Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa
File:                     AS212238.roa (raw, json)
Hash identifier:          aMXwkDf/9B2wAIC1V4wfkLVTLkGPdhvGYdktas3iGGU=
Subject key identifier:   8E:D2:FA:8C:54:EB:88:06:F9:F8:66:93:9D:C2:4B:E0:8C:95:C0:79
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       352AE2D46D8A0AF2A419D51445BE6C8A3731F53E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa
Signing time:             Thu 05 Jun 2025 17:39:51 +0000
ROA not before:           Thu 05 Jun 2025 17:34:51 +0000
ROA not after:            Thu 04 Jun 2026 17:39:51 +0000
asID:                     212238
IP address blocks:        143.20.43.0/24 maxlen: 24
                          143.20.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:2a:e2:d4:6d:8a:0a:f2:a4:19:d5:14:45:be:6c:8a:37:31:f5:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:51 2025 GMT
            Not After : Jun  4 17:39:51 2026 GMT
        Subject: CN=8ED2FA8C54EB8806F9F866939DC24BE08C95C079
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b6:58:8a:8f:db:73:fb:02:0d:9b:2d:cb:00:
                    f7:ae:51:5d:ae:b0:cb:24:59:22:62:cd:05:3d:5b:
                    03:c6:d4:82:75:93:75:a9:e9:a7:af:24:b6:58:27:
                    2b:0a:b8:f5:87:27:36:bb:a8:07:5f:7f:7d:6c:6f:
                    aa:0a:96:4f:d9:e3:05:76:fc:c3:7f:b3:56:30:d7:
                    cc:ca:b0:e9:c4:fd:5e:67:ee:a9:ee:60:be:84:f9:
                    6f:ca:c7:ff:92:04:1c:bf:3b:7d:3a:5e:76:7c:b3:
                    43:1d:04:71:2e:85:f3:98:c0:7c:4b:cc:6e:c7:e4:
                    9f:8e:eb:22:e5:3c:15:a1:87:9b:ec:4d:f1:56:b2:
                    f0:5b:47:e8:bb:1e:c2:c2:f7:8e:12:97:53:34:68:
                    78:9d:38:73:ca:51:7d:b9:35:56:d0:7b:1b:53:e5:
                    dd:06:e4:ae:c7:31:00:c2:17:a9:3b:39:9a:42:b7:
                    71:53:ed:23:50:a9:79:58:9c:dc:45:fc:9d:c6:85:
                    8d:34:bd:c5:80:73:44:64:fe:bb:3c:d1:28:ac:db:
                    66:ba:7d:59:fb:0b:58:31:f8:21:9c:c7:0c:c5:b8:
                    8a:65:b4:8e:81:ee:8e:32:19:e1:83:bc:54:b8:5c:
                    31:92:ef:28:9c:4f:95:10:cc:f2:b7:d1:f7:6d:ea:
                    d0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:D2:FA:8C:54:EB:88:06:F9:F8:66:93:9D:C2:4B:E0:8C:95:C0:79
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.43.0/24
                  143.20.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:f9:af:1a:78:31:b8:a9:fe:2a:6e:3c:1f:56:f1:34:49:71:
         a0:5a:d8:70:fd:b0:c8:23:f5:44:a7:fe:8a:9f:fa:b2:ce:93:
         45:1d:79:a2:09:e4:2b:ff:69:97:04:a7:a1:87:af:9c:c5:92:
         a3:37:78:8c:f2:65:11:41:bf:be:b8:39:c8:6e:33:80:bd:bb:
         77:00:a6:60:8e:9e:d3:cd:2e:2d:32:08:ef:15:c8:02:9c:fc:
         17:07:79:d1:81:7b:a3:27:c6:9b:74:0f:a1:b1:0f:f6:ff:c7:
         5a:a7:b1:a3:bf:34:84:cb:48:94:1e:ea:64:77:7b:61:51:2d:
         84:2e:66:c2:94:e6:8e:6f:03:3a:0f:13:fc:d8:62:6d:22:ee:
         a4:a2:c8:98:73:7a:9e:a1:dd:1f:fb:c8:ef:25:a5:3b:3e:89:
         a8:80:9c:ae:64:8f:4e:79:56:e1:a8:84:95:2d:64:ad:ff:85:
         5c:e3:c9:db:ca:59:4e:a7:a6:fb:ea:c1:f9:07:5f:7f:86:10:
         2d:50:16:9b:16:89:73:c9:31:8c:ea:3e:bf:7b:30:ee:41:b0:
         2d:44:be:d9:90:b6:50:24:a7:1e:52:42:6d:06:81:03:24:7f:
         28:86:5f:c6:ba:1f:c5:74:32:81:92:d7:44:38:a8:13:f6:37:
         bc:7f:e3:ff
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUNSri1G2KCvKkGdUURb5sijcx9T4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTFaFw0yNjA2MDQxNzM5NTFaMDMxMTAvBgNV
BAMTKDhFRDJGQThDNTRFQjg4MDZGOUY4NjY5MzlEQzI0QkUwOEM5NUMwNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDftliKj9tz+wINmy3LAPeuUV2u
sMskWSJizQU9WwPG1IJ1k3Wp6aevJLZYJysKuPWHJza7qAdff31sb6oKlk/Z4wV2
/MN/s1Yw18zKsOnE/V5n7qnuYL6E+W/Kx/+SBBy/O306XnZ8s0MdBHEuhfOYwHxL
zG7H5J+O6yLlPBWhh5vsTfFWsvBbR+i7HsLC944Sl1M0aHidOHPKUX25NVbQextT
5d0G5K7HMQDCF6k7OZpCt3FT7SNQqXlYnNxF/J3GhY00vcWAc0Rk/rs80Sis22a6
fVn7C1gx+CGcxwzFuIpltI6B7o4yGeGDvFS4XDGS7yicT5UQzPK30fdt6tDFAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUjtL6jFTriAb5+GaTncJL4IyVwHkwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEyMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQr
AwQCjxR8MA0GCSqGSIb3DQEBCwUAA4IBAQAM+a8aeDG4qf4qbjwfVvE0SXGgWthw
/bDII/VEp/6Kn/qyzpNFHXmiCeQr/2mXBKehh6+cxZKjN3iM8mURQb++uDnIbjOA
vbt3AKZgjp7TzS4tMgjvFcgCnPwXB3nRgXujJ8abdA+hsQ/2/8dap7GjvzSEy0iU
Hupkd3thUS2ELmbClOaObwM6DxP82GJtIu6kosiYc3qeod0f+8jvJaU7PomogJyu
ZI9OeVbhqISVLWSt/4Vc48nbyllOp6b76sH5B19/hhAtUBabFolzyTGM6j6/ezDu
QbAtRL7ZkLZQJKceUkJtBoEDJH8ohl/Guh/FdDKBktdEOKgT9je8f+P/
-----END CERTIFICATE-----