Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213920.roa
File:                     AS213920.roa (raw, json)
Hash identifier:          SsXJk+5pb7fa/aEsE0biEpH+yyLPEB4EDES7zyN2qYc=
Subject key identifier:   D0:89:EE:58:8E:5B:E6:EC:8A:C5:43:86:3B:28:29:01:4B:0F:44:3C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1B76BF1FDD6FFF90D1BB7ABE88CAC38657E1F69C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213920.roa
Signing time:             Thu 05 Jun 2025 17:39:50 +0000
ROA not before:           Thu 05 Jun 2025 17:34:50 +0000
ROA not after:            Thu 04 Jun 2026 17:39:50 +0000
asID:                     213920
IP address blocks:        143.20.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:76:bf:1f:dd:6f:ff:90:d1:bb:7a:be:88:ca:c3:86:57:e1:f6:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:50 2025 GMT
            Not After : Jun  4 17:39:50 2026 GMT
        Subject: CN=D089EE588E5BE6EC8AC543863B2829014B0F443C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:37:00:9f:b2:b1:97:1d:fe:65:7e:0a:09:a4:
                    f6:2f:4b:63:02:df:ea:4f:ed:fc:68:4a:6c:ca:c2:
                    1b:69:f6:48:b6:0e:56:c3:34:0f:a7:1e:e0:80:85:
                    a8:51:3f:05:0c:37:14:81:74:8a:21:fa:c0:fa:7f:
                    95:08:56:da:c6:e4:7c:fa:66:ff:22:79:e8:a4:e9:
                    15:8d:27:9b:8a:7d:2f:81:c2:26:60:33:79:eb:24:
                    0b:eb:05:2f:c0:12:5e:35:5d:5d:e2:df:77:e3:f7:
                    bf:9d:fa:e3:0f:7a:c5:1e:a6:c6:d8:8e:a5:46:8f:
                    96:75:42:c6:ef:34:b0:15:68:a1:fd:48:42:8f:65:
                    d3:e5:79:f4:f4:af:5d:84:5a:9a:9f:ca:0f:bd:7c:
                    af:db:9a:1a:41:d7:e3:f7:d1:3e:f8:99:4b:d1:16:
                    51:a2:da:93:d2:70:9a:53:92:56:2f:78:27:9e:4d:
                    e5:55:5f:a9:fc:42:32:65:57:07:af:94:16:d8:7f:
                    b5:03:17:79:ca:8a:30:20:78:be:24:93:4e:dc:71:
                    1c:4f:61:1b:32:73:ad:37:ad:a4:1b:5b:04:00:d1:
                    39:fc:9d:b1:ef:85:c4:08:33:ed:4f:77:ff:ed:ed:
                    aa:ed:f8:29:97:47:8d:c8:73:60:5a:93:ae:0b:1b:
                    5b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:89:EE:58:8E:5B:E6:EC:8A:C5:43:86:3B:28:29:01:4B:0F:44:3C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213920.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:67:d1:aa:c9:9e:4a:13:ea:a2:4f:bf:67:83:d6:e1:5c:80:
         b3:f1:16:e9:1c:c4:7a:d4:9b:da:12:da:b3:4f:ab:9a:d2:93:
         f6:39:5c:41:57:8e:87:5a:25:52:6f:77:a1:2a:95:bd:7a:a3:
         a7:c9:54:69:cf:6d:89:11:ab:21:d5:8f:92:3d:f9:a6:a9:f0:
         8c:39:bd:45:92:a3:da:1e:ad:ff:6b:1a:6f:55:73:86:0c:7b:
         15:29:58:47:a4:bb:51:b1:96:ad:d7:14:a0:16:0d:34:01:91:
         f4:fa:0c:ce:31:57:6f:a0:57:28:5a:6e:60:95:e9:6f:ba:f7:
         26:9f:13:50:7a:8e:11:0b:0a:12:f6:98:cd:9f:69:2f:85:f1:
         da:42:5e:63:92:7c:35:db:31:b8:96:0f:73:5c:18:42:5c:2f:
         0b:50:00:de:f9:50:31:b4:fc:4c:b6:3b:b8:0c:72:8b:eb:c4:
         7d:d8:ce:3a:14:ea:d4:bd:4a:24:bb:d5:0a:04:50:5d:c0:72:
         bd:bf:9e:ee:27:5b:c5:70:2f:78:77:fc:60:81:ae:30:80:5e:
         d5:0c:71:1a:e9:90:c9:93:ed:0b:d8:0b:f6:87:cd:aa:bb:98:
         f7:b9:15:4c:c9:9f:46:d0:17:a5:29:94:1c:69:cc:1f:8f:88:
         00:ec:2b:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUG3a/H91v/5DRu3q+iMrDhlfh9pwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTBaFw0yNjA2MDQxNzM5NTBaMDMxMTAvBgNV
BAMTKEQwODlFRTU4OEU1QkU2RUM4QUM1NDM4NjNCMjgyOTAxNEIwRjQ0M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbNwCfsrGXHf5lfgoJpPYvS2MC
3+pP7fxoSmzKwhtp9ki2DlbDNA+nHuCAhahRPwUMNxSBdIoh+sD6f5UIVtrG5Hz6
Zv8ieeik6RWNJ5uKfS+BwiZgM3nrJAvrBS/AEl41XV3i33fj97+d+uMPesUepsbY
jqVGj5Z1QsbvNLAVaKH9SEKPZdPlefT0r12EWpqfyg+9fK/bmhpB1+P30T74mUvR
FlGi2pPScJpTklYveCeeTeVVX6n8QjJlVwevlBbYf7UDF3nKijAgeL4kk07ccRxP
YRsyc603raQbWwQA0Tn8nbHvhcQIM+1Pd//t7art+CmXR43Ic2Bak64LG1tPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU0InuWI5b5uyKxUOGOygpAUsPRDwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEzOTIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQA
MA0GCSqGSIb3DQEBCwUAA4IBAQADZ9GqyZ5KE+qiT79ng9bhXICz8RbpHMR61Jva
EtqzT6ua0pP2OVxBV46HWiVSb3ehKpW9eqOnyVRpz22JEash1Y+SPfmmqfCMOb1F
kqPaHq3/axpvVXOGDHsVKVhHpLtRsZat1xSgFg00AZH0+gzOMVdvoFcoWm5glelv
uvcmnxNQeo4RCwoS9pjNn2kvhfHaQl5jknw12zG4lg9zXBhCXC8LUADe+VAxtPxM
tju4DHKL68R92M46FOrUvUoku9UKBFBdwHK9v57uJ1vFcC94d/xgga4wgF7VDHEa
6ZDJk+0L2Av2h82qu5j3uRVMyZ9G0BelKZQcacwfj4gA7Cvd
-----END CERTIFICATE-----