Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208504.roa
File:                     AS208504.roa (raw, json)
Hash identifier:          F0xEAUcZvA7fUZKA6WmPdp3fcs+zzZZ4ZGmrXNVDXdA=
Subject key identifier:   84:03:B1:C3:27:7A:F1:61:A4:35:13:88:FD:57:9D:34:E1:3E:68:BD
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3348F6C4F21D8C2AF79D091F4E806448D9F49B3F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208504.roa
Signing time:             Thu 23 Apr 2026 07:12:35 +0000
ROA not before:           Thu 23 Apr 2026 07:07:35 +0000
ROA not after:            Thu 22 Apr 2027 07:12:35 +0000
asID:                     208504
IP address blocks:        143.20.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 17:41:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:48:f6:c4:f2:1d:8c:2a:f7:9d:09:1f:4e:80:64:48:d9:f4:9b:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Apr 23 07:07:35 2026 GMT
            Not After : Apr 22 07:12:35 2027 GMT
        Subject: CN=8403B1C3277AF161A4351388FD579D34E13E68BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d7:e4:3c:ef:f7:da:38:7b:38:6c:d0:3e:a5:
                    ca:6d:d1:f0:2e:e6:98:b2:b6:5e:f1:c9:3f:2d:7e:
                    98:e0:2a:2f:1e:01:76:46:d5:08:92:32:14:3d:62:
                    16:bb:bd:00:c2:6f:24:8a:c3:5f:83:82:57:c6:b8:
                    4f:fa:03:4e:f3:72:16:92:b5:3c:6b:ab:43:d3:b1:
                    dc:e9:c5:b6:48:a5:d8:5c:ea:8d:70:de:8c:99:8d:
                    cd:5c:76:c1:bb:39:0f:ef:38:5a:b3:33:28:11:71:
                    fb:0a:f4:60:2a:31:c6:38:94:41:e8:7a:6a:57:ca:
                    2b:0f:38:8a:2c:72:bc:45:7c:82:67:4e:e7:f2:71:
                    5e:e4:65:ab:0b:c4:0f:c7:c5:23:ee:c9:d3:74:d5:
                    58:7c:70:ba:2e:b1:c7:6e:03:e1:54:3a:bb:69:ec:
                    6c:0d:6f:d5:7e:1e:67:03:38:02:d3:02:6b:38:3a:
                    2f:f1:17:4b:e2:d4:da:2b:06:fc:fd:16:44:c2:6c:
                    be:4b:be:f3:64:f6:e5:1a:94:92:23:30:22:8f:79:
                    60:b4:e5:1d:92:05:8f:d4:36:b1:b0:09:a6:ce:25:
                    59:18:15:f5:29:ca:98:52:73:c4:de:41:27:a5:0b:
                    58:7f:99:9e:47:d4:1a:81:77:75:19:44:de:9d:ed:
                    ac:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:03:B1:C3:27:7A:F1:61:A4:35:13:88:FD:57:9D:34:E1:3E:68:BD
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS208504.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:39:1b:a6:4b:4c:fd:1a:7c:e1:44:f4:97:a4:ed:b0:51:0e:
         0a:13:f9:a3:5c:fa:19:b7:f3:94:21:00:4b:cb:91:ea:bb:90:
         95:8f:9f:c7:67:c8:ac:b0:3e:09:93:ae:66:15:59:90:d2:29:
         65:a8:18:b5:55:13:b9:4c:ca:57:78:ce:93:6d:00:cf:a5:cb:
         48:66:5c:f5:f6:3e:5f:7d:c7:db:6f:14:6e:6b:62:50:17:9e:
         38:4a:fe:cb:f6:f4:31:34:5a:0f:93:50:0f:75:45:97:1f:8f:
         86:83:95:98:1f:b7:88:50:96:e3:eb:31:93:c1:20:68:01:33:
         b0:99:9f:62:17:ec:1d:ad:23:4d:ff:74:b4:cb:54:af:a6:93:
         3f:29:5f:21:0c:ae:b0:4d:7c:c4:b0:fb:1d:b1:66:8d:87:a4:
         98:66:1d:1e:f2:ac:a7:9a:c3:4d:e5:73:6a:e5:f8:8a:ea:fd:
         84:ae:11:36:f5:2d:9d:81:c6:11:40:ad:25:9e:fd:6d:3b:f0:
         25:6c:de:fe:86:83:9b:ce:04:26:72:9f:93:16:a9:2c:b4:e4:
         47:a0:fb:d0:11:6a:74:39:47:a3:a8:6e:0a:82:a7:dc:d9:b0:
         30:bb:b5:4f:10:65:08:0c:80:11:57:4d:69:54:eb:53:c5:30:
         fe:43:4b:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUM0j2xPIdjCr3nQkfToBkSNn0mz8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA0MjMwNzA3MzVaFw0yNzA0MjIwNzEyMzVaMDMxMTAvBgNV
BAMTKDg0MDNCMUMzMjc3QUYxNjFBNDM1MTM4OEZENTc5RDM0RTEzRTY4QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx1+Q87/faOHs4bNA+pcpt0fAu
5piytl7xyT8tfpjgKi8eAXZG1QiSMhQ9Yha7vQDCbySKw1+DglfGuE/6A07zchaS
tTxrq0PTsdzpxbZIpdhc6o1w3oyZjc1cdsG7OQ/vOFqzMygRcfsK9GAqMcY4lEHo
empXyisPOIoscrxFfIJnTufycV7kZasLxA/HxSPuydN01Vh8cLouscduA+FUOrtp
7GwNb9V+HmcDOALTAms4Oi/xF0vi1NorBvz9FkTCbL5LvvNk9uUalJIjMCKPeWC0
5R2SBY/UNrGwCabOJVkYFfUpyphSc8TeQSelC1h/mZ5H1BqBd3UZRN6d7awtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhAOxwyd68WGkNROI/VedNOE+aL0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA4NTA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxR0
MA0GCSqGSIb3DQEBCwUAA4IBAQByORumS0z9GnzhRPSXpO2wUQ4KE/mjXPoZt/OU
IQBLy5Hqu5CVj5/HZ8issD4Jk65mFVmQ0illqBi1VRO5TMpXeM6TbQDPpctIZlz1
9j5ffcfbbxRua2JQF544Sv7L9vQxNFoPk1APdUWXH4+Gg5WYH7eIUJbj6zGTwSBo
ATOwmZ9iF+wdrSNN/3S0y1SvppM/KV8hDK6wTXzEsPsdsWaNh6SYZh0e8qynmsNN
5XNq5fiK6v2ErhE29S2dgcYRQK0lnv1tO/AlbN7+hoObzgQmcp+TFqkstORHoPvQ
EWp0OUejqG4Kgqfc2bAwu7VPEGUIDIARV01pVOtTxTD+Q0sP
-----END CERTIFICATE-----