Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS22427.roa
File:                     AS22427.roa (raw, json)
Hash identifier:          bbkVgz0LqqA9GgYZD6DnTUabHMCMxta3f4vvctj17zQ=
Subject key identifier:   58:FB:DD:2D:8A:1F:6E:95:C7:69:C7:24:5B:E4:44:FF:EE:07:42:CC
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       54867EDFF2AA30496901ECDF7E24B0D0E59DEF40
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS22427.roa
Signing time:             Tue 02 Sep 2025 01:45:00 +0000
ROA not before:           Tue 02 Sep 2025 01:40:00 +0000
ROA not after:            Tue 01 Sep 2026 01:45:00 +0000
asID:                     22427
IP address blocks:        143.20.76.0/24 maxlen: 24
                          143.20.92.0/24 maxlen: 24
                          143.20.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 01:04:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:86:7e:df:f2:aa:30:49:69:01:ec:df:7e:24:b0:d0:e5:9d:ef:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep  2 01:40:00 2025 GMT
            Not After : Sep  1 01:45:00 2026 GMT
        Subject: CN=58FBDD2D8A1F6E95C769C7245BE444FFEE0742CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:29:78:48:9c:d4:28:0b:cc:d6:89:75:56:9c:
                    aa:1d:34:85:f7:16:c6:cf:c1:cb:15:c9:b7:f1:3a:
                    1e:bc:32:3d:7b:19:a0:27:4d:54:ca:03:18:b5:f7:
                    07:35:26:81:3c:45:8c:63:75:46:d0:b8:37:ff:a9:
                    34:a4:b9:33:24:eb:cd:0f:19:15:04:21:0e:7f:2d:
                    59:45:ed:b4:dc:62:2c:c4:ac:4c:af:b1:cf:b2:a7:
                    f0:a3:fd:7a:28:a3:71:eb:ab:f1:ed:4f:27:6b:75:
                    ee:65:0a:00:be:80:c2:d9:ed:ec:56:38:ae:d1:d2:
                    2c:4b:76:5b:c3:43:3e:a1:a3:b3:bd:68:a0:d4:9d:
                    19:a3:9d:10:6c:db:6f:3b:8f:a2:60:be:ca:f6:d3:
                    9a:cb:e5:db:2e:62:e8:b4:9b:b4:3b:aa:8d:dc:16:
                    38:82:f6:35:04:dd:cb:73:50:36:51:dc:1c:6a:68:
                    2f:d7:a1:17:95:60:d5:a1:bd:8f:81:29:74:80:90:
                    ef:08:c1:74:d1:45:4a:4a:9d:e6:00:f8:92:7a:26:
                    d5:08:10:16:2e:2a:9a:73:17:81:b6:16:f2:ae:8a:
                    2c:0d:d9:d0:76:e7:21:fc:a4:44:3b:ab:60:67:71:
                    ae:7a:a8:5b:7d:08:c6:ab:00:05:b7:c3:e5:64:ea:
                    2c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:FB:DD:2D:8A:1F:6E:95:C7:69:C7:24:5B:E4:44:FF:EE:07:42:CC
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS22427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.76.0/24
                  143.20.92.0/24
                  143.20.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:28:a5:63:28:63:4e:88:ff:07:3c:e3:bc:fb:a9:26:fb:bf:
         cc:09:5c:06:ce:18:fb:af:2f:f5:0f:33:fe:8e:ee:a4:a7:43:
         5c:ee:17:f4:f2:1b:14:a7:67:5d:5c:cb:1b:e6:85:20:77:51:
         35:e2:35:69:24:af:ba:b8:26:2c:f2:14:1f:f2:c2:9b:21:3b:
         bb:ba:ee:fc:b8:70:60:83:5a:9e:92:61:9c:e4:0b:a5:a3:1f:
         ff:69:86:05:d7:66:cb:98:5d:02:b1:36:68:3b:d6:cf:86:a0:
         0e:c2:d3:25:b3:9c:02:d1:aa:cf:b9:8a:e4:69:c2:f2:d4:cc:
         23:b4:89:a8:b6:28:0e:f6:2f:47:3f:1e:42:6a:9a:69:4c:1f:
         f3:06:7f:64:30:6c:63:8d:92:bb:15:7d:f7:f9:18:aa:d6:76:
         b4:e1:0e:21:e5:53:0e:af:88:b3:b8:8c:9e:e9:51:ca:17:2d:
         4c:8e:f2:71:d7:04:70:0b:86:3e:21:46:29:0f:85:50:46:70:
         a0:c8:c3:0e:cd:8c:70:41:76:96:82:46:c8:10:f6:f4:0f:6c:
         5c:e4:eb:5f:e2:bd:85:e4:91:b2:3d:5c:8c:06:24:5e:f6:d8:
         76:12:cc:1d:ae:20:75:2b:8d:c8:01:8c:78:3d:50:b4:58:83:
         b9:90:37:be
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUVIZ+3/KqMElpAezffiSw0OWd70AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MDIwMTQwMDBaFw0yNjA5MDEwMTQ1MDBaMDMxMTAvBgNV
BAMTKDU4RkJERDJEOEExRjZFOTVDNzY5QzcyNDVCRTQ0NEZGRUUwNzQyQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpKXhInNQoC8zWiXVWnKodNIX3
FsbPwcsVybfxOh68Mj17GaAnTVTKAxi19wc1JoE8RYxjdUbQuDf/qTSkuTMk680P
GRUEIQ5/LVlF7bTcYizErEyvsc+yp/Cj/Xooo3Hrq/HtTydrde5lCgC+gMLZ7exW
OK7R0ixLdlvDQz6ho7O9aKDUnRmjnRBs2287j6Jgvsr205rL5dsuYui0m7Q7qo3c
FjiC9jUE3ctzUDZR3BxqaC/XoReVYNWhvY+BKXSAkO8IwXTRRUpKneYA+JJ6JtUI
EBYuKppzF4G2FvKuiiwN2dB25yH8pEQ7q2Bnca56qFt9CMarAAW3w+Vk6iztAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUWPvdLYofbpXHacckW+RE/+4HQswwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjI0Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPFEwD
BACPFFwDBACPFN4wDQYJKoZIhvcNAQELBQADggEBAEcopWMoY06I/wc847z7qSb7
v8wJXAbOGPuvL/UPM/6O7qSnQ1zuF/TyGxSnZ11cyxvmhSB3UTXiNWkkr7q4Jizy
FB/ywpshO7u67vy4cGCDWp6SYZzkC6WjH/9phgXXZsuYXQKxNmg71s+GoA7C0yWz
nALRqs+5iuRpwvLUzCO0iai2KA72L0c/HkJqmmlMH/MGf2QwbGONkrsVfff5GKrW
drThDiHlUw6viLO4jJ7pUcoXLUyO8nHXBHALhj4hRikPhVBGcKDIww7NjHBBdpaC
RsgQ9vQPbFzk61/ivYXkkbI9XIwGJF722HYSzB2uIHUrjcgBjHg9ULRYg7mQN74=
-----END CERTIFICATE-----