Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa
File:                     AS207769.roa (raw, json)
Hash identifier:          Kz5Dc+yCgHot09S5xS2b1VbVRVk4HOHAcV2ZZNlNlEw=
Subject key identifier:   17:8C:41:B5:D7:03:6E:9F:5A:14:5A:FE:6F:86:0A:60:61:BA:FB:85
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7B202A2C9BFC527F5AFADC2C5B6B81DFA0684D0D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa
Signing time:             Mon 02 Mar 2026 06:13:38 +0000
ROA not before:           Mon 02 Mar 2026 06:08:38 +0000
ROA not after:            Mon 01 Mar 2027 06:13:38 +0000
asID:                     207769
IP address blocks:        143.20.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:20:2a:2c:9b:fc:52:7f:5a:fa:dc:2c:5b:6b:81:df:a0:68:4d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Mar  2 06:08:38 2026 GMT
            Not After : Mar  1 06:13:38 2027 GMT
        Subject: CN=178C41B5D7036E9F5A145AFE6F860A6061BAFB85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6f:16:ad:03:4b:51:45:cf:37:d6:4a:d4:03:
                    e2:92:49:e3:ef:c2:9f:6e:3c:f3:31:64:24:38:5a:
                    15:88:55:fe:d5:95:92:21:0f:61:41:f5:60:a4:d4:
                    6b:ce:61:d5:46:69:6b:30:ab:82:63:06:d7:4f:5a:
                    58:cb:92:fb:4c:86:dc:4d:99:6b:bd:3a:24:0e:68:
                    73:65:76:55:5a:4e:3f:50:58:c5:9e:fa:c9:f3:bd:
                    4c:58:11:6e:11:8f:e3:a9:f8:59:db:ee:6a:52:f9:
                    d7:dc:8a:10:02:a6:d4:22:60:79:d4:7a:a4:00:63:
                    9c:bb:e0:aa:4c:89:32:d6:61:9e:50:81:b8:90:b0:
                    cd:fa:63:2c:aa:50:df:98:da:4c:fd:58:0b:7a:48:
                    44:e6:6b:a5:9e:86:f8:8b:90:d7:06:37:58:1b:2a:
                    3f:ba:78:e5:c5:04:fa:d8:e1:4e:15:be:eb:aa:20:
                    a4:3b:01:cd:78:58:e2:70:5d:6b:0a:fc:08:2b:b5:
                    19:09:69:4c:6a:5a:5e:60:ed:7a:56:d4:41:73:89:
                    85:9c:33:3e:b1:7e:d7:e4:8d:c5:32:96:58:f1:2f:
                    9b:cf:38:c1:9c:7f:0e:76:a3:63:5d:05:1f:29:d8:
                    53:5c:24:68:1b:db:0d:4b:d3:a6:22:74:96:3c:35:
                    3c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:8C:41:B5:D7:03:6E:9F:5A:14:5A:FE:6F:86:0A:60:61:BA:FB:85
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS207769.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c6:e5:92:33:a4:d2:5d:c3:76:64:29:27:1b:4a:1b:2e:8b:
         c2:7c:e0:eb:09:73:16:45:c8:d7:2d:65:d8:2f:0e:e4:4d:16:
         78:8c:07:59:f5:d7:d3:1b:af:c6:93:f2:c3:f0:3a:a3:1c:04:
         d2:87:0d:f7:2e:08:8b:3a:72:27:48:f4:4b:04:94:3c:69:9b:
         e6:29:da:27:41:4d:cb:99:c5:c2:48:e3:0b:20:1b:06:40:d8:
         35:b0:a8:3f:a7:c6:5b:4c:af:25:2a:b6:d7:85:67:3c:de:b9:
         32:31:dc:99:3f:ea:af:b7:4c:04:8a:a5:b9:d4:3f:2e:c0:7f:
         aa:a5:66:1c:f2:1d:f8:a3:3c:4c:99:1c:a5:a8:d7:24:9a:f1:
         6d:43:64:a2:8f:17:3f:ec:e5:24:a0:9f:c5:cf:de:11:23:2e:
         38:51:a0:b8:d8:78:c4:16:e5:03:7a:bb:41:85:4d:51:99:9d:
         11:79:9d:4a:04:88:85:89:16:63:39:c5:11:3a:01:db:e3:9f:
         17:0a:c7:75:b5:77:10:8f:52:37:7f:ea:2f:ab:7a:78:03:1e:
         d2:e7:a4:f9:13:6a:29:39:9d:28:7b:a0:f6:ff:16:0c:63:70:
         38:83:81:cb:6c:67:8d:41:54:21:95:d4:b5:35:4a:d6:29:12:
         14:c2:44:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeyAqLJv8Un9a+twsW2uB36BoTQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMDIwNjA4MzhaFw0yNzAzMDEwNjEzMzhaMDMxMTAvBgNV
BAMTKDE3OEM0MUI1RDcwMzZFOUY1QTE0NUFGRTZGODYwQTYwNjFCQUZCODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCybxatA0tRRc831krUA+KSSePv
wp9uPPMxZCQ4WhWIVf7VlZIhD2FB9WCk1GvOYdVGaWswq4JjBtdPWljLkvtMhtxN
mWu9OiQOaHNldlVaTj9QWMWe+snzvUxYEW4Rj+Op+Fnb7mpS+dfcihACptQiYHnU
eqQAY5y74KpMiTLWYZ5QgbiQsM36YyyqUN+Y2kz9WAt6SETma6WehviLkNcGN1gb
Kj+6eOXFBPrY4U4VvuuqIKQ7Ac14WOJwXWsK/AgrtRkJaUxqWl5g7XpW1EFziYWc
Mz6xftfkjcUylljxL5vPOMGcfw52o2NdBR8p2FNcJGgb2w1L06YidJY8NTzbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUF4xBtdcDbp9aFFr+b4YKYGG6+4UwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA3NzY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQy
MA0GCSqGSIb3DQEBCwUAA4IBAQBBxuWSM6TSXcN2ZCknG0obLovCfODrCXMWRcjX
LWXYLw7kTRZ4jAdZ9dfTG6/Gk/LD8DqjHATShw33LgiLOnInSPRLBJQ8aZvmKdon
QU3LmcXCSOMLIBsGQNg1sKg/p8ZbTK8lKrbXhWc83rkyMdyZP+qvt0wEiqW51D8u
wH+qpWYc8h34ozxMmRylqNckmvFtQ2Sijxc/7OUkoJ/Fz94RIy44UaC42HjEFuUD
ertBhU1RmZ0ReZ1KBIiFiRZjOcUROgHb458XCsd1tXcQj1I3f+ovq3p4Ax7S56T5
E2opOZ0oe6D2/xYMY3A4g4HLbGeNQVQhldS1NUrWKRIUwkT2
-----END CERTIFICATE-----