9:ca:43:33:94:c6:ff:58:b5:1e:
         0c:16:5c:db:d1:71:c4:87:cb:97:48:ca:03:e6:9e:04:5d:95:
         40:cc:45:ff:b2:f4:6c:5d:2a:4c:eb:2d:b8:16:55:55:78:ac:
         7e:25:16:a5:e9:cb:8d:63:ea:3e:b1:a3:10:53:12:19:fd:5a:
         0b:e0:0a:65:52:79:49:ce:89:b7:39:6c:94:d7:34:22:3a:7e:
         3c:aa:b6:5a:5e:2e:14:f5:f1:44:3d:25:3d:26:0a:bd:db:26:
         55:36:1f:25:86:db:cc:7f:15:75:c0:86:dd:16:e0:fb:73:3c:
         cb:79:ee:a2:93:a0:1c:30:96:5b:a4:92:af:f9:e4:aa:f3:ad:
         56:c9:e2:c5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUIaxZwUHFn1wIvm7SAcJ4Z8hDk3kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MTQwOTM4MzRaFw0yNzA1MTMwOTQzMzRaMDMxMTAvBgNV
BAMTKDhBM0Q1ODE2MTU2RjdFQzZDNkU3RDRFQTExNTc5RTZDN0Q5RjE4NkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2R+vXRlaD90XVZn3wUHnCUSfG
kT1mIVs22mwUVO3iVUQRC5ThcIPCEgveGrguRBYd25Xm7hndNNuTimljh4RFEDbc
POu5kfnQxHUr4UZqaVX1+MuSLAj13a/vB6CKwhcpf1AA6/DLVnYGP80vphuJ9qp9
jy6/GH/SzSS9QHlca5JG1YuY2BeYzOfx8OBMwpfId0pRm9DZ7Y8pHpjPpziEg8wD
Yk52M67qMYGbSci1PB3/CU/d/wBThsPXrtrajLIG9x4CHmVhf6M8wTlMnngCFEfO
l66GsE7RsHb5HjUFROncKMWbv+9Ks1NuFmebF5yvNFqEt/0CEzPzMPVX+XSfAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUij1YFhVvfsbG59TqEVeebH2fGG4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTEwNTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAKPFOAD
BAKPFOgDBAKPFPAwDQYJKoZIhvcNAQELBQADggEBALquMZ6SZfRfxi2gpfHTG56A
MrJddVj+K02HJe01ATPMa30yyvTF62bUe0loj0ocAuhywjmzBGWtKS3ZlOu6Ol75
ZpDtVWHq649u+ZFVe57rwyptqGxQoAXi/IiYOkw1Ijk0V5GILm/zvpN8fY/cMqBu
lNpIycpDM5TG/1i1HgwWXNvRccSHy5dIygPmngRdlUDMRf+y9GxdKkzrLbgWVVV4
rH4lFqXpy41j6j6xoxBTEhn9WgvgCmVSeUnOibc5bJTXNCI6fjyqtlpeLhT18UQ9
JT0mCr3bJlU2HyWG28x/FXXAht0W4PtzPMt57qKToBwwllukkq/55KrzrVbJ4sU=
-----END CERTIFICATE-----