Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214481.roa
File:                     AS214481.roa (raw, json)
Hash identifier:          3Phskp874+9U4W4nmlCpg8l2oKhDqQIDr/eOILkUL3M=
Subject key identifier:   A3:1A:0F:CD:D2:DD:01:89:80:52:8B:2E:10:57:03:74:79:1B:F2:06
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6B8C4AEE0398874C2DFF6177DD0C55276CA82EF7
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214481.roa
Signing time:             Sun 24 Aug 2025 15:54:22 +0000
ROA not before:           Sun 24 Aug 2025 15:49:22 +0000
ROA not after:            Sun 23 Aug 2026 15:54:22 +0000
asID:                     214481
IP address blocks:        143.20.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:8c:4a:ee:03:98:87:4c:2d:ff:61:77:dd:0c:55:27:6c:a8:2e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 24 15:49:22 2025 GMT
            Not After : Aug 23 15:54:22 2026 GMT
        Subject: CN=A31A0FCDD2DD018980528B2E10570374791BF206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:54:61:93:61:d8:53:8e:01:35:85:a1:e8:2d:
                    c7:f0:ee:6e:77:96:83:64:13:61:d7:38:45:be:df:
                    d8:dd:16:5c:19:ac:b8:fb:16:b5:0e:9e:93:20:4c:
                    2c:38:2a:1c:75:60:f9:e2:b8:9e:7e:03:84:79:2c:
                    f8:a5:ba:3f:a2:06:07:71:ce:b1:56:55:b2:a6:21:
                    b2:e7:f8:2e:1c:89:d1:b4:20:ed:8e:6f:2c:c0:f1:
                    6b:13:e7:db:e6:e9:82:9b:71:1d:5c:16:85:c6:38:
                    70:2b:a6:af:5e:7e:21:fa:fc:59:d7:6d:56:a8:1b:
                    2c:0e:79:a1:12:a3:16:85:fa:4b:6b:e0:b4:4c:75:
                    70:56:79:66:f5:be:ed:a6:90:1d:26:b9:42:da:12:
                    6e:bd:6f:7d:2d:e8:0a:25:fc:dc:76:6f:57:17:af:
                    d6:de:ab:76:6b:55:41:a1:b0:d3:4c:80:c2:89:c6:
                    dc:d1:84:c6:f8:70:d4:eb:6b:49:7c:0c:66:c7:37:
                    f0:c4:82:94:b8:dc:ab:72:a4:98:4c:5c:2e:18:38:
                    e8:d6:1f:53:da:67:7d:af:89:e0:c7:99:59:9c:56:
                    0e:4c:4a:7c:0a:86:d6:e4:82:f7:d9:7d:eb:83:d3:
                    ae:ee:8b:83:e3:c9:7d:c7:f9:83:8a:0e:0c:cb:9f:
                    db:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:1A:0F:CD:D2:DD:01:89:80:52:8B:2E:10:57:03:74:79:1B:F2:06
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:ed:9b:95:cc:bc:3a:d8:42:d0:fe:65:27:f5:cb:00:f7:24:
         b8:4b:a7:70:f4:37:59:ae:3e:84:08:88:1a:2a:6d:78:1d:08:
         4d:76:81:6d:6e:c2:d4:8b:e0:60:86:35:24:3d:e6:83:56:89:
         64:55:95:0b:ef:5e:0f:b3:df:56:6f:ba:b2:4c:05:25:93:91:
         4f:e6:87:56:38:bd:22:6c:d0:bd:e2:1c:82:63:ab:44:9c:d8:
         fc:42:cf:24:29:c8:04:e9:8f:bc:f2:9a:5a:78:15:8b:f4:44:
         0f:46:6b:11:c2:69:00:65:4d:af:65:ed:b2:4c:44:36:c8:fb:
         04:ae:62:d0:65:5a:ea:2c:1a:09:eb:9d:54:45:55:a8:36:b2:
         3f:f5:a4:53:d1:ba:ee:a3:77:ad:5f:5c:e6:ca:ee:56:4e:16:
         77:72:de:d4:11:bf:fe:27:d0:44:ee:fe:60:45:54:3e:18:7e:
         3e:2c:36:89:3c:8a:4e:09:01:85:0c:8d:f2:3b:75:b9:bb:bb:
         01:37:27:23:26:7b:ea:6b:da:be:b8:ca:03:21:0e:e4:99:2f:
         e2:e1:64:6c:2b:7f:77:ef:3d:60:01:b5:e0:14:73:3b:a7:b8:
         c2:1e:e3:0b:7e:02:ce:7b:33:34:4d:eb:6c:07:3f:7c:f5:f9:
         32:e6:68:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUa4xK7gOYh0wt/2F33QxVJ2yoLvcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MjQxNTQ5MjJaFw0yNjA4MjMxNTU0MjJaMDMxMTAvBgNV
BAMTKEEzMUEwRkNERDJERDAxODk4MDUyOEIyRTEwNTcwMzc0NzkxQkYyMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeVGGTYdhTjgE1haHoLcfw7m53
loNkE2HXOEW+39jdFlwZrLj7FrUOnpMgTCw4Khx1YPniuJ5+A4R5LPiluj+iBgdx
zrFWVbKmIbLn+C4cidG0IO2ObyzA8WsT59vm6YKbcR1cFoXGOHArpq9efiH6/FnX
bVaoGywOeaESoxaF+ktr4LRMdXBWeWb1vu2mkB0muULaEm69b30t6Aol/Nx2b1cX
r9beq3ZrVUGhsNNMgMKJxtzRhMb4cNTra0l8DGbHN/DEgpS43KtypJhMXC4YOOjW
H1PaZ32vieDHmVmcVg5MSnwKhtbkgvfZfeuD067ui4PjyX3H+YOKDgzLn9t9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoxoPzdLdAYmAUosuEFcDdHkb8gYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NDgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRA
MA0GCSqGSIb3DQEBCwUAA4IBAQC97ZuVzLw62ELQ/mUn9csA9yS4S6dw9DdZrj6E
CIgaKm14HQhNdoFtbsLUi+BghjUkPeaDVolkVZUL714Ps99Wb7qyTAUlk5FP5odW
OL0ibNC94hyCY6tEnNj8Qs8kKcgE6Y+88ppaeBWL9EQPRmsRwmkAZU2vZe2yTEQ2
yPsErmLQZVrqLBoJ651URVWoNrI/9aRT0bruo3etX1zmyu5WThZ3ct7UEb/+J9BE
7v5gRVQ+GH4+LDaJPIpOCQGFDI3yO3W5u7sBNycjJnvqa9q+uMoDIQ7kmS/i4WRs
K3937z1gAbXgFHM7p7jCHuMLfgLOezM0TetsBz989fky5mjJ
-----END CERTIFICATE-----