Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213990.roa
File:                     AS213990.roa (raw, json)
Hash identifier:          m+EM9Ff3xqqKETVZnVxn6nNkDphdNw8v1YFYSALxJ+g=
Subject key identifier:   01:3E:09:F8:6B:00:6A:27:90:DF:67:88:59:52:69:50:F4:DE:45:C7
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4E891E0F368BF3FA8BFD7EC3124BBA4C9AFAF5C2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213990.roa
Signing time:             Mon 01 Jun 2026 12:39:12 +0000
ROA not before:           Mon 01 Jun 2026 12:34:12 +0000
ROA not after:            Mon 31 May 2027 12:39:12 +0000
asID:                     213990
IP address blocks:        143.20.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:89:1e:0f:36:8b:f3:fa:8b:fd:7e:c3:12:4b:ba:4c:9a:fa:f5:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  1 12:34:12 2026 GMT
            Not After : May 31 12:39:12 2027 GMT
        Subject: CN=013E09F86B006A2790DF678859526950F4DE45C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9b:db:9d:d9:52:df:7f:15:12:48:9e:1c:bd:
                    1d:c7:32:7a:4b:58:55:ab:05:c5:81:09:f5:c7:af:
                    d8:18:cf:ea:10:bf:90:bc:a6:5c:cc:31:7a:f5:34:
                    c6:bc:1d:00:e8:84:42:7b:e3:00:ec:c5:87:92:67:
                    13:a2:43:86:27:13:4e:7e:56:c8:f4:0d:84:7b:5c:
                    da:76:66:6a:a6:8d:60:fc:06:89:b3:e0:a7:42:a6:
                    2e:a9:5e:a1:9c:f5:12:de:17:a7:83:cf:75:29:38:
                    1e:7f:19:e7:71:ed:de:2d:bb:3c:97:b2:21:21:b7:
                    c7:97:c1:5f:48:c5:f2:6d:6e:6e:e0:15:99:f9:47:
                    5f:c8:1f:19:e3:86:bc:d6:f7:27:74:59:b6:52:d5:
                    2a:5d:eb:5b:9b:1b:8e:db:6a:00:b6:79:dc:57:bf:
                    35:d4:7b:da:25:3d:73:02:40:11:73:72:e4:b3:21:
                    6f:4d:ba:a1:f5:7e:2b:2b:ac:c5:f6:c4:92:e4:30:
                    5f:9a:40:5a:04:f0:6d:21:c2:0d:b4:7f:90:e6:98:
                    4e:9e:21:94:45:78:3f:3b:8e:6d:aa:34:d1:63:7d:
                    b2:da:41:ef:84:bf:b4:2f:a1:51:44:fe:42:73:9a:
                    5a:ef:75:7f:7b:5d:54:fc:f2:24:8c:c6:b6:1d:c5:
                    a0:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:3E:09:F8:6B:00:6A:27:90:DF:67:88:59:52:69:50:F4:DE:45:C7
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS213990.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:d7:e1:73:09:e3:ab:7d:91:5b:0d:c7:48:57:dc:ef:44:b3:
         d2:2b:ca:0b:c7:79:7c:b5:9f:7a:2c:27:b3:c8:1f:5f:cd:b7:
         31:1e:1b:e1:b1:91:e1:29:76:16:a8:09:b2:f0:ec:52:dd:9f:
         2e:8a:56:2e:01:1f:e2:18:bb:ca:5d:a9:63:3a:81:b1:10:3c:
         2e:d8:02:98:7c:91:1c:72:a9:48:f7:37:46:6b:bc:dc:8c:9e:
         db:70:31:bf:d7:43:97:a2:75:a5:d6:79:de:d8:94:d2:40:91:
         e7:4f:31:10:69:25:2e:1b:64:1a:53:95:05:06:ab:9d:ba:af:
         66:49:1e:de:ac:b0:b6:b2:91:5a:fa:1b:71:d6:68:47:d0:4f:
         69:cd:9c:64:5d:83:e3:59:60:28:a1:82:61:41:f7:fe:80:25:
         e9:86:18:ca:b6:23:f0:0a:9a:0e:7c:4a:9d:51:bd:4b:06:a6:
         f3:6b:6b:54:43:df:7a:77:53:62:f6:59:9c:69:ee:57:d5:d8:
         99:31:1f:49:d2:42:b2:b4:c0:09:ef:3f:c4:93:80:02:e8:31:
         dd:3d:0f:85:78:5c:b3:c0:d7:6e:6c:41:1f:07:9f:4d:27:cb:
         01:e5:b1:35:05:af:44:f7:ae:53:3b:49:80:f1:77:9d:b4:be:
         cb:eb:b5:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTokeDzaL8/qL/X7DEku6TJr69cIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA2MDExMjM0MTJaFw0yNzA1MzExMjM5MTJaMDMxMTAvBgNV
BAMTKDAxM0UwOUY4NkIwMDZBMjc5MERGNjc4ODU5NTI2OTUwRjRERTQ1QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvm9ud2VLffxUSSJ4cvR3HMnpL
WFWrBcWBCfXHr9gYz+oQv5C8plzMMXr1NMa8HQDohEJ74wDsxYeSZxOiQ4YnE05+
Vsj0DYR7XNp2ZmqmjWD8Bomz4KdCpi6pXqGc9RLeF6eDz3UpOB5/Gedx7d4tuzyX
siEht8eXwV9IxfJtbm7gFZn5R1/IHxnjhrzW9yd0WbZS1Spd61ubG47bagC2edxX
vzXUe9olPXMCQBFzcuSzIW9NuqH1fisrrMX2xJLkMF+aQFoE8G0hwg20f5DmmE6e
IZRFeD87jm2qNNFjfbLaQe+Ev7QvoVFE/kJzmlrvdX97XVT88iSMxrYdxaABAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAT4J+GsAaieQ32eIWVJpUPTeRccwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjEzOTkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxT8
MA0GCSqGSIb3DQEBCwUAA4IBAQBN1+FzCeOrfZFbDcdIV9zvRLPSK8oLx3l8tZ96
LCezyB9fzbcxHhvhsZHhKXYWqAmy8OxS3Z8uilYuAR/iGLvKXaljOoGxEDwu2AKY
fJEccqlI9zdGa7zcjJ7bcDG/10OXonWl1nne2JTSQJHnTzEQaSUuG2QaU5UFBqud
uq9mSR7erLC2spFa+htx1mhH0E9pzZxkXYPjWWAooYJhQff+gCXphhjKtiPwCpoO
fEqdUb1LBqbza2tUQ996d1Ni9lmcae5X1diZMR9J0kKytMAJ7z/Ek4AC6DHdPQ+F
eFyzwNdubEEfB59NJ8sB5bE1Ba9E965TO0mA8XedtL7L67WW
-----END CERTIFICATE-----