Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214432.roa
File:                     AS214432.roa (raw, json)
Hash identifier:          C0aiAq6iaZCyR6QFjVMfW/jdqi+7gfg47+EvGQvYlLY=
Subject key identifier:   EA:3B:86:3B:E9:FD:0C:7D:90:81:D2:A7:E2:09:60:59:3C:AE:0A:A5
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       751EEB29E524E28A0DCE216CC62B1ACE9A19BFDF
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214432.roa
Signing time:             Thu 05 Jun 2025 17:39:51 +0000
ROA not before:           Thu 05 Jun 2025 17:34:51 +0000
ROA not after:            Thu 04 Jun 2026 17:39:51 +0000
asID:                     214432
IP address blocks:        143.20.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:1e:eb:29:e5:24:e2:8a:0d:ce:21:6c:c6:2b:1a:ce:9a:19:bf:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:51 2025 GMT
            Not After : Jun  4 17:39:51 2026 GMT
        Subject: CN=EA3B863BE9FD0C7D9081D2A7E20960593CAE0AA5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:5d:69:69:d7:a1:fe:e3:63:60:ab:02:6e:d6:
                    d6:23:32:79:2a:3c:26:01:1a:9a:ab:3a:a9:2e:89:
                    16:e3:9e:09:ef:9d:37:f3:3a:e3:77:23:d2:10:c7:
                    eb:c3:41:bc:da:dd:36:4c:2f:86:05:bf:81:16:f9:
                    8c:7b:f6:d8:a4:6f:7c:9e:fe:d0:45:30:44:c1:b4:
                    a8:b2:a9:92:c9:57:bb:54:90:b5:4a:25:eb:e1:87:
                    d5:85:64:e2:f9:b0:48:48:95:b2:f3:23:d3:14:5b:
                    fa:f1:79:71:89:0b:9f:e4:a5:95:c7:45:ad:65:a8:
                    f2:ce:ee:a0:23:a1:e4:3c:e2:3e:e3:54:dc:54:ee:
                    72:83:57:b0:13:6e:a6:0c:8f:74:f0:fe:42:8a:1c:
                    46:eb:2b:ea:61:df:96:fa:00:35:ef:f8:f2:13:59:
                    2f:87:e0:ae:52:c9:30:b5:f7:c7:02:2c:43:f9:5a:
                    3c:c3:c3:22:29:05:7a:51:60:5b:6f:87:2c:4d:72:
                    6e:4e:35:4a:49:57:e9:e7:56:9f:8d:fc:37:1d:27:
                    d5:62:6b:6f:49:8e:64:32:82:5f:e0:95:a9:ba:d5:
                    92:17:18:28:a8:3d:ad:76:ba:69:60:84:a5:86:47:
                    e4:35:ac:ee:05:45:d6:21:16:34:27:9e:1d:df:a4:
                    77:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:3B:86:3B:E9:FD:0C:7D:90:81:D2:A7:E2:09:60:59:3C:AE:0A:A5
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:3f:2b:6c:71:ec:eb:77:c0:65:39:e5:6a:d1:f4:68:b9:71:
         35:bf:27:28:b7:d3:00:2c:fc:dd:9f:d8:9c:1e:71:35:6a:8c:
         81:17:55:7b:d0:26:0d:99:93:13:0b:fa:c8:b6:ef:0b:1a:86:
         a7:3e:a8:2a:50:a6:41:9f:ea:84:74:a7:6a:fb:0f:6d:d4:03:
         ab:d4:32:a8:f1:6d:09:c5:97:27:5c:c4:2a:65:76:e0:df:f5:
         24:8c:31:1f:8c:32:55:08:6a:be:f6:13:82:bf:78:84:cd:a9:
         90:3f:25:91:54:aa:e1:88:69:f5:2c:83:e9:b3:86:1a:46:2e:
         e6:b5:e3:3c:52:49:fc:7d:83:0d:a7:07:f3:67:76:ed:10:99:
         50:24:20:8a:4e:c6:de:8a:11:72:0a:c2:ef:92:e1:49:ac:41:
         5c:36:46:32:8a:b9:0f:b0:c1:10:cb:ad:9e:70:b0:6d:e0:84:
         e2:be:91:16:38:26:71:19:3c:d8:80:6e:43:52:68:95:94:51:
         45:87:71:e7:83:09:2e:29:5b:a1:30:c8:58:d9:3a:27:9c:39:
         65:8c:7d:7c:34:9f:32:df:9a:76:57:47:f1:41:64:79:7a:9e:
         69:a0:91:21:9e:fb:b4:12:b3:15:29:8f:b3:fc:ac:ce:05:1a:
         c6:6e:73:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdR7rKeUk4ooNziFsxisazpoZv98wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTFaFw0yNjA2MDQxNzM5NTFaMDMxMTAvBgNV
BAMTKEVBM0I4NjNCRTlGRDBDN0Q5MDgxRDJBN0UyMDk2MDU5M0NBRTBBQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKXWlp16H+42NgqwJu1tYjMnkq
PCYBGpqrOqkuiRbjngnvnTfzOuN3I9IQx+vDQbza3TZML4YFv4EW+Yx79tikb3ye
/tBFMETBtKiyqZLJV7tUkLVKJevhh9WFZOL5sEhIlbLzI9MUW/rxeXGJC5/kpZXH
Ra1lqPLO7qAjoeQ84j7jVNxU7nKDV7ATbqYMj3Tw/kKKHEbrK+ph35b6ADXv+PIT
WS+H4K5SyTC198cCLEP5WjzDwyIpBXpRYFtvhyxNcm5ONUpJV+nnVp+N/DcdJ9Vi
a29JjmQygl/glam61ZIXGCioPa12umlghKWGR+Q1rO4FRdYhFjQnnh3fpHeZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU6juGO+n9DH2QgdKn4glgWTyuCqUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxR3
MA0GCSqGSIb3DQEBCwUAA4IBAQAHPytscezrd8BlOeVq0fRouXE1vycot9MALPzd
n9icHnE1aoyBF1V70CYNmZMTC/rItu8LGoanPqgqUKZBn+qEdKdq+w9t1AOr1DKo
8W0JxZcnXMQqZXbg3/UkjDEfjDJVCGq+9hOCv3iEzamQPyWRVKrhiGn1LIPps4Ya
Ri7mteM8Ukn8fYMNpwfzZ3btEJlQJCCKTsbeihFyCsLvkuFJrEFcNkYyirkPsMEQ
y62ecLBt4ITivpEWOCZxGTzYgG5DUmiVlFFFh3HngwkuKVuhMMhY2TonnDlljH18
NJ8y35p2V0fxQWR5ep5poJEhnvu0ErMVKY+z/KzOBRrGbnNA
-----END CERTIFICATE-----