Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212335.roa
File:                     AS212335.roa (raw, json)
Hash identifier:          qhYhktIZCmfpLOtkVUngznzfHAdkSzmJyj8dJlRkG6o=
Subject key identifier:   36:46:12:53:36:94:E5:00:1D:AE:9F:82:59:E4:A7:FC:C2:68:2F:30
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7C1B55DC3B9A6E62F5235B631F540F899D1953B2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212335.roa
Signing time:             Thu 05 Jun 2025 17:39:51 +0000
ROA not before:           Thu 05 Jun 2025 17:34:51 +0000
ROA not after:            Thu 04 Jun 2026 17:39:51 +0000
asID:                     212335
IP address blocks:        143.20.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:1b:55:dc:3b:9a:6e:62:f5:23:5b:63:1f:54:0f:89:9d:19:53:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:51 2025 GMT
            Not After : Jun  4 17:39:51 2026 GMT
        Subject: CN=364612533694E5001DAE9F8259E4A7FCC2682F30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9e:0a:ee:a6:fd:c5:4c:85:e5:f9:55:ef:51:
                    0e:10:6a:6b:28:6f:ef:5b:96:8b:fd:7d:d1:1c:91:
                    b4:ef:d5:47:48:8b:a8:64:43:b9:37:6d:73:a6:9d:
                    78:58:6f:3f:2e:94:4d:09:96:ea:ee:8a:9b:a7:fb:
                    8a:a5:ac:1f:9c:39:78:c3:09:62:fe:e2:d9:73:ed:
                    ca:7b:a7:66:92:ac:09:8c:f4:30:8a:0b:0b:e1:4c:
                    ef:e9:a8:db:d5:1f:41:be:ab:12:1b:93:9c:d8:19:
                    be:da:58:52:15:7e:9e:10:27:71:25:f9:96:e5:b3:
                    9a:17:1e:da:cc:3b:45:42:7d:f0:1d:8d:41:b0:0d:
                    f2:02:ad:be:35:00:79:22:81:87:b5:b6:bf:3d:48:
                    55:0e:73:80:a2:d9:c0:79:d9:2c:53:fc:d4:23:0f:
                    2e:15:8f:8e:46:d5:79:41:e0:79:c8:08:aa:72:55:
                    24:cc:da:98:4f:a7:a8:c1:6b:30:4d:4a:95:63:58:
                    71:b3:d0:21:1c:00:55:c4:69:e6:c1:89:76:f3:37:
                    98:e5:c2:e4:87:3f:fb:4c:49:31:cb:1e:de:01:01:
                    25:af:32:65:1d:02:66:9d:d4:c6:dc:dc:ca:3d:29:
                    e5:51:16:ef:99:1a:1d:df:57:b9:1d:ae:75:cf:2f:
                    ef:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:46:12:53:36:94:E5:00:1D:AE:9F:82:59:E4:A7:FC:C2:68:2F:30
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS212335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:97:65:de:73:03:5a:d9:30:d1:ae:7b:9f:23:68:5c:7a:f5:
         e4:f7:b6:5b:0c:d1:74:ed:9d:d0:66:b5:b5:b0:c6:dd:2a:fb:
         34:5a:70:da:5b:f1:ae:87:5a:15:6a:b0:cd:54:73:e9:76:30:
         e7:0b:8a:ba:7b:44:7b:a2:76:5d:05:d9:6a:55:9d:19:ed:b1:
         7a:3f:f8:02:6a:a6:78:85:0c:b7:ff:40:98:b7:40:e6:6e:69:
         55:6f:c9:6c:81:d5:fb:04:e9:ff:bc:b1:8b:3d:ae:55:dc:6d:
         75:81:e5:dd:62:29:90:23:ca:dc:88:84:6d:e9:09:eb:8f:4f:
         07:24:b3:51:d0:e5:cc:0f:02:db:7d:4c:c1:94:fd:67:93:ed:
         5d:e7:de:b9:09:ba:a9:de:0c:54:4f:04:bb:9c:71:ad:a6:13:
         a4:50:d2:b9:5a:96:f3:2e:ce:9d:c0:3d:b8:f3:19:55:ba:5b:
         40:21:fe:f9:c4:2a:21:ae:89:3a:af:97:34:08:47:ad:d7:6e:
         17:a0:1a:05:15:a3:b9:4c:e0:a8:7c:37:3e:02:0b:7d:90:d9:
         10:0a:2d:f3:01:a7:17:27:95:0a:20:6b:f5:12:82:86:78:82:
         96:c5:e5:8e:16:3e:f8:00:cf:18:7e:97:16:5c:20:bd:f6:45:
         98:bc:1e:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfBtV3DuabmL1I1tjH1QPiZ0ZU7IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTFaFw0yNjA2MDQxNzM5NTFaMDMxMTAvBgNV
BAMTKDM2NDYxMjUzMzY5NEU1MDAxREFFOUY4MjU5RTRBN0ZDQzI2ODJGMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2ngrupv3FTIXl+VXvUQ4Qamso
b+9blov9fdEckbTv1UdIi6hkQ7k3bXOmnXhYbz8ulE0Jluruipun+4qlrB+cOXjD
CWL+4tlz7cp7p2aSrAmM9DCKCwvhTO/pqNvVH0G+qxIbk5zYGb7aWFIVfp4QJ3El
+Zbls5oXHtrMO0VCffAdjUGwDfICrb41AHkigYe1tr89SFUOc4Ci2cB52SxT/NQj
Dy4Vj45G1XlB4HnICKpyVSTM2phPp6jBazBNSpVjWHGz0CEcAFXEaebBiXbzN5jl
wuSHP/tMSTHLHt4BASWvMmUdAmad1Mbc3Mo9KeVRFu+ZGh3fV7kdrnXPL+8ZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNkYSUzaU5QAdrp+CWeSn/MJoLzAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEyMzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRl
MA0GCSqGSIb3DQEBCwUAA4IBAQBCl2XecwNa2TDRrnufI2hcevXk97ZbDNF07Z3Q
ZrW1sMbdKvs0WnDaW/Guh1oVarDNVHPpdjDnC4q6e0R7onZdBdlqVZ0Z7bF6P/gC
aqZ4hQy3/0CYt0DmbmlVb8lsgdX7BOn/vLGLPa5V3G11geXdYimQI8rciIRt6Qnr
j08HJLNR0OXMDwLbfUzBlP1nk+1d5965Cbqp3gxUTwS7nHGtphOkUNK5WpbzLs6d
wD248xlVultAIf75xCohrok6r5c0CEet124XoBoFFaO5TOCofDc+Agt9kNkQCi3z
AacXJ5UKIGv1EoKGeIKWxeWOFj74AM8YfpcWXCC99kWYvB7/
-----END CERTIFICATE-----