Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          qqDZ8KA/jh71eSpNUoRU1SsLE7YUhF5h3BtC/pgdnsQ=
Subject key identifier:   12:EE:60:21:44:CC:CC:DD:74:51:97:00:6E:3A:23:5E:9A:9B:32:C2
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2295805958AD752C272BD17BF6327A7ACD3AC6D5
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS25198.roa
Signing time:             Tue 14 Oct 2025 08:00:01 +0000
ROA not before:           Tue 14 Oct 2025 07:55:01 +0000
ROA not after:            Tue 13 Oct 2026 08:00:01 +0000
asID:                     25198
IP address blocks:        143.20.222.0/24 maxlen: 24
                          143.20.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 07:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:95:80:59:58:ad:75:2c:27:2b:d1:7b:f6:32:7a:7a:cd:3a:c6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 14 07:55:01 2025 GMT
            Not After : Oct 13 08:00:01 2026 GMT
        Subject: CN=12EE602144CCCCDD745197006E3A235E9A9B32C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e2:93:37:2f:fa:00:93:10:51:73:82:05:eb:
                    ca:72:62:20:ff:97:ad:ba:84:07:af:69:d7:be:d9:
                    56:b9:d6:b7:98:87:c5:50:98:54:a6:9d:24:56:0f:
                    00:72:1e:80:f7:c9:9d:f0:53:0b:11:38:12:ac:f4:
                    e0:29:88:56:d0:df:1a:24:d3:d4:be:de:aa:bd:86:
                    39:04:45:8c:1a:dc:31:35:61:c4:43:c3:74:cc:18:
                    ea:be:fa:f7:49:c4:24:c8:b5:bc:03:0d:e6:da:77:
                    c8:e8:05:cc:09:ba:c5:22:6b:26:b6:58:3a:1b:df:
                    51:c0:f9:1c:fb:33:d5:3b:ff:c7:53:5e:a0:30:f9:
                    eb:e6:36:76:98:99:e9:c5:e6:d9:0a:96:1e:15:2a:
                    31:d3:5c:c8:83:98:be:46:cb:f0:85:50:a5:59:f5:
                    e7:93:90:f6:3b:02:5d:08:95:6c:f3:aa:77:45:aa:
                    eb:85:b0:94:9d:3a:7f:a9:4a:90:a8:f3:3d:ca:4e:
                    10:72:bd:07:0f:c8:74:eb:cb:80:53:1d:e3:b3:44:
                    8b:b9:88:72:eb:5d:32:2e:aa:80:17:c4:6c:a1:e5:
                    74:62:f9:d8:16:a5:ba:d4:1d:9c:26:3e:2a:b5:9a:
                    74:93:2e:a8:3c:93:9f:0a:d8:fc:83:90:93:12:f5:
                    ce:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:EE:60:21:44:CC:CC:DD:74:51:97:00:6E:3A:23:5E:9A:9B:32:C2
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.222.0/24
                  143.20.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:58:91:c5:1b:54:2f:4c:36:f9:1c:17:d7:f4:f6:2d:a3:04:
         eb:69:0c:69:e1:4e:f2:f5:e3:02:fb:b9:e6:e9:1f:ba:cd:f2:
         5b:e8:8a:da:7d:36:4f:fa:cc:62:1b:fc:ee:96:7a:5d:54:27:
         cb:fc:4c:14:bc:40:2f:e1:0f:70:46:a1:7c:6d:96:a6:59:ce:
         2c:f3:fc:2e:5b:7c:09:66:06:73:2d:bd:f8:f4:86:35:80:69:
         8d:c8:59:c1:f8:79:a0:c7:00:75:28:3d:c8:5f:dc:9d:f3:8c:
         2f:9a:bc:33:40:c2:13:92:10:b2:1f:80:af:98:db:ba:67:95:
         7a:60:4e:41:8f:3b:4f:de:85:2b:00:ee:70:18:9e:38:6c:bf:
         a6:16:55:c4:db:b7:c6:f6:c3:b1:ee:06:40:fb:92:f8:a9:88:
         6b:39:04:b4:f8:4f:48:31:4e:05:13:2a:29:6c:97:c8:5f:15:
         78:fb:c6:d8:31:9e:6f:90:9f:f5:27:92:28:cb:5f:60:e6:b9:
         5d:3d:35:de:f4:10:c2:eb:9c:6c:db:c4:b4:15:de:9e:84:07:
         0c:53:6b:06:fb:4c:71:19:08:e5:9b:35:b4:98:91:60:74:d4:
         3b:e8:bf:b0:30:d5:d7:f3:ef:3b:da:f3:f9:dd:55:6f:44:3f:
         11:39:36:b8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUIpWAWVitdSwnK9F79jJ6es06xtUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMTQwNzU1MDFaFw0yNjEwMTMwODAwMDFaMDMxMTAvBgNV
BAMTKDEyRUU2MDIxNDRDQ0NDREQ3NDUxOTcwMDZFM0EyMzVFOUE5QjMyQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU4pM3L/oAkxBRc4IF68pyYiD/
l626hAevade+2Va51reYh8VQmFSmnSRWDwByHoD3yZ3wUwsROBKs9OApiFbQ3xok
09S+3qq9hjkERYwa3DE1YcRDw3TMGOq++vdJxCTItbwDDebad8joBcwJusUiaya2
WDob31HA+Rz7M9U7/8dTXqAw+evmNnaYmenF5tkKlh4VKjHTXMiDmL5Gy/CFUKVZ
9eeTkPY7Al0IlWzzqndFquuFsJSdOn+pSpCo8z3KThByvQcPyHTry4BTHeOzRIu5
iHLrXTIuqoAXxGyh5XRi+dgWpbrUHZwmPiq1mnSTLqg8k58K2PyDkJMS9c4jAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUEu5gIUTMzN10UZcAbjojXpqbMsIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACPFN4D
BACPFOcwDQYJKoZIhvcNAQELBQADggEBAEBYkcUbVC9MNvkcF9f09i2jBOtpDGnh
TvL14wL7uebpH7rN8lvoitp9Nk/6zGIb/O6Wel1UJ8v8TBS8QC/hD3BGoXxtlqZZ
zizz/C5bfAlmBnMtvfj0hjWAaY3IWcH4eaDHAHUoPchf3J3zjC+avDNAwhOSELIf
gK+Y27pnlXpgTkGPO0/ehSsA7nAYnjhsv6YWVcTbt8b2w7HuBkD7kvipiGs5BLT4
T0gxTgUTKilsl8hfFXj7xtgxnm+Qn/UnkijLX2DmuV09Nd70EMLrnGzbxLQV3p6E
BwxTawb7THEZCOWbNbSYkWB01Dvov7Aw1dfz7zva8/ndVW9EPxE5Nrg=
-----END CERTIFICATE-----