Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS36231.roa
File:                     AS36231.roa (raw, json)
Hash identifier:          BGpB3H7Wg9pZ9PnT3MRt0MYMrP/gOmqE9i+JxF7hous=
Subject key identifier:   7B:C4:B5:4F:93:B6:AB:7D:76:0B:F5:A2:E0:C6:C4:71:93:1D:EA:1F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6187500DBE9B9B3F666F02BE847EC87CF647046F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS36231.roa
Signing time:             Thu 05 Jun 2025 17:39:50 +0000
ROA not before:           Thu 05 Jun 2025 17:34:50 +0000
ROA not after:            Thu 04 Jun 2026 17:39:50 +0000
asID:                     36231
IP address blocks:        143.20.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:87:50:0d:be:9b:9b:3f:66:6f:02:be:84:7e:c8:7c:f6:47:04:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:50 2025 GMT
            Not After : Jun  4 17:39:50 2026 GMT
        Subject: CN=7BC4B54F93B6AB7D760BF5A2E0C6C471931DEA1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:42:ae:9c:34:9f:ab:d3:36:7a:4d:b1:fb:e8:
                    2a:91:5a:3c:4f:5d:28:8d:5d:7e:ba:70:97:7b:7c:
                    0f:f3:01:ba:43:37:fb:8d:2c:ec:0a:ff:f6:4a:41:
                    94:59:47:15:f8:73:42:f2:95:15:7f:84:9f:5b:01:
                    16:2e:a1:a2:ff:02:b1:4e:03:8a:b6:2e:ab:50:0d:
                    8f:0b:40:c1:ee:f1:53:8c:a6:7f:21:4b:e8:a8:aa:
                    25:6e:65:41:da:0d:4e:68:47:57:74:34:5d:51:08:
                    3f:80:ac:1c:8c:7a:42:dc:ef:13:e3:22:cf:4c:8a:
                    3e:61:04:d7:30:ee:1b:48:72:a8:65:d0:02:80:78:
                    03:84:d4:a9:cc:d3:31:4d:4a:2d:27:f1:43:72:fd:
                    61:48:3e:a2:64:9e:db:05:d3:41:4a:96:f8:f4:9c:
                    85:95:0f:9d:e0:40:8b:ec:a2:16:6c:0d:1a:96:63:
                    7e:25:08:dc:3e:2e:07:b6:7a:12:b7:1b:a7:e5:64:
                    28:3f:e1:d6:1f:25:96:ba:a5:eb:d5:53:42:4f:99:
                    70:b3:4c:5c:6d:47:13:c4:d5:b5:42:4a:7b:03:57:
                    4e:f6:fd:af:94:00:cb:87:2a:96:56:7c:00:71:2a:
                    af:80:da:40:be:73:ef:f1:67:06:1c:98:d7:5d:62:
                    7d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:C4:B5:4F:93:B6:AB:7D:76:0B:F5:A2:E0:C6:C4:71:93:1D:EA:1F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS36231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:ba:db:e8:0a:0c:2c:95:b6:01:3e:41:f5:cf:8e:fa:92:8b:
         a1:1f:44:fa:84:f0:bd:1e:b3:34:4d:4d:af:1f:bf:8e:bf:54:
         2c:15:4f:62:75:bb:ed:8c:ec:61:2a:ad:08:e3:29:c6:49:4e:
         43:25:58:55:10:a9:2a:c6:2e:39:33:ce:85:ab:14:27:20:95:
         01:8d:ee:3a:8c:37:1b:53:db:ba:67:61:11:cf:e5:c2:c9:1f:
         95:87:68:f6:1b:3f:ee:eb:34:6e:cd:26:a1:59:56:99:fd:fa:
         7d:e3:96:b0:89:74:8e:02:3b:ec:3f:d4:d5:01:95:ac:fd:18:
         73:0c:1a:7f:79:c3:4b:be:da:cb:27:99:81:f5:4a:74:ba:75:
         9e:fe:bc:1c:a9:b3:8c:6d:00:53:6b:11:48:86:b4:4e:91:77:
         ca:20:2b:54:67:cb:bd:b0:22:44:7c:fc:fe:b3:6b:1a:10:10:
         d8:db:1f:16:fc:f1:d8:7e:28:1c:97:31:2b:96:75:5d:ed:4b:
         20:53:b3:a6:f2:78:c4:46:e6:21:df:9c:ea:7e:af:f0:43:76:
         d6:d3:d2:96:38:cc:dd:56:49:36:ac:f6:e8:9e:13:e2:61:5f:
         17:3e:40:49:2e:e5:18:d2:00:60:94:ff:9b:ce:4c:bc:21:4a:
         66:af:2b:76
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYYdQDb6bmz9mbwK+hH7IfPZHBG8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTBaFw0yNjA2MDQxNzM5NTBaMDMxMTAvBgNV
BAMTKDdCQzRCNTRGOTNCNkFCN0Q3NjBCRjVBMkUwQzZDNDcxOTMxREVBMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWQq6cNJ+r0zZ6TbH76CqRWjxP
XSiNXX66cJd7fA/zAbpDN/uNLOwK//ZKQZRZRxX4c0LylRV/hJ9bARYuoaL/ArFO
A4q2LqtQDY8LQMHu8VOMpn8hS+ioqiVuZUHaDU5oR1d0NF1RCD+ArByMekLc7xPj
Is9Mij5hBNcw7htIcqhl0AKAeAOE1KnM0zFNSi0n8UNy/WFIPqJkntsF00FKlvj0
nIWVD53gQIvsohZsDRqWY34lCNw+Lge2ehK3G6flZCg/4dYfJZa6pevVU0JPmXCz
TFxtRxPE1bVCSnsDV072/a+UAMuHKpZWfABxKq+A2kC+c+/xZwYcmNddYn1FAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUe8S1T5O2q312C/Wi4MbEcZMd6h8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzYyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFGQw
DQYJKoZIhvcNAQELBQADggEBAK+62+gKDCyVtgE+QfXPjvqSi6EfRPqE8L0eszRN
Ta8fv46/VCwVT2J1u+2M7GEqrQjjKcZJTkMlWFUQqSrGLjkzzoWrFCcglQGN7jqM
NxtT27pnYRHP5cLJH5WHaPYbP+7rNG7NJqFZVpn9+n3jlrCJdI4CO+w/1NUBlaz9
GHMMGn95w0u+2ssnmYH1SnS6dZ7+vByps4xtAFNrEUiGtE6Rd8ogK1Rny72wIkR8
/P6zaxoQENjbHxb88dh+KByXMSuWdV3tSyBTs6byeMRG5iHfnOp+r/BDdtbT0pY4
zN1WSTas9uieE+JhXxc+QEku5RjSAGCU/5vOTLwhSmavK3Y=
-----END CERTIFICATE-----