Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS272649.roa
File:                     AS272649.roa (raw, json)
Hash identifier:          5DlQzuIqdRpCDeJeKuCHzhK8i7VCnGAon0JrJ6I28/4=
Subject key identifier:   BD:CF:96:46:78:85:36:29:75:39:4E:11:96:1E:23:11:EE:66:29:6D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4E644DC435DFB5E6CC376D54030B44839F3963FB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS272649.roa
Signing time:             Wed 29 Oct 2025 02:40:50 +0000
ROA not before:           Wed 29 Oct 2025 02:35:50 +0000
ROA not after:            Wed 28 Oct 2026 02:40:50 +0000
asID:                     272649
IP address blocks:        143.20.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:64:4d:c4:35:df:b5:e6:cc:37:6d:54:03:0b:44:83:9f:39:63:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 29 02:35:50 2025 GMT
            Not After : Oct 28 02:40:50 2026 GMT
        Subject: CN=BDCF96467885362975394E11961E2311EE66296D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c5:47:60:56:2c:14:b4:62:48:1a:6a:b1:21:
                    20:80:33:b4:07:77:01:af:0f:ce:84:2f:81:3a:08:
                    08:7f:3a:fa:28:28:94:26:09:e2:76:13:dc:40:81:
                    30:62:2e:35:20:e7:d5:ed:64:95:6f:84:ca:b6:f8:
                    cb:c8:d7:99:a2:23:4e:fb:91:ed:45:f1:f0:31:71:
                    2d:0f:32:98:42:b0:8c:e2:35:6b:8f:62:3a:b1:84:
                    10:78:ab:c2:12:0a:18:f2:a7:56:20:e3:b4:fa:68:
                    c7:3e:b9:6c:b3:86:61:ef:1a:82:ee:c1:33:e1:c8:
                    69:bd:69:f3:c0:3e:f5:97:53:76:a9:5f:0b:12:c4:
                    bd:30:7e:b3:f9:3a:a5:2b:92:5f:84:e4:4c:dd:b5:
                    cc:ee:51:f2:a9:d8:cc:21:ea:2d:3e:77:f8:81:95:
                    18:0a:aa:36:09:88:32:db:d6:75:7f:68:fe:d1:ec:
                    fd:61:3b:1b:58:24:73:b2:af:d2:e0:ca:e9:f7:be:
                    b1:2a:af:59:14:10:88:6d:b9:e8:21:f3:42:a9:ec:
                    b3:e7:6c:10:96:11:8d:34:47:7c:3a:e6:2c:52:05:
                    7c:63:f3:af:66:e5:df:1d:9f:0f:01:39:27:75:84:
                    99:7a:14:bd:ba:24:6d:6b:56:3e:43:29:db:e4:6c:
                    1f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:CF:96:46:78:85:36:29:75:39:4E:11:96:1E:23:11:EE:66:29:6D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS272649.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:48:a1:05:da:01:27:4f:56:02:87:78:82:de:3c:98:05:e3:
         79:90:cf:dc:21:fd:b2:30:7d:98:0d:71:86:52:5e:88:39:a7:
         e1:a7:95:38:10:6f:f2:da:c0:36:19:ff:24:0d:dd:33:a7:1c:
         ef:d2:f0:8d:42:c8:df:7b:9a:97:dc:e8:d7:ec:e8:a6:a1:42:
         85:03:ff:ee:55:d4:8e:cd:bf:80:71:10:79:02:23:d5:0b:87:
         2e:2a:18:07:90:36:be:1a:e3:b4:13:07:f7:b5:8f:1f:92:61:
         e6:ad:47:c9:28:2b:02:cb:7f:c4:e3:54:63:35:6e:58:6a:6b:
         66:94:9d:99:99:8c:0b:22:a0:26:a8:43:89:2b:c7:6b:8f:27:
         d5:04:58:0a:d6:ea:61:98:29:23:11:ee:a9:2d:1c:09:f9:2f:
         27:1d:71:ab:ba:5d:df:1f:59:cc:e3:b9:c9:a9:55:d3:8e:63:
         8d:30:0c:6c:eb:98:77:02:69:a7:bb:c2:e9:1c:3b:ee:08:b4:
         af:a4:0b:9c:99:0c:c0:15:a7:1a:83:77:ec:1d:ac:e1:34:04:
         2e:60:55:73:c3:26:42:0e:a6:b6:fe:5f:6c:86:32:ca:4e:02:
         09:09:fd:67:02:34:e5:3c:c5:e3:1a:0e:fc:d5:25:e9:70:d3:
         44:b8:d6:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTmRNxDXftebMN21UAwtEg585Y/swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjkwMjM1NTBaFw0yNjEwMjgwMjQwNTBaMDMxMTAvBgNV
BAMTKEJEQ0Y5NjQ2Nzg4NTM2Mjk3NTM5NEUxMTk2MUUyMzExRUU2NjI5NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6xUdgViwUtGJIGmqxISCAM7QH
dwGvD86EL4E6CAh/OvooKJQmCeJ2E9xAgTBiLjUg59XtZJVvhMq2+MvI15miI077
ke1F8fAxcS0PMphCsIziNWuPYjqxhBB4q8ISChjyp1Yg47T6aMc+uWyzhmHvGoLu
wTPhyGm9afPAPvWXU3apXwsSxL0wfrP5OqUrkl+E5EzdtczuUfKp2Mwh6i0+d/iB
lRgKqjYJiDLb1nV/aP7R7P1hOxtYJHOyr9Lgyun3vrEqr1kUEIhtuegh80Kp7LPn
bBCWEY00R3w65ixSBXxj869m5d8dnw8BOSd1hJl6FL26JG1rVj5DKdvkbB/LAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvc+WRniFNil1OU4Rlh4jEe5mKW0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjcyNjQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxTE
MA0GCSqGSIb3DQEBCwUAA4IBAQCvSKEF2gEnT1YCh3iC3jyYBeN5kM/cIf2yMH2Y
DXGGUl6IOafhp5U4EG/y2sA2Gf8kDd0zpxzv0vCNQsjfe5qX3OjX7OimoUKFA//u
VdSOzb+AcRB5AiPVC4cuKhgHkDa+GuO0Ewf3tY8fkmHmrUfJKCsCy3/E41RjNW5Y
amtmlJ2ZmYwLIqAmqEOJK8drjyfVBFgK1uphmCkjEe6pLRwJ+S8nHXGrul3fH1nM
47nJqVXTjmONMAxs65h3Ammnu8LpHDvuCLSvpAucmQzAFacag3fsHazhNAQuYFVz
wyZCDqa2/l9shjLKTgIJCf1nAjTlPMXjGg781SXpcNNEuNZb
-----END CERTIFICATE-----