Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS12027.roa
File:                     AS12027.roa (raw, json)
Hash identifier:          Z/B+7YthUX7THoE1GzSRZY3VpoRGArL5w9G5V1dOV7Q=
Subject key identifier:   64:55:91:71:62:A1:87:60:F6:88:55:4D:20:BD:06:F6:20:84:58:62
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       25D8C2BD81C5BA36DCDC8006BCFB73352A823E78
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS12027.roa
Signing time:             Sun 14 Sep 2025 01:57:54 +0000
ROA not before:           Sun 14 Sep 2025 01:52:54 +0000
ROA not after:            Sun 13 Sep 2026 01:57:54 +0000
asID:                     12027
IP address blocks:        143.20.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 16:16:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:d8:c2:bd:81:c5:ba:36:dc:dc:80:06:bc:fb:73:35:2a:82:3e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 14 01:52:54 2025 GMT
            Not After : Sep 13 01:57:54 2026 GMT
        Subject: CN=6455917162A18760F688554D20BD06F620845862
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ce:c7:c4:e2:10:e6:14:5d:22:d3:66:b1:c4:
                    b4:0b:65:47:f4:ea:e6:ed:51:a1:79:71:02:a3:41:
                    41:3a:16:d3:3b:03:86:e3:f8:65:24:b0:f7:11:7d:
                    ac:69:13:95:90:34:3f:68:3f:ee:c4:97:4c:d6:c0:
                    b7:e4:0f:17:fb:af:b1:22:c3:e1:32:bc:40:80:de:
                    72:91:14:a7:19:f3:17:df:7a:bc:99:b5:c5:d8:7a:
                    8a:d9:94:fb:1b:b4:f0:39:01:65:f5:8c:a0:eb:39:
                    ae:f7:bc:5e:70:e3:6c:1f:6d:00:84:75:9d:80:45:
                    de:21:a1:68:13:06:35:70:72:f9:20:23:7f:ed:a5:
                    da:ae:55:2a:f5:cb:f0:8a:49:c4:83:53:39:72:9f:
                    9a:6e:c0:4a:b2:04:42:12:4c:87:63:54:74:02:22:
                    5f:79:6b:a6:56:03:e2:98:93:c1:b2:f4:53:ac:40:
                    6e:d2:54:3d:eb:1c:26:f1:55:1d:24:31:29:eb:92:
                    ae:4f:7c:58:db:a2:7b:06:74:d4:f1:a0:56:fc:4d:
                    89:b7:dc:78:da:06:5c:75:6e:66:f0:d5:b7:4c:12:
                    22:2d:96:df:a5:27:27:f7:f9:b3:f5:3b:ec:ee:ca:
                    95:de:5d:71:15:85:80:5b:04:29:c7:a5:6e:c0:5b:
                    f0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:55:91:71:62:A1:87:60:F6:88:55:4D:20:BD:06:F6:20:84:58:62
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS12027.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:77:b5:f8:24:74:0d:b2:5a:45:4d:4d:1b:23:00:73:3c:ac:
         de:01:a1:d8:c0:b4:66:af:10:29:70:a4:e5:26:46:6b:61:78:
         5d:bd:21:26:1b:ba:8a:7a:34:aa:db:34:ad:c1:03:15:4e:c9:
         ee:b6:93:83:ea:33:e3:16:4f:8c:63:b2:80:2c:bf:fb:a4:5a:
         18:6f:99:4d:0c:3e:00:36:a4:2a:b4:5a:e4:3a:15:67:be:dc:
         3e:75:b8:58:e1:c8:8d:20:0d:f8:b4:36:65:5f:07:48:66:6d:
         ae:0d:66:66:a4:9a:58:ae:6b:d3:b4:eb:09:41:b8:53:9d:3a:
         98:22:b4:ac:64:ee:c8:f5:a6:dd:1f:0b:d2:2c:2d:de:2c:45:
         c7:80:e4:47:63:8f:aa:3c:20:1d:50:1c:24:44:b0:73:f4:7b:
         9e:6d:a6:75:35:4a:98:8f:9b:be:78:6e:44:06:0f:77:1b:7a:
         25:31:b0:06:bd:0e:b9:a7:25:ee:b2:b3:d6:b9:39:14:e7:a6:
         da:76:e2:16:bb:f3:77:05:4c:40:ed:d2:fe:62:76:52:11:18:
         2c:71:b1:50:dd:9d:48:6c:28:8b:1f:d8:85:18:a1:e8:9a:54:
         5d:cd:15:c0:4f:33:5a:ce:40:0b:51:7a:d4:63:f3:90:52:af:
         7e:23:59:fc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUJdjCvYHFujbc3IAGvPtzNSqCPngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MTQwMTUyNTRaFw0yNjA5MTMwMTU3NTRaMDMxMTAvBgNV
BAMTKDY0NTU5MTcxNjJBMTg3NjBGNjg4NTU0RDIwQkQwNkY2MjA4NDU4NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYzsfE4hDmFF0i02axxLQLZUf0
6ubtUaF5cQKjQUE6FtM7A4bj+GUksPcRfaxpE5WQND9oP+7El0zWwLfkDxf7r7Ei
w+EyvECA3nKRFKcZ8xfferyZtcXYeorZlPsbtPA5AWX1jKDrOa73vF5w42wfbQCE
dZ2ARd4hoWgTBjVwcvkgI3/tpdquVSr1y/CKScSDUzlyn5puwEqyBEISTIdjVHQC
Il95a6ZWA+KYk8Gy9FOsQG7SVD3rHCbxVR0kMSnrkq5PfFjbonsGdNTxoFb8TYm3
3HjaBlx1bmbw1bdMEiItlt+lJyf3+bP1O+zuypXeXXEVhYBbBCnHpW7AW/CTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUZFWRcWKhh2D2iFVNIL0G9iCEWGIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTIwMjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFN8w
DQYJKoZIhvcNAQELBQADggEBACt3tfgkdA2yWkVNTRsjAHM8rN4BodjAtGavEClw
pOUmRmtheF29ISYbuop6NKrbNK3BAxVOye62k4PqM+MWT4xjsoAsv/ukWhhvmU0M
PgA2pCq0WuQ6FWe+3D51uFjhyI0gDfi0NmVfB0hmba4NZmakmliua9O06wlBuFOd
OpgitKxk7sj1pt0fC9IsLd4sRceA5Edjj6o8IB1QHCREsHP0e55tpnU1SpiPm754
bkQGD3cbeiUxsAa9DrmnJe6ys9a5ORTnptp24ha783cFTEDt0v5idlIRGCxxsVDd
nUhsKIsf2IUYoeiaVF3NFcBPM1rOQAtRetRj85BSr34jWfw=
-----END CERTIFICATE-----