Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          Q8VXOgZ/iE9Ft40c254bcr8PhN3HpqaUFCtET4xzn4g=
Subject key identifier:   1C:3D:BF:91:A5:CF:E8:DB:3A:79:5C:F3:D8:2D:0A:F4:6C:86:38:0A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6986853CE43726ACA5FA96CBE39B80880ECC76B0
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS395374.roa
Signing time:             Fri 06 Jun 2025 07:12:21 +0000
ROA not before:           Fri 06 Jun 2025 07:07:21 +0000
ROA not after:            Fri 05 Jun 2026 07:12:21 +0000
asID:                     395374
IP address blocks:        143.20.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:86:85:3c:e4:37:26:ac:a5:fa:96:cb:e3:9b:80:88:0e:cc:76:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  6 07:07:21 2025 GMT
            Not After : Jun  5 07:12:21 2026 GMT
        Subject: CN=1C3DBF91A5CFE8DB3A795CF3D82D0AF46C86380A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f7:af:e3:31:36:fc:14:51:3a:b3:5a:37:1b:
                    97:75:e7:bf:91:a2:60:85:19:9c:f3:c4:e3:47:29:
                    55:90:74:9e:cf:ff:14:fe:97:a0:12:7a:b4:a4:ba:
                    71:4b:e9:ee:b3:1c:07:85:fb:aa:05:04:68:ce:db:
                    3a:bd:fa:87:d3:23:07:e5:08:1b:eb:36:0e:31:8e:
                    8f:12:b0:eb:63:5f:45:3b:c4:ca:7d:67:05:f9:14:
                    93:dc:0c:44:e3:ff:df:a3:fb:19:d5:25:c4:37:a5:
                    01:d0:6d:cb:44:94:0d:d1:b6:53:84:82:e1:f2:a1:
                    f7:5b:24:07:c5:18:20:46:4a:5b:6f:f9:3e:39:2f:
                    5f:7a:d6:38:1f:a0:bb:c2:08:a7:db:84:04:58:24:
                    a7:b3:0a:4c:f9:ac:f3:45:e3:d5:f0:e6:e2:b6:3f:
                    02:2a:cf:d8:a6:73:30:05:da:ec:37:fb:af:25:31:
                    8d:ef:b8:8c:48:51:14:38:17:dc:f6:5f:99:3a:da:
                    1e:2b:da:f7:77:2b:db:e2:4b:6b:31:28:bc:46:39:
                    d1:0a:74:2d:9b:9f:c3:41:b2:32:5a:24:a6:d7:20:
                    f7:11:fa:d7:3a:02:19:ad:23:64:3b:a0:7d:33:83:
                    c5:68:90:b4:2d:7f:53:ab:fc:ac:ee:6e:d0:2d:8a:
                    14:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:3D:BF:91:A5:CF:E8:DB:3A:79:5C:F3:D8:2D:0A:F4:6C:86:38:0A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:46:bf:1b:af:fe:1f:27:12:fd:60:0f:99:d9:3a:68:24:44:
         eb:c5:96:e6:c3:2c:d1:7a:1b:2a:24:d9:51:e6:05:4e:98:53:
         53:8b:fa:7b:67:45:6d:d8:b7:91:8f:95:e8:47:d9:65:21:c9:
         8e:df:63:67:a8:76:6d:d2:9f:f1:06:8f:60:d9:a4:74:73:fe:
         ab:c4:47:ac:42:de:65:d1:80:62:fd:51:9d:ff:6c:63:e0:0a:
         db:75:73:62:91:fd:17:b6:97:27:fd:4c:93:0d:e1:32:3a:56:
         a4:b0:3b:a4:5e:84:4f:aa:df:2b:bd:ca:aa:c1:db:05:6d:58:
         38:46:05:07:84:9d:b1:0b:44:49:c7:14:d7:a3:dd:06:7b:77:
         71:5c:7a:87:e3:65:5e:08:bb:5f:12:bf:7d:d1:af:ec:3c:27:
         de:28:c9:42:64:52:e7:9c:8e:40:50:95:2e:2e:08:0d:49:2e:
         cc:76:40:0f:a4:fe:46:e9:64:e0:7f:c5:e5:6b:74:09:c6:a0:
         82:81:37:44:de:f8:7e:65:84:fa:bf:e0:f2:62:f7:93:1d:22:
         30:48:02:a7:d2:53:52:df:fa:f9:74:2d:db:bf:0d:cd:34:94:
         5f:3c:4f:5f:ee:f2:13:f0:4a:3c:e6:9a:75:f9:fe:0f:36:08:
         66:62:43:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaYaFPOQ3Jqyl+pbL45uAiA7MdrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDYwNzA3MjFaFw0yNjA2MDUwNzEyMjFaMDMxMTAvBgNV
BAMTKDFDM0RCRjkxQTVDRkU4REIzQTc5NUNGM0Q4MkQwQUY0NkM4NjM4MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCU96/jMTb8FFE6s1o3G5d157+R
omCFGZzzxONHKVWQdJ7P/xT+l6ASerSkunFL6e6zHAeF+6oFBGjO2zq9+ofTIwfl
CBvrNg4xjo8SsOtjX0U7xMp9ZwX5FJPcDETj/9+j+xnVJcQ3pQHQbctElA3RtlOE
guHyofdbJAfFGCBGSltv+T45L1961jgfoLvCCKfbhARYJKezCkz5rPNF49Xw5uK2
PwIqz9imczAF2uw3+68lMY3vuIxIURQ4F9z2X5k62h4r2vd3K9viS2sxKLxGOdEK
dC2bn8NBsjJaJKbXIPcR+tc6AhmtI2Q7oH0zg8VokLQtf1Or/KzubtAtihTTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHD2/kaXP6Ns6eVzz2C0K9GyGOAowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRa
MA0GCSqGSIb3DQEBCwUAA4IBAQCmRr8br/4fJxL9YA+Z2TpoJETrxZbmwyzRehsq
JNlR5gVOmFNTi/p7Z0Vt2LeRj5XoR9llIcmO32NnqHZt0p/xBo9g2aR0c/6rxEes
Qt5l0YBi/VGd/2xj4ArbdXNikf0Xtpcn/UyTDeEyOlaksDukXoRPqt8rvcqqwdsF
bVg4RgUHhJ2xC0RJxxTXo90Ge3dxXHqH42VeCLtfEr990a/sPCfeKMlCZFLnnI5A
UJUuLggNSS7MdkAPpP5G6WTgf8Xla3QJxqCCgTdE3vh+ZYT6v+DyYveTHSIwSAKn
0lNS3/r5dC3bvw3NNJRfPE9f7vIT8Eo85pp1+f4PNghmYkMF
-----END CERTIFICATE-----