Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS32418.roa
File:                     AS32418.roa (raw, json)
Hash identifier:          O1Mzv3odZfYlUJkfa0XonSc2Bs1izdF/zoggx4zcW2g=
Subject key identifier:   BD:0E:99:B5:8B:5B:D1:F4:F6:65:E2:EE:A0:08:EB:99:97:7D:30:D1
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4DA3686BDB20BB5C03C4B1E6432471F90AEED6DB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS32418.roa
Signing time:             Tue 28 Apr 2026 16:36:20 +0000
ROA not before:           Tue 28 Apr 2026 16:31:20 +0000
ROA not after:            Tue 27 Apr 2027 16:36:20 +0000
asID:                     32418
IP address blocks:        143.20.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 14:07:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:a3:68:6b:db:20:bb:5c:03:c4:b1:e6:43:24:71:f9:0a:ee:d6:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Apr 28 16:31:20 2026 GMT
            Not After : Apr 27 16:36:20 2027 GMT
        Subject: CN=BD0E99B58B5BD1F4F665E2EEA008EB99977D30D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:41:dc:65:44:f3:de:9c:7f:4f:cc:eb:81:29:
                    7d:3b:5c:7a:27:ea:92:40:dc:f9:41:19:95:27:94:
                    f7:f9:af:2d:ed:1b:72:72:5c:2a:70:f2:79:75:a8:
                    c6:df:da:b6:d7:1f:92:5b:41:5e:74:d6:c3:74:9a:
                    55:84:1f:cf:33:e0:b9:20:61:b4:f4:01:56:e5:0a:
                    1d:ec:33:25:fc:97:80:d1:47:eb:36:17:3b:d4:ff:
                    39:31:7d:d3:ef:e0:9d:94:7a:a9:b9:52:d5:92:28:
                    b5:f1:33:74:00:2a:5c:20:ec:09:d2:e2:16:f2:c9:
                    0b:9c:72:30:e4:17:9d:bb:74:2d:23:db:f4:4a:75:
                    a0:3c:35:3c:2e:4c:a4:1a:b5:a7:2d:79:ff:8a:75:
                    d9:9e:0e:a6:e1:25:2a:2a:39:40:db:2e:63:2f:d4:
                    cb:60:2c:e8:56:b7:fa:08:4f:09:7d:42:cc:77:53:
                    a4:55:53:d6:6b:25:4f:a6:99:31:23:3c:d0:4a:02:
                    0b:3c:5d:ac:b7:af:cf:8b:c7:ae:51:ab:a9:74:43:
                    54:43:bb:67:fd:d3:bd:73:87:04:12:28:05:af:ab:
                    06:fe:48:0b:61:d8:31:8d:aa:cf:54:88:bd:86:f7:
                    c9:bd:6a:77:2c:0b:14:f3:f1:95:46:4c:a6:86:80:
                    71:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:0E:99:B5:8B:5B:D1:F4:F6:65:E2:EE:A0:08:EB:99:97:7D:30:D1
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS32418.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:5f:cd:7b:d6:6b:6b:9e:3a:97:68:8f:9b:15:e8:a2:1b:ce:
         58:fa:17:0c:db:f2:db:49:7f:6c:3e:14:53:5b:9c:89:cf:b2:
         0e:49:b2:c8:33:48:ae:4d:cd:64:2f:03:ec:f2:61:cc:f1:96:
         80:33:ea:7d:f3:9a:3b:fc:67:4d:af:d2:5f:c1:85:1a:58:04:
         72:4f:a3:5e:e5:00:64:43:c6:52:58:99:5d:0e:96:d5:b0:fb:
         6b:46:e0:2d:64:6f:44:df:4c:73:85:4e:a1:94:60:8c:25:8d:
         20:ff:18:e7:06:c9:86:f9:0c:84:29:71:13:63:a7:14:15:c9:
         0c:b6:06:43:ef:dc:64:74:79:99:e3:71:13:e2:74:cf:dd:bb:
         27:88:df:af:26:a6:99:db:b2:dc:fe:8d:86:f1:65:16:8b:91:
         1b:56:d8:44:b4:8a:7d:f9:21:f5:57:8d:77:b8:d2:52:9f:47:
         79:b1:7d:ad:32:76:c9:f2:f6:bf:ea:57:b9:f8:f0:f7:29:3a:
         fe:57:2c:6b:ab:22:f5:7e:ca:7c:cc:34:8a:38:da:7f:00:ec:
         48:28:ba:31:fc:2f:11:1b:1a:9b:d2:93:9c:70:ed:15:4d:21:
         fb:13:10:55:a1:c4:10:45:45:b8:4e:46:67:18:84:05:15:03:
         61:1d:f9:90
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTaNoa9sgu1wDxLHmQyRx+Qru1tswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA0MjgxNjMxMjBaFw0yNzA0MjcxNjM2MjBaMDMxMTAvBgNV
BAMTKEJEMEU5OUI1OEI1QkQxRjRGNjY1RTJFRUEwMDhFQjk5OTc3RDMwRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwQdxlRPPenH9PzOuBKX07XHon
6pJA3PlBGZUnlPf5ry3tG3JyXCpw8nl1qMbf2rbXH5JbQV501sN0mlWEH88z4Lkg
YbT0AVblCh3sMyX8l4DRR+s2FzvU/zkxfdPv4J2Ueqm5UtWSKLXxM3QAKlwg7AnS
4hbyyQuccjDkF527dC0j2/RKdaA8NTwuTKQatactef+KddmeDqbhJSoqOUDbLmMv
1MtgLOhWt/oITwl9Qsx3U6RVU9ZrJU+mmTEjPNBKAgs8Xay3r8+Lx65Rq6l0Q1RD
u2f9071zhwQSKAWvqwb+SAth2DGNqs9UiL2G98m9ancsCxTz8ZVGTKaGgHGpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUvQ6ZtYtb0fT2ZeLuoAjrmZd9MNEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzI0MTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFBsw
DQYJKoZIhvcNAQELBQADggEBANRfzXvWa2ueOpdoj5sV6KIbzlj6Fwzb8ttJf2w+
FFNbnInPsg5JssgzSK5NzWQvA+zyYczxloAz6n3zmjv8Z02v0l/BhRpYBHJPo17l
AGRDxlJYmV0OltWw+2tG4C1kb0TfTHOFTqGUYIwljSD/GOcGyYb5DIQpcRNjpxQV
yQy2BkPv3GR0eZnjcRPidM/duyeI368mppnbstz+jYbxZRaLkRtW2ES0in35IfVX
jXe40lKfR3mxfa0ydsny9r/qV7n48PcpOv5XLGurIvV+ynzMNIo42n8A7EgoujH8
LxEbGpvSk5xw7RVNIfsTEFWhxBBFRbhORmcYhAUVA2Ed+ZA=
-----END CERTIFICATE-----