Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207343.roa
File:                     AS207343.roa (raw, json)
Hash identifier:          2JV/x2CdvPojvYYlWpnT2sdbtHPry6IIXmM4o5j+zRE=
Subject key identifier:   5D:11:00:B1:B1:70:93:D7:FC:D9:95:63:42:67:0B:D0:4F:BE:A2:2E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       66D2D49D9A0A6CEE06527A524523468AE0FECF67
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207343.roa
Signing time:             Wed 04 Mar 2026 09:08:42 +0000
ROA not before:           Wed 04 Mar 2026 09:03:42 +0000
ROA not after:            Wed 03 Mar 2027 09:08:42 +0000
asID:                     207343
IP address blocks:        143.20.1.0/24 maxlen: 24
                          143.20.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:d2:d4:9d:9a:0a:6c:ee:06:52:7a:52:45:23:46:8a:e0:fe:cf:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Mar  4 09:03:42 2026 GMT
            Not After : Mar  3 09:08:42 2027 GMT
        Subject: CN=5D1100B1B17093D7FCD9956342670BD04FBEA22E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:51:60:9d:bb:06:22:d7:79:6f:17:4b:26:dc:
                    c2:a7:b3:45:e9:02:07:3c:97:3d:34:4f:74:6c:81:
                    b8:a0:15:10:0e:48:6c:18:df:20:49:21:41:0c:71:
                    ce:7a:1c:ef:ef:f6:f2:67:20:c2:94:9e:1f:80:fa:
                    6a:1d:66:52:10:d9:75:69:c2:f2:0e:41:9b:1b:87:
                    66:d8:59:ab:18:7a:97:f7:ef:5b:36:d3:b6:67:9a:
                    15:99:e8:1f:d9:1c:31:b0:83:13:ab:80:e7:77:4e:
                    0d:b8:51:98:4e:8a:6e:0b:1c:0b:b9:fa:78:06:1b:
                    43:00:07:1b:22:a9:d8:4b:f6:21:23:69:33:b4:df:
                    8f:ef:b8:e8:85:35:26:94:bd:03:45:a2:30:b9:55:
                    d4:70:51:73:5e:9c:c7:b0:0e:f1:7b:e4:fa:b8:4f:
                    e1:c2:54:c6:b9:59:d4:58:e9:77:53:78:7e:59:65:
                    49:cb:14:46:db:ce:9e:ab:70:5d:68:02:59:e6:e0:
                    16:bc:4d:e2:e6:db:9e:02:e4:86:56:85:8e:63:54:
                    4a:7f:d8:b4:09:ba:7d:45:9a:d9:cf:6b:d4:3b:d5:
                    b0:ee:c1:3b:28:17:04:29:7f:67:8f:15:21:2d:93:
                    33:5d:c1:f9:36:0e:c1:97:dc:50:4d:eb:05:6e:a3:
                    66:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:11:00:B1:B1:70:93:D7:FC:D9:95:63:42:67:0B:D0:4F:BE:A2:2E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207343.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.1.0/24
                  143.20.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:86:2f:cf:a5:d9:2e:5e:b0:6f:f8:9a:cc:7d:30:55:c0:ca:
         f8:fd:7a:59:53:94:e9:5d:ac:ee:7d:2e:10:3c:39:b5:68:0d:
         c6:e8:de:46:3b:74:04:d6:57:90:e7:94:28:34:40:c5:18:4f:
         4f:de:42:07:bd:37:7e:2c:a1:48:87:36:3e:cb:40:22:b0:da:
         f7:87:db:b9:f4:83:b8:d1:de:e7:b4:7c:2e:0e:87:90:6b:80:
         a2:ac:17:21:a7:68:c9:dc:3e:72:85:82:54:dc:8c:88:64:9e:
         b6:5a:ab:fd:2c:61:d2:e6:97:f7:6d:91:ec:0d:8a:40:16:1f:
         69:26:6c:b9:a9:41:95:0c:03:4e:43:f8:bd:fe:cc:f6:71:4d:
         1e:e8:11:2a:ff:78:47:b0:68:6f:57:c8:a0:20:c2:24:38:1e:
         87:38:bd:6b:a5:42:d6:34:66:8e:97:37:f1:51:8a:73:c3:d0:
         19:35:3b:42:9b:7c:27:8a:8f:cf:45:dc:19:96:82:7f:a8:8b:
         47:8a:31:eb:16:b7:b1:c4:db:b6:2d:77:54:d6:d5:fa:61:51:
         eb:d6:4a:e3:cb:85:95:21:27:7b:4b:0f:04:f7:e9:8f:ac:f0:
         f4:0c:3a:5e:e0:21:5d:e6:92:1f:6c:af:19:26:9b:11:cd:db:
         19:c2:3c:07
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUZtLUnZoKbO4GUnpSRSNGiuD+z2cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMDQwOTAzNDJaFw0yNzAzMDMwOTA4NDJaMDMxMTAvBgNV
BAMTKDVEMTEwMEIxQjE3MDkzRDdGQ0Q5OTU2MzQyNjcwQkQwNEZCRUEyMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3UWCduwYi13lvF0sm3MKns0Xp
Agc8lz00T3RsgbigFRAOSGwY3yBJIUEMcc56HO/v9vJnIMKUnh+A+modZlIQ2XVp
wvIOQZsbh2bYWasYepf371s207ZnmhWZ6B/ZHDGwgxOrgOd3Tg24UZhOim4LHAu5
+ngGG0MABxsiqdhL9iEjaTO034/vuOiFNSaUvQNFojC5VdRwUXNenMewDvF75Pq4
T+HCVMa5WdRY6XdTeH5ZZUnLFEbbzp6rcF1oAlnm4Ba8TeLm254C5IZWhY5jVEp/
2LQJun1FmtnPa9Q71bDuwTsoFwQpf2ePFSEtkzNdwfk2DsGX3FBN6wVuo2a1AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUXREAsbFwk9f82ZVjQmcL0E++oi4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3MzQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQB
AwQAjxQRMA0GCSqGSIb3DQEBCwUAA4IBAQBjhi/PpdkuXrBv+JrMfTBVwMr4/XpZ
U5TpXazufS4QPDm1aA3G6N5GO3QE1leQ55QoNEDFGE9P3kIHvTd+LKFIhzY+y0Ai
sNr3h9u59IO40d7ntHwuDoeQa4CirBchp2jJ3D5yhYJU3IyIZJ62Wqv9LGHS5pf3
bZHsDYpAFh9pJmy5qUGVDANOQ/i9/sz2cU0e6BEq/3hHsGhvV8igIMIkOB6HOL1r
pULWNGaOlzfxUYpzw9AZNTtCm3wnio/PRdwZloJ/qItHijHrFrexxNu2LXdU1tX6
YVHr1krjy4WVISd7Sw8E9+mPrPD0DDpe4CFd5pIfbK8ZJpsRzdsZwjwH
-----END CERTIFICATE-----