Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS397423.roa
File:                     AS397423.roa (raw, json)
Hash identifier:          /oZKAQ+o47nVEiJ2cTjZprygiRzaDQeXm/uAzSshccI=
Subject key identifier:   AD:C1:29:C9:06:49:56:1E:1F:2B:2C:EC:EE:91:F3:0A:96:B4:66:A4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       781D7891347F933D3F99A2DBE2D6FC4F57DB3020
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS397423.roa
Signing time:             Tue 01 Jul 2025 14:42:29 +0000
ROA not before:           Tue 01 Jul 2025 14:37:29 +0000
ROA not after:            Tue 30 Jun 2026 14:42:29 +0000
asID:                     397423
IP address blocks:        143.20.128.0/22 maxlen: 22
                          143.20.136.0/22 maxlen: 22
                          143.20.180.0/22 maxlen: 22
                          143.20.188.0/22 maxlen: 22
                          143.20.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:1d:78:91:34:7f:93:3d:3f:99:a2:db:e2:d6:fc:4f:57:db:30:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul  1 14:37:29 2025 GMT
            Not After : Jun 30 14:42:29 2026 GMT
        Subject: CN=ADC129C90649561E1F2B2CECEE91F30A96B466A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:b4:2c:48:a6:45:64:71:51:8e:b6:b9:09:6f:
                    09:4e:44:d6:dd:3f:a0:a7:d0:4e:cf:19:4c:e3:e1:
                    8d:3f:b4:37:d9:a9:55:80:7a:84:e0:94:cf:21:01:
                    0d:a4:de:a4:c4:77:0a:17:53:65:9b:2f:24:c9:ca:
                    c2:04:ae:c5:cc:08:03:61:b1:a9:cb:50:86:ad:06:
                    c1:f0:e2:54:e7:0f:ff:f0:f2:76:ee:c4:1b:7b:c2:
                    fb:b5:0e:c3:68:5b:9c:42:ff:f3:be:26:22:08:ed:
                    58:34:96:fb:39:12:03:56:1c:1b:b9:3a:77:39:1d:
                    fb:ce:d8:0d:ae:db:d1:b0:da:6b:cf:9b:d6:24:04:
                    72:a4:4a:f6:9e:dd:2f:77:3b:53:f1:19:07:3e:ac:
                    b5:3d:8e:8b:4b:f7:20:7b:d9:74:ec:eb:01:b2:ce:
                    a0:a3:12:a6:d3:04:cf:f9:d1:ce:12:ad:a4:f0:01:
                    78:a7:80:19:06:83:75:92:ed:22:a6:40:06:a5:ed:
                    c2:76:44:f1:fb:8e:d4:3a:37:31:e4:f1:d8:b5:b5:
                    7c:d7:bd:37:4a:e9:4f:5b:b9:29:0d:73:3a:cf:42:
                    f8:ac:30:1e:24:0f:ee:74:b0:9d:33:15:aa:1a:14:
                    8e:37:0f:2d:bb:bd:63:95:ae:06:c0:1f:6a:89:1b:
                    55:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:C1:29:C9:06:49:56:1E:1F:2B:2C:EC:EE:91:F3:0A:96:B4:66:A4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS397423.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.128.0/22
                  143.20.136.0/22
                  143.20.180.0/22
                  143.20.188.0/22
                  143.20.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:7c:74:e3:99:93:a6:f4:ea:e7:37:50:51:f3:16:64:d9:84:
         0d:e1:31:0b:6a:f1:26:87:df:9e:89:b8:67:2e:7f:9a:ac:f4:
         40:5e:6d:6c:88:75:77:5a:90:d8:78:8e:dc:5e:e6:82:05:94:
         a1:56:97:ca:5c:42:f1:1c:3d:56:03:28:4c:0e:7f:db:79:69:
         7e:7d:f1:25:2f:bb:47:d3:3c:73:a9:d7:3d:f1:f8:6e:57:6d:
         56:19:0a:fe:6d:c9:ce:e1:69:ee:0a:97:ed:09:13:11:75:0a:
         4e:75:fd:cb:4a:74:7f:8a:de:c9:64:13:fd:1f:e3:d1:5a:1a:
         e6:a4:01:08:d7:f1:34:ea:c3:86:ee:88:2a:83:06:0c:49:c7:
         2b:73:e0:4d:94:8b:65:5d:89:3d:c8:1c:92:ff:c7:28:7a:1a:
         3b:05:a2:e8:de:53:52:ce:2d:51:8f:be:cc:ed:65:92:7d:de:
         96:27:65:b4:cc:0f:1c:29:2d:3c:38:42:d3:e0:0b:1c:ce:e4:
         6e:b7:4e:a8:fe:51:42:22:95:38:cb:17:33:0e:46:9a:6c:d7:
         3c:67:ff:a0:b6:81:a2:4c:d3:b9:d4:92:96:bf:e4:66:04:4a:
         3b:05:45:d4:5b:5b:c0:ef:91:52:88:f5:0e:9c:79:98:44:1c:
         5a:c2:06:30
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUeB14kTR/kz0/maLb4tb8T1fbMCAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MDExNDM3MjlaFw0yNjA2MzAxNDQyMjlaMDMxMTAvBgNV
BAMTKEFEQzEyOUM5MDY0OTU2MUUxRjJCMkNFQ0VFOTFGMzBBOTZCNDY2QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1tCxIpkVkcVGOtrkJbwlORNbd
P6Cn0E7PGUzj4Y0/tDfZqVWAeoTglM8hAQ2k3qTEdwoXU2WbLyTJysIErsXMCANh
sanLUIatBsHw4lTnD//w8nbuxBt7wvu1DsNoW5xC//O+JiII7Vg0lvs5EgNWHBu5
Onc5HfvO2A2u29Gw2mvPm9YkBHKkSvae3S93O1PxGQc+rLU9jotL9yB72XTs6wGy
zqCjEqbTBM/50c4SraTwAXingBkGg3WS7SKmQAal7cJ2RPH7jtQ6NzHk8di1tXzX
vTdK6U9buSkNczrPQvisMB4kD+50sJ0zFaoaFI43Dy27vWOVrgbAH2qJG1XlAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQUrcEpyQZJVh4fKyzs7pHzCpa0ZqQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk3NDIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCjxSA
AwQCjxSIAwQCjxS0AwQCjxS8AwQCjxTEMA0GCSqGSIb3DQEBCwUAA4IBAQCffHTj
mZOm9OrnN1BR8xZk2YQN4TELavEmh9+eibhnLn+arPRAXm1siHV3WpDYeI7cXuaC
BZShVpfKXELxHD1WAyhMDn/beWl+ffElL7tH0zxzqdc98fhuV21WGQr+bcnO4Wnu
CpftCRMRdQpOdf3LSnR/it7JZBP9H+PRWhrmpAEI1/E06sOG7ogqgwYMSccrc+BN
lItlXYk9yByS/8coeho7BaLo3lNSzi1Rj77M7WWSfd6WJ2W0zA8cKS08OELT4Asc
zuRut06o/lFCIpU4yxczDkaabNc8Z/+gtoGiTNO51JKWv+RmBEo7BUXUW1vA75FS
iPUOnHmYRBxawgYw
-----END CERTIFICATE-----
Generated at Fri Jul 4 13:18:39 2025 by rpki-client