Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207768.roa
File:                     AS207768.roa (raw, json)
Hash identifier:          0CTh4GLsFCo0vAMIXrL8k4ObQ8/Zth0e03JNRxOZ6pI=
Subject key identifier:   10:D7:C7:D0:EC:C8:5F:8E:86:0C:8C:95:7F:EA:7A:A5:91:9A:7B:D0
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0C641195F8507A68EF9C9E0E5D1AFD704058F5D7
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207768.roa
Signing time:             Mon 02 Mar 2026 06:12:34 +0000
ROA not before:           Mon 02 Mar 2026 06:07:34 +0000
ROA not after:            Mon 01 Mar 2027 06:12:34 +0000
asID:                     207768
IP address blocks:        143.20.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:64:11:95:f8:50:7a:68:ef:9c:9e:0e:5d:1a:fd:70:40:58:f5:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Mar  2 06:07:34 2026 GMT
            Not After : Mar  1 06:12:34 2027 GMT
        Subject: CN=10D7C7D0ECC85F8E860C8C957FEA7AA5919A7BD0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:55:04:57:c5:0c:da:01:ea:37:3d:74:cf:fe:
                    c3:d7:7a:6f:64:64:7e:fc:b4:21:48:c7:fe:56:21:
                    6d:d8:f8:50:cf:f5:60:ec:02:48:ea:b0:99:fa:a2:
                    0f:a9:6e:2d:bc:cd:35:95:8c:0d:56:79:6d:f6:66:
                    7c:ee:81:6d:e6:72:29:50:c2:28:ae:d8:f3:e9:0a:
                    34:9c:78:d9:b7:2a:52:a6:a8:28:c8:c2:ff:4f:ff:
                    ad:7a:51:23:a7:cb:4e:b5:4a:1e:03:47:dd:a2:08:
                    22:b8:1b:41:a8:40:18:f8:61:6a:37:4e:32:3e:4f:
                    11:60:16:2c:8f:80:40:61:c8:36:a1:86:c7:88:bb:
                    40:10:fc:f9:cd:b7:8a:bd:7b:e9:61:1c:a1:85:80:
                    ea:76:6d:87:46:c6:d0:8d:df:68:71:aa:b6:f9:fb:
                    7b:71:24:33:2e:12:2a:fe:48:c2:92:02:12:c4:c6:
                    e0:a1:4b:8e:03:4c:ba:6f:31:be:32:47:d4:4a:46:
                    43:dc:cd:80:96:35:0d:8e:ca:d0:29:4c:e5:74:d7:
                    f8:84:06:d6:25:ec:05:99:7a:0d:92:7f:7c:bc:b5:
                    bd:4e:54:aa:d6:97:da:c3:a6:ec:fe:84:19:70:af:
                    71:53:d3:22:99:8a:55:f0:fa:fb:28:5c:9a:d2:e0:
                    ad:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:D7:C7:D0:EC:C8:5F:8E:86:0C:8C:95:7F:EA:7A:A5:91:9A:7B:D0
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ad:f2:e4:02:b6:5b:4d:1e:48:b5:08:53:ba:52:3b:e1:36:
         fe:14:c9:cc:76:54:3f:09:32:43:32:43:35:1a:e2:e2:4f:a0:
         d2:5f:a5:25:23:50:97:cb:fc:f3:0a:bb:44:ba:56:f3:d7:1c:
         3e:16:d2:74:40:26:a4:c1:44:ea:1a:70:f4:98:c6:fb:38:e8:
         7d:88:52:c4:00:3a:19:e4:80:4a:80:37:12:d9:d1:23:92:b3:
         03:1d:0b:07:27:09:50:9d:35:1f:ae:7a:43:69:b7:77:2a:9f:
         17:55:a6:41:39:49:b1:27:76:82:5d:5c:4b:12:5d:ec:43:b1:
         0c:31:ed:96:24:0f:52:a1:b6:15:06:55:86:3d:a6:58:03:17:
         a3:6d:06:60:65:d3:ed:9a:8b:8a:7c:48:39:37:97:08:d1:f0:
         14:5d:33:56:d0:ef:69:ed:ea:c8:64:9a:27:62:95:f9:99:c7:
         c6:36:a5:10:7e:2a:a6:29:f4:cd:4f:fa:b5:53:f6:f6:19:aa:
         c9:94:75:4a:c9:b2:ff:3d:02:ad:46:e8:a5:3f:9b:68:e3:d6:
         fb:67:a6:99:31:0a:00:0b:7a:bf:ef:2d:a0:79:d4:f8:14:7b:
         c3:19:f1:0e:75:47:43:8d:79:8f:3a:80:6f:23:9f:eb:f2:36:
         a1:af:2e:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDGQRlfhQemjvnJ4OXRr9cEBY9dcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMDIwNjA3MzRaFw0yNzAzMDEwNjEyMzRaMDMxMTAvBgNV
BAMTKDEwRDdDN0QwRUNDODVGOEU4NjBDOEM5NTdGRUE3QUE1OTE5QTdCRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9VQRXxQzaAeo3PXTP/sPXem9k
ZH78tCFIx/5WIW3Y+FDP9WDsAkjqsJn6og+pbi28zTWVjA1WeW32ZnzugW3mcilQ
wiiu2PPpCjSceNm3KlKmqCjIwv9P/616USOny061Sh4DR92iCCK4G0GoQBj4YWo3
TjI+TxFgFiyPgEBhyDahhseIu0AQ/PnNt4q9e+lhHKGFgOp2bYdGxtCN32hxqrb5
+3txJDMuEir+SMKSAhLExuChS44DTLpvMb4yR9RKRkPczYCWNQ2OytApTOV01/iE
BtYl7AWZeg2Sf3y8tb1OVKrWl9rDpuz+hBlwr3FT0yKZilXw+vsoXJrS4K09AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUENfH0OzIX46GDIyVf+p6pZGae9AwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3NzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQy
MA0GCSqGSIb3DQEBCwUAA4IBAQAorfLkArZbTR5ItQhTulI74Tb+FMnMdlQ/CTJD
MkM1GuLiT6DSX6UlI1CXy/zzCrtEulbz1xw+FtJ0QCakwUTqGnD0mMb7OOh9iFLE
ADoZ5IBKgDcS2dEjkrMDHQsHJwlQnTUfrnpDabd3Kp8XVaZBOUmxJ3aCXVxLEl3s
Q7EMMe2WJA9SobYVBlWGPaZYAxejbQZgZdPtmouKfEg5N5cI0fAUXTNW0O9p7erI
ZJonYpX5mcfGNqUQfiqmKfTNT/q1U/b2GarJlHVKybL/PQKtRuilP5to49b7Z6aZ
MQoAC3q/7y2gedT4FHvDGfEOdUdDjXmPOoBvI5/r8jahry5E
-----END CERTIFICATE-----