Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215703.roa
File:                     AS215703.roa (raw, json)
Hash identifier:          jO79QS6wvSm6KwBdMXQX1viSVzzh1TCQGe8VTKE+r7w=
Subject key identifier:   EB:9F:1C:91:08:6F:62:AE:76:C5:88:92:88:A7:72:42:3E:97:D9:1B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       76CAC65E9B7C0D3F5878A4753EAA2D20A5500036
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215703.roa
Signing time:             Tue 21 Oct 2025 14:59:05 +0000
ROA not before:           Tue 21 Oct 2025 14:54:05 +0000
ROA not after:            Tue 20 Oct 2026 14:59:05 +0000
asID:                     215703
IP address blocks:        143.20.37.0/24 maxlen: 24
                          143.20.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 19:12:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:ca:c6:5e:9b:7c:0d:3f:58:78:a4:75:3e:aa:2d:20:a5:50:00:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 21 14:54:05 2025 GMT
            Not After : Oct 20 14:59:05 2026 GMT
        Subject: CN=EB9F1C91086F62AE76C5889288A772423E97D91B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c8:96:5a:ee:c6:00:14:3f:a3:75:43:4d:06:
                    c1:0b:89:1a:28:55:79:45:c6:9d:6d:16:4a:d4:ce:
                    25:14:76:e4:4e:cb:bd:80:e8:f3:e3:9e:61:02:13:
                    4f:39:1b:d4:21:e7:d9:ed:f5:92:17:58:4d:0f:e0:
                    fd:6a:1a:5d:f0:56:6b:d3:1f:a3:7c:2b:01:43:66:
                    c9:71:75:4c:00:a9:cc:ce:7d:d6:4c:d6:de:fe:b3:
                    71:05:30:21:b1:16:fe:4f:7e:76:8a:ea:d5:b4:32:
                    28:bf:39:19:2b:1d:f9:e6:64:c4:0e:e4:1c:18:6b:
                    29:57:ac:cf:e8:dd:e1:df:b5:ce:a7:ab:48:30:4d:
                    53:00:a5:e5:31:ff:b5:22:c9:87:8b:65:16:0d:0c:
                    43:f8:e8:bd:cb:c5:9c:f3:2a:76:e0:70:42:e5:f0:
                    d5:b4:40:13:3e:35:c2:02:fa:ad:f7:a5:6d:f8:96:
                    0c:69:f1:58:d9:7e:49:d1:aa:16:be:48:7a:08:4b:
                    82:9a:41:6d:9b:87:c9:93:6a:cc:f2:6e:33:ae:26:
                    dd:61:30:e5:d8:ca:4c:18:fb:56:94:3c:73:ee:14:
                    d8:da:b9:21:45:99:90:31:34:c7:19:45:c9:41:f3:
                    d8:b1:19:70:b2:62:c3:ae:1e:14:c7:ff:6e:5d:39:
                    26:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:9F:1C:91:08:6F:62:AE:76:C5:88:92:88:A7:72:42:3E:97:D9:1B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.37.0/24
                  143.20.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:f2:fa:5b:ff:9d:c7:76:60:ec:ff:7b:fa:27:cf:b8:9d:55:
         43:f6:f7:2a:37:6f:34:92:cb:1b:d3:73:d7:76:db:0b:8c:be:
         c8:45:13:64:95:52:7d:20:bb:fc:80:98:ac:c6:9c:6d:21:ed:
         06:18:d6:f6:4a:10:7d:70:c2:ce:85:6c:9e:c7:7c:04:60:2a:
         21:a2:35:c2:48:7a:fc:f6:45:ad:c5:de:64:94:76:26:db:eb:
         fd:08:b6:9e:fe:29:0b:8f:42:17:de:66:58:6b:cf:1c:b0:ba:
         08:2e:f9:3c:32:c7:20:5a:e4:83:a3:79:b3:86:25:89:29:54:
         61:1f:9f:6c:0c:c2:6a:a1:da:c5:35:cb:a8:e4:2b:dc:5d:d9:
         fc:e0:fd:b8:b9:4d:99:10:b1:7a:18:13:f1:a6:e8:02:da:4d:
         57:ba:94:01:c4:d8:fd:d2:fd:b2:a4:ac:39:3c:a3:2c:5f:23:
         63:7b:48:62:3e:9a:b3:12:75:a8:f7:42:06:ff:9b:68:f6:dd:
         4f:83:3a:84:e2:2f:00:62:78:4e:22:7b:50:bd:2d:28:42:ff:
         c0:48:d6:e8:98:ff:b5:8a:88:11:63:22:84:1f:7c:b7:89:8e:
         3f:bc:b3:08:67:a7:f2:4b:ae:78:84:b8:73:fd:e5:83:9c:1b:
         f4:f0:4d:95
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdsrGXpt8DT9YeKR1PqotIKVQADYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjExNDU0MDVaFw0yNjEwMjAxNDU5MDVaMDMxMTAvBgNV
BAMTKEVCOUYxQzkxMDg2RjYyQUU3NkM1ODg5Mjg4QTc3MjQyM0U5N0Q5MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6yJZa7sYAFD+jdUNNBsELiRoo
VXlFxp1tFkrUziUUduROy72A6PPjnmECE085G9Qh59nt9ZIXWE0P4P1qGl3wVmvT
H6N8KwFDZslxdUwAqczOfdZM1t7+s3EFMCGxFv5PfnaK6tW0Mii/ORkrHfnmZMQO
5BwYaylXrM/o3eHftc6nq0gwTVMApeUx/7UiyYeLZRYNDEP46L3LxZzzKnbgcELl
8NW0QBM+NcIC+q33pW34lgxp8VjZfknRqha+SHoIS4KaQW2bh8mTaszybjOuJt1h
MOXYykwY+1aUPHPuFNjauSFFmZAxNMcZRclB89ixGXCyYsOuHhTH/25dOSYFAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU658ckQhvYq52xYiSiKdyQj6X2RswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE1NzAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQl
AwQAjxSGMA0GCSqGSIb3DQEBCwUAA4IBAQBk8vpb/53HdmDs/3v6J8+4nVVD9vcq
N280kssb03PXdtsLjL7IRRNklVJ9ILv8gJisxpxtIe0GGNb2ShB9cMLOhWyex3wE
YCohojXCSHr89kWtxd5klHYm2+v9CLae/ikLj0IX3mZYa88csLoILvk8MscgWuSD
o3mzhiWJKVRhH59sDMJqodrFNcuo5CvcXdn84P24uU2ZELF6GBPxpugC2k1XupQB
xNj90v2ypKw5PKMsXyNje0hiPpqzEnWo90IG/5to9t1PgzqE4i8AYnhOIntQvS0o
Qv/ASNbomP+1iogRYyKEH3y3iY4/vLMIZ6fyS654hLhz/eWDnBv08E2V
-----END CERTIFICATE-----