Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS22427.roa
File:                     AS22427.roa (raw, json)
Hash identifier:          WGQlt1HGMAXEzrMT/CJuEE4vErDycmXeLhJC47dGWAs=
Subject key identifier:   FE:E4:06:C6:89:6E:64:5E:95:78:AE:AD:2B:E8:A5:8B:2C:07:22:34
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       06F6972BD351F4E5644BEC85269EA9D8781FEC35
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS22427.roa
Signing time:             Fri 06 Jun 2025 07:10:47 +0000
ROA not before:           Fri 06 Jun 2025 07:05:47 +0000
ROA not after:            Fri 05 Jun 2026 07:10:47 +0000
asID:                     22427
IP address blocks:        143.20.76.0/24 maxlen: 24
                          143.20.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f6:97:2b:d3:51:f4:e5:64:4b:ec:85:26:9e:a9:d8:78:1f:ec:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  6 07:05:47 2025 GMT
            Not After : Jun  5 07:10:47 2026 GMT
        Subject: CN=FEE406C6896E645E9578AEAD2BE8A58B2C072234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:96:c7:dc:78:bb:94:de:d3:38:f7:43:c7:50:
                    00:3e:b6:1d:b6:d5:68:dd:21:3d:2b:d7:d1:2a:6a:
                    32:b9:00:64:8b:54:96:09:86:b9:36:99:21:33:8d:
                    b2:74:36:b9:c9:e2:40:df:30:2f:e0:f4:36:5c:14:
                    65:ed:43:f2:26:d9:75:1c:12:30:95:69:07:14:81:
                    b3:11:03:ab:c4:ae:b7:fd:b1:e9:5f:30:83:ca:cb:
                    80:70:41:d8:8f:98:df:33:3d:46:7b:f5:00:9c:3b:
                    9c:9c:2e:3b:ff:19:a8:5e:2a:07:67:b1:b4:49:85:
                    dd:a5:16:d1:44:16:fd:c5:4d:b2:23:36:a3:3e:7d:
                    5e:31:57:ac:d0:e8:3f:c5:a2:89:d7:f8:d0:f9:24:
                    9c:a1:dc:42:0f:e0:e9:1f:73:93:91:08:d7:80:66:
                    8f:39:5b:ea:7e:82:37:31:e2:7e:75:58:26:1d:43:
                    ab:6c:5d:9c:29:c4:69:ec:34:b1:46:a3:ea:83:5e:
                    75:4a:28:6d:b7:92:e9:d2:45:de:55:53:25:72:bf:
                    54:aa:ff:9b:2d:62:3b:93:1b:14:c8:5b:9c:d3:e8:
                    b7:76:90:94:52:85:a7:f1:c2:06:ce:dd:81:14:35:
                    08:b9:64:3b:aa:04:a0:6d:98:2a:dd:1d:a6:e0:ee:
                    5a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:E4:06:C6:89:6E:64:5E:95:78:AE:AD:2B:E8:A5:8B:2C:07:22:34
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS22427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.76.0/24
                  143.20.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:b0:22:7c:2d:a9:f2:43:9c:6f:0b:ec:ab:f5:50:36:67:13:
         e0:0b:3d:44:8d:8e:c3:6e:fe:c8:52:5b:33:3f:5d:fb:62:48:
         dd:96:6c:25:23:5e:33:21:f5:85:55:f2:e0:1e:19:81:47:d8:
         0f:5c:be:d2:75:e8:f7:83:af:5c:c8:a0:fb:62:04:17:b9:66:
         7a:78:bc:c7:b7:8f:8b:e1:15:13:fb:49:ab:e0:a5:d5:56:47:
         32:97:37:37:4a:81:02:7d:73:c1:58:e0:08:01:23:bd:83:e0:
         45:41:34:fa:40:76:5f:18:d6:22:f2:92:a8:05:09:8e:d7:e9:
         8f:b6:d5:d2:ad:4b:86:69:f1:37:1b:b9:09:17:95:47:90:cf:
         a4:9f:f0:38:8d:ef:09:19:83:fc:18:a6:26:44:5e:6b:aa:8c:
         15:78:3d:d9:b5:5f:f9:dd:56:e5:d9:97:a5:6a:9c:b7:75:b0:
         45:c0:2f:7d:73:4f:70:8b:f0:a1:50:7b:82:fd:38:09:fc:e6:
         bf:04:09:b9:54:d4:cb:65:31:08:a4:8e:9e:da:cb:d5:a3:1a:
         9d:85:44:7f:14:90:6b:8d:c3:47:c9:91:a5:4e:94:36:9c:85:
         25:21:e8:ea:c7:e6:f4:2e:fc:9a:f6:e3:d3:3c:cd:b6:2f:8f:
         fe:88:7a:9e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUBvaXK9NR9OVkS+yFJp6p2Hgf7DUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDYwNzA1NDdaFw0yNjA2MDUwNzEwNDdaMDMxMTAvBgNV
BAMTKEZFRTQwNkM2ODk2RTY0NUU5NTc4QUVBRDJCRThBNThCMkMwNzIyMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDClsfceLuU3tM490PHUAA+th22
1WjdIT0r19EqajK5AGSLVJYJhrk2mSEzjbJ0NrnJ4kDfMC/g9DZcFGXtQ/Im2XUc
EjCVaQcUgbMRA6vErrf9selfMIPKy4BwQdiPmN8zPUZ79QCcO5ycLjv/GaheKgdn
sbRJhd2lFtFEFv3FTbIjNqM+fV4xV6zQ6D/FoonX+ND5JJyh3EIP4Okfc5ORCNeA
Zo85W+p+gjcx4n51WCYdQ6tsXZwpxGnsNLFGo+qDXnVKKG23kunSRd5VUyVyv1Sq
/5stYjuTGxTIW5zT6Ld2kJRShafxwgbO3YEUNQi5ZDuqBKBtmCrdHabg7lonAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU/uQGxoluZF6VeK6tK+iliywHIjQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjI0Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFEwD
BACPFFwwDQYJKoZIhvcNAQELBQADggEBAGCwInwtqfJDnG8L7Kv1UDZnE+ALPUSN
jsNu/shSWzM/XftiSN2WbCUjXjMh9YVV8uAeGYFH2A9cvtJ16PeDr1zIoPtiBBe5
Znp4vMe3j4vhFRP7SavgpdVWRzKXNzdKgQJ9c8FY4AgBI72D4EVBNPpAdl8Y1iLy
kqgFCY7X6Y+21dKtS4Zp8TcbuQkXlUeQz6Sf8DiN7wkZg/wYpiZEXmuqjBV4Pdm1
X/ndVuXZl6VqnLd1sEXAL31zT3CL8KFQe4L9OAn85r8ECblU1MtlMQikjp7ay9Wj
Gp2FRH8UkGuNw0fJkaVOlDachSUh6OrH5vQu/Jr249M8zbYvj/6Iep4=
-----END CERTIFICATE-----