Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209557.roa
File:                     AS209557.roa (raw, json)
Hash identifier:          MgDD2qFgKX3a2APRyh/JHvdiUZOqZpeZCubfA23Nnn8=
Subject key identifier:   04:D5:7E:34:93:2F:CC:D3:44:D7:DA:E1:5C:57:07:90:39:BF:77:3E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       18A7C031354CDBFE8DFEBC006AAFAC9F466EF589
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209557.roa
Signing time:             Tue 19 May 2026 15:50:08 +0000
ROA not before:           Tue 19 May 2026 15:45:08 +0000
ROA not after:            Tue 18 May 2027 15:50:08 +0000
asID:                     209557
IP address blocks:        143.20.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:a7:c0:31:35:4c:db:fe:8d:fe:bc:00:6a:af:ac:9f:46:6e:f5:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 19 15:45:08 2026 GMT
            Not After : May 18 15:50:08 2027 GMT
        Subject: CN=04D57E34932FCCD344D7DAE15C57079039BF773E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:70:2f:4e:3c:85:41:ad:96:5d:40:50:5e:b9:
                    e4:c0:06:f3:a7:2d:f2:4e:90:9b:fd:89:42:47:dd:
                    62:a3:03:f2:24:df:0e:c5:40:cb:0e:b9:5c:80:5d:
                    52:58:3c:c3:da:0d:07:33:3c:6a:db:2c:c0:d8:ad:
                    d7:64:80:81:51:3a:60:7e:81:7d:ee:9a:a6:f3:08:
                    0d:3e:bf:48:11:67:33:68:6e:7b:ff:c7:ea:bd:f5:
                    49:a7:19:60:f4:08:42:48:30:14:74:2e:38:31:52:
                    61:e5:36:db:89:a6:08:9b:52:db:b6:e2:d4:5d:a3:
                    9f:70:e5:72:b6:1e:05:9d:00:9f:fc:bf:e4:ac:32:
                    b6:15:ec:02:3d:0c:f6:ee:16:58:65:1b:9c:f3:cf:
                    4e:bc:fc:98:9b:60:a1:6b:1c:3f:50:5e:6f:30:13:
                    ff:e5:e4:60:b0:19:22:3c:e1:a3:12:2d:cf:93:e0:
                    14:67:bd:c7:6d:4e:fd:ff:3b:bb:87:7f:68:f4:70:
                    c6:7d:de:57:c3:b7:18:72:f5:f4:db:50:d6:65:29:
                    1e:14:de:7f:f0:02:8e:81:91:89:a7:9e:f5:11:55:
                    21:5d:35:6d:18:62:49:38:c4:fb:4f:61:96:ad:aa:
                    89:86:85:c2:85:bc:74:51:2b:af:97:ca:89:ae:ec:
                    7d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:D5:7E:34:93:2F:CC:D3:44:D7:DA:E1:5C:57:07:90:39:BF:77:3E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:21:cb:43:6a:02:07:8a:aa:00:56:85:cb:2c:73:ef:af:07:
         d6:06:60:12:e2:d4:eb:98:03:1a:44:53:81:f0:d2:44:ee:61:
         87:61:5a:0c:f1:b2:26:56:36:7d:c7:7d:c7:12:22:8d:f0:ef:
         31:32:e8:0f:6e:9d:3a:9b:df:97:15:d2:e8:14:6d:8d:33:2c:
         14:78:a5:c8:cc:a5:81:2a:63:1c:be:48:1a:ff:89:63:22:03:
         24:d8:f7:d1:e1:c6:bd:a8:ca:46:cd:fd:33:8e:ce:91:84:e1:
         5c:21:24:21:40:68:85:a5:38:e2:96:a1:64:3c:d3:6e:e2:dc:
         13:4e:e3:e3:51:b7:2a:71:6d:55:58:39:94:21:aa:33:5e:89:
         0f:7d:10:ce:52:c1:4d:0d:55:89:ca:31:b6:2e:59:56:a8:bf:
         03:63:70:44:8d:b5:03:53:50:85:1c:db:19:d9:a2:f8:7d:bc:
         9d:47:10:af:04:97:40:a4:d1:24:18:4b:f1:c1:51:06:0e:c5:
         be:10:82:b4:d3:0b:b7:cd:67:bc:a6:ed:29:8b:42:a5:7a:90:
         4c:dc:eb:06:c7:ca:d3:4a:23:6a:aa:cc:4f:ac:1d:9f:2c:e2:
         02:38:3d:63:14:53:16:7f:50:d9:36:c7:da:7b:bc:0f:1a:59:
         c7:14:b4:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGKfAMTVM2/6N/rwAaq+sn0Zu9YkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MTkxNTQ1MDhaFw0yNzA1MTgxNTUwMDhaMDMxMTAvBgNV
BAMTKDA0RDU3RTM0OTMyRkNDRDM0NEQ3REFFMTVDNTcwNzkwMzlCRjc3M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCicC9OPIVBrZZdQFBeueTABvOn
LfJOkJv9iUJH3WKjA/Ik3w7FQMsOuVyAXVJYPMPaDQczPGrbLMDYrddkgIFROmB+
gX3umqbzCA0+v0gRZzNobnv/x+q99UmnGWD0CEJIMBR0LjgxUmHlNtuJpgibUtu2
4tRdo59w5XK2HgWdAJ/8v+SsMrYV7AI9DPbuFlhlG5zzz068/JibYKFrHD9QXm8w
E//l5GCwGSI84aMSLc+T4BRnvcdtTv3/O7uHf2j0cMZ93lfDtxhy9fTbUNZlKR4U
3n/wAo6BkYmnnvURVSFdNW0YYkk4xPtPYZatqomGhcKFvHRRK6+Xyomu7H1BAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBNV+NJMvzNNE19rhXFcHkDm/dz4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA5NTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQH
MA0GCSqGSIb3DQEBCwUAA4IBAQC5IctDagIHiqoAVoXLLHPvrwfWBmAS4tTrmAMa
RFOB8NJE7mGHYVoM8bImVjZ9x33HEiKN8O8xMugPbp06m9+XFdLoFG2NMywUeKXI
zKWBKmMcvkga/4ljIgMk2PfR4ca9qMpGzf0zjs6RhOFcISQhQGiFpTjilqFkPNNu
4twTTuPjUbcqcW1VWDmUIaozXokPfRDOUsFNDVWJyjG2LllWqL8DY3BEjbUDU1CF
HNsZ2aL4fbydRxCvBJdApNEkGEvxwVEGDsW+EIK00wu3zWe8pu0pi0KlepBM3OsG
x8rTSiNqqsxPrB2fLOICOD1jFFMWf1DZNsfae7wPGlnHFLSs
-----END CERTIFICATE-----