Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa
File:                     AS207769.roa (raw, json)
Hash identifier:          pTEfVdqHW17+XaxTKCHacEQ86NbxdXA2z+W29MPynbE=
Subject key identifier:   7C:9B:40:AD:FD:62:61:D1:41:0B:97:D2:FE:8B:E1:26:2C:DD:25:AF
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       758D516A81C81FB491807045946282F8F6FECCC5
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa
Signing time:             Thu 05 Jun 2025 17:39:50 +0000
ROA not before:           Thu 05 Jun 2025 17:34:50 +0000
ROA not after:            Thu 04 Jun 2026 17:39:50 +0000
asID:                     207769
IP address blocks:        143.20.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:8d:51:6a:81:c8:1f:b4:91:80:70:45:94:62:82:f8:f6:fe:cc:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:50 2025 GMT
            Not After : Jun  4 17:39:50 2026 GMT
        Subject: CN=7C9B40ADFD6261D1410B97D2FE8BE1262CDD25AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:61:d9:d4:e5:ea:07:c7:72:e6:a8:0b:57:e2:
                    a8:49:f7:fb:34:53:79:c6:8a:65:54:8a:23:31:c3:
                    de:95:1c:44:82:92:a7:8d:82:5f:5b:d2:1b:f3:14:
                    8f:a6:24:a3:bd:c1:ee:ad:60:94:19:a6:53:38:c4:
                    22:4e:76:cf:40:1e:fe:3f:eb:13:e8:ba:c3:8f:38:
                    d0:9a:74:39:11:b2:0a:cb:92:b4:1b:de:0c:14:8b:
                    c9:ef:6b:85:c9:40:a9:32:f3:3b:1c:02:b3:78:64:
                    be:b3:51:e4:ec:e8:ec:b5:cb:4b:59:62:07:b6:ef:
                    a9:fb:c0:b5:b6:bf:e8:54:90:57:84:07:f1:92:f8:
                    4d:08:dd:67:de:69:44:57:ab:36:57:d7:37:9c:19:
                    6a:a5:3b:d4:65:9b:bd:1f:ce:b9:82:74:1a:21:bb:
                    ad:71:83:0b:c8:05:b5:f0:d3:8c:fb:ad:33:fe:5c:
                    81:fd:e3:d0:d9:fa:77:da:fa:11:9b:c5:b3:0d:55:
                    0d:22:b5:aa:1d:99:f5:76:fb:2f:1e:78:f2:6f:86:
                    81:0e:fb:07:98:f9:26:3d:f7:c9:06:22:5c:cc:80:
                    a7:4b:73:2f:31:18:cf:27:96:79:17:89:b4:f7:a8:
                    26:67:34:d8:ae:41:e4:2f:31:af:da:10:9a:f4:a3:
                    c2:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9B:40:AD:FD:62:61:D1:41:0B:97:D2:FE:8B:E1:26:2C:DD:25:AF
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:4b:86:c1:3c:fb:f0:10:33:b4:57:b2:1b:d0:4d:e3:55:89:
         74:7c:c8:4c:f3:a2:6d:e9:69:19:60:f0:c5:13:4a:4b:0b:ee:
         28:06:3b:91:ca:94:04:c2:e6:cc:c8:33:a1:24:1c:0d:eb:6a:
         a2:4b:ef:46:88:7a:69:ab:5a:34:5a:4c:31:d2:9a:00:c0:a6:
         26:68:31:11:ef:86:6d:2a:df:2c:df:5e:71:5d:55:fe:5a:01:
         e6:a3:fb:06:42:6d:91:fa:65:d8:ea:58:df:62:df:c6:d3:ff:
         93:8e:78:15:59:a9:24:80:10:61:ad:18:4e:35:5d:93:13:8c:
         73:50:5c:29:19:2f:e9:7a:70:ad:c0:67:cb:36:c4:87:10:72:
         fb:f6:09:41:46:40:ab:f3:3c:c1:b3:98:2b:97:f5:05:ec:6f:
         de:54:e7:8a:0f:f5:72:db:0a:57:22:46:90:d8:18:9e:56:be:
         5f:b6:28:ab:2f:2b:fc:ba:7b:55:78:ca:61:ae:0c:d7:46:08:
         08:09:b1:cb:99:cf:7a:4b:21:fc:ba:74:56:9e:37:09:fb:ac:
         5b:f1:e9:6a:31:c8:1a:5d:b6:89:b9:e1:f1:3e:f4:5b:3f:d4:
         8e:04:0c:fc:7c:43:bc:ff:15:51:09:cf:96:a9:08:f6:23:03:
         65:28:df:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdY1RaoHIH7SRgHBFlGKC+Pb+zMUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTBaFw0yNjA2MDQxNzM5NTBaMDMxMTAvBgNV
BAMTKDdDOUI0MEFERkQ2MjYxRDE0MTBCOTdEMkZFOEJFMTI2MkNERDI1QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYYdnU5eoHx3LmqAtX4qhJ9/s0
U3nGimVUiiMxw96VHESCkqeNgl9b0hvzFI+mJKO9we6tYJQZplM4xCJOds9AHv4/
6xPousOPONCadDkRsgrLkrQb3gwUi8nva4XJQKky8zscArN4ZL6zUeTs6Oy1y0tZ
Yge276n7wLW2v+hUkFeEB/GS+E0I3WfeaURXqzZX1zecGWqlO9Rlm70fzrmCdBoh
u61xgwvIBbXw04z7rTP+XIH949DZ+nfa+hGbxbMNVQ0itaodmfV2+y8eePJvhoEO
+weY+SY998kGIlzMgKdLcy8xGM8nlnkXibT3qCZnNNiuQeQvMa/aEJr0o8JlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfJtArf1iYdFBC5fS/ovhJizdJa8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3NzY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQy
MA0GCSqGSIb3DQEBCwUAA4IBAQBeS4bBPPvwEDO0V7Ib0E3jVYl0fMhM86Jt6WkZ
YPDFE0pLC+4oBjuRypQEwubMyDOhJBwN62qiS+9GiHppq1o0Wkwx0poAwKYmaDER
74ZtKt8s315xXVX+WgHmo/sGQm2R+mXY6ljfYt/G0/+TjngVWakkgBBhrRhONV2T
E4xzUFwpGS/penCtwGfLNsSHEHL79glBRkCr8zzBs5grl/UF7G/eVOeKD/Vy2wpX
IkaQ2BieVr5ftiirLyv8untVeMphrgzXRggICbHLmc96SyH8unRWnjcJ+6xb8elq
McgaXbaJueHxPvRbP9SOBAz8fEO8/xVRCc+WqQj2IwNlKN/T
-----END CERTIFICATE-----