Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211014.roa
File:                     AS211014.roa (raw, json)
Hash identifier:          HV6r5iBZs+Me/RlU29wEUFcm+Ojp7vPQlA0vGFA0+Qg=
Subject key identifier:   E2:18:0D:97:07:27:CD:D1:41:1C:81:CF:3A:8E:FF:92:75:3F:4E:E4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       799B216367BA759A0B64358530296A39FBA9F9FA
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211014.roa
Signing time:             Wed 15 Oct 2025 13:37:08 +0000
ROA not before:           Wed 15 Oct 2025 13:32:08 +0000
ROA not after:            Wed 14 Oct 2026 13:37:08 +0000
asID:                     211014
IP address blocks:        143.20.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 19:12:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:9b:21:63:67:ba:75:9a:0b:64:35:85:30:29:6a:39:fb:a9:f9:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 15 13:32:08 2025 GMT
            Not After : Oct 14 13:37:08 2026 GMT
        Subject: CN=E2180D970727CDD1411C81CF3A8EFF92753F4EE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:21:e4:99:ed:55:f0:db:8d:11:af:bc:12:85:
                    fc:c8:86:a7:40:66:c4:a3:7a:29:1d:38:84:1a:be:
                    7c:db:f9:da:bd:17:a1:3e:0b:cc:74:11:e1:1d:5e:
                    e4:5a:22:e3:38:d6:9f:9b:74:5a:ae:68:75:59:6b:
                    25:9a:b1:85:b7:5e:e2:c5:90:fd:1c:d9:ea:2d:65:
                    85:87:df:ac:f9:0b:2b:1c:30:b1:6f:61:a2:1d:f0:
                    87:44:82:49:3d:d1:3a:ea:bf:dc:cc:dc:fe:84:93:
                    66:ca:23:e1:12:15:c9:77:fe:63:5d:61:38:f5:29:
                    64:3d:34:03:60:e2:11:6b:3e:b1:07:22:fa:ca:b0:
                    59:f2:7b:64:08:de:42:5f:65:f8:55:cc:ad:03:89:
                    2e:58:92:b7:52:1e:65:10:eb:8c:8f:e1:65:f9:30:
                    58:be:65:cd:1e:35:15:14:b8:b0:21:57:94:0f:62:
                    c3:69:e6:27:79:d0:76:02:b4:36:e2:f5:66:a3:df:
                    fc:ca:bb:72:65:b7:ed:20:66:48:e8:70:65:7f:1f:
                    6e:78:b6:4e:fd:12:93:0f:69:b1:46:c6:0a:56:81:
                    1a:72:be:85:d8:3b:3a:dc:f2:29:c7:75:0f:8b:aa:
                    dd:9f:80:95:54:6c:37:2f:0f:a0:e2:08:b6:1e:7f:
                    ec:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:18:0D:97:07:27:CD:D1:41:1C:81:CF:3A:8E:FF:92:75:3F:4E:E4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS211014.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:5f:7c:4a:23:6f:a5:d6:8b:48:f9:8e:08:83:4f:41:39:f5:
         3d:da:99:87:71:56:2c:0d:89:24:44:62:c0:1c:3b:6b:79:c6:
         8b:b0:82:f9:7b:cd:88:e5:51:12:a3:63:dd:9e:35:fa:73:09:
         1c:97:00:fb:d8:44:65:70:21:5a:03:08:14:a4:c4:a2:04:5f:
         59:95:e8:e9:a6:44:e9:52:4c:d5:8a:7b:6d:6f:f2:a7:f9:76:
         78:40:35:7f:e5:80:39:b6:71:12:24:e3:18:a8:ac:d5:19:a5:
         19:fc:40:8b:68:df:2e:22:28:79:bd:48:88:93:a1:3f:0b:b8:
         b5:f2:e3:1a:68:05:24:25:65:6e:2e:e2:ea:0a:aa:98:af:d9:
         ee:d7:f9:75:ed:4b:b9:a9:25:3f:8d:13:c1:84:21:81:e9:b4:
         03:56:40:11:3e:e1:6a:4a:4d:3e:43:92:0b:80:05:f2:bd:6f:
         0e:a2:04:00:cf:1f:52:39:8d:79:76:63:b4:25:46:87:ad:4b:
         9b:d4:dc:b0:4f:e9:54:e1:2e:2c:fb:67:e5:5d:a4:47:b5:15:
         51:9e:ec:8d:d5:e2:4d:e8:a2:0e:41:8f:66:99:61:3b:4c:0e:
         6d:e2:fd:3d:57:0b:e3:09:c6:af:23:6b:1d:b8:20:4d:a4:a0:
         14:13:dc:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeZshY2e6dZoLZDWFMClqOfup+fowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMTUxMzMyMDhaFw0yNjEwMTQxMzM3MDhaMDMxMTAvBgNV
BAMTKEUyMTgwRDk3MDcyN0NERDE0MTFDODFDRjNBOEVGRjkyNzUzRjRFRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzIeSZ7VXw240Rr7wShfzIhqdA
ZsSjeikdOIQavnzb+dq9F6E+C8x0EeEdXuRaIuM41p+bdFquaHVZayWasYW3XuLF
kP0c2eotZYWH36z5CyscMLFvYaId8IdEgkk90Trqv9zM3P6Ek2bKI+ESFcl3/mNd
YTj1KWQ9NANg4hFrPrEHIvrKsFnye2QI3kJfZfhVzK0DiS5YkrdSHmUQ64yP4WX5
MFi+Zc0eNRUUuLAhV5QPYsNp5id50HYCtDbi9Waj3/zKu3Jlt+0gZkjocGV/H254
tk79EpMPabFGxgpWgRpyvoXYOzrc8inHdQ+Lqt2fgJVUbDcvD6DiCLYef+zxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4hgNlwcnzdFBHIHPOo7/knU/TuQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjExMDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSd
MA0GCSqGSIb3DQEBCwUAA4IBAQCjX3xKI2+l1otI+Y4Ig09BOfU92pmHcVYsDYkk
RGLAHDtrecaLsIL5e82I5VESo2PdnjX6cwkclwD72ERlcCFaAwgUpMSiBF9Zlejp
pkTpUkzVinttb/Kn+XZ4QDV/5YA5tnESJOMYqKzVGaUZ/ECLaN8uIih5vUiIk6E/
C7i18uMaaAUkJWVuLuLqCqqYr9nu1/l17Uu5qSU/jRPBhCGB6bQDVkARPuFqSk0+
Q5ILgAXyvW8OogQAzx9SOY15dmO0JUaHrUub1NywT+lU4S4s+2flXaRHtRVRnuyN
1eJN6KIOQY9mmWE7TA5t4v09VwvjCcavI2sduCBNpKAUE9w+
-----END CERTIFICATE-----