Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400556.roa
File:                     AS400556.roa (raw, json)
Hash identifier:          5YV4sAxP0em0ZHou9UzQGu7n5p7UYDsUJiyfGNd7s3w=
Subject key identifier:   1F:A4:B5:5C:D0:53:70:52:18:F8:97:8C:7E:C1:97:28:8C:6F:7A:D3
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       024436F8E070AEF2843161AB4D0846C3685E1429
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400556.roa
Signing time:             Thu 05 Jun 2025 17:39:51 +0000
ROA not before:           Thu 05 Jun 2025 17:34:51 +0000
ROA not after:            Thu 04 Jun 2026 17:39:51 +0000
asID:                     400556
IP address blocks:        143.20.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:44:36:f8:e0:70:ae:f2:84:31:61:ab:4d:08:46:c3:68:5e:14:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:51 2025 GMT
            Not After : Jun  4 17:39:51 2026 GMT
        Subject: CN=1FA4B55CD053705218F8978C7EC197288C6F7AD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d9:12:41:7a:a4:df:40:e8:ff:ce:f1:f4:6d:
                    be:d4:5c:23:50:4d:12:6a:ba:19:55:a3:2b:5f:f6:
                    6a:ec:7b:d2:c3:96:84:5c:ab:40:4c:b5:20:d6:f4:
                    c8:a4:5d:8d:63:8c:3d:d0:d0:56:f6:e6:ed:9c:ce:
                    d5:99:63:18:3b:13:d9:24:09:8a:3b:f6:58:c2:6c:
                    92:1a:d8:4e:af:40:86:04:b8:27:dd:01:f6:36:b0:
                    66:ff:aa:0a:d3:21:61:23:29:cb:44:f8:f3:5a:47:
                    e0:de:bb:ef:5e:76:b6:54:ff:be:17:41:29:5d:0d:
                    ad:9a:df:10:96:f8:ef:1b:03:90:f9:b7:bb:b1:08:
                    0c:67:be:f6:8b:cb:b0:17:60:2e:17:f5:8c:08:f2:
                    0f:17:b4:a6:fc:77:e2:fd:b7:eb:ae:e1:53:d0:94:
                    02:e6:9c:5c:ec:dd:ec:85:34:1e:d0:20:a4:c3:5e:
                    9e:83:9b:82:23:f3:85:a9:0c:05:83:a4:78:95:55:
                    f5:6e:23:14:d0:81:6a:83:35:34:69:86:33:9c:11:
                    fd:a5:40:65:50:9d:ff:50:79:77:15:f8:3a:c1:99:
                    27:c2:bb:7f:ad:09:ed:98:8c:80:c8:d9:c2:d2:69:
                    0d:15:fc:06:c9:99:c9:4c:03:4a:e5:d1:fa:dd:5b:
                    6d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:A4:B5:5C:D0:53:70:52:18:F8:97:8C:7E:C1:97:28:8C:6F:7A:D3
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400556.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:34:ec:23:ca:cf:c6:25:9b:0a:1a:a2:77:38:ba:a2:a1:93:
         8f:2a:a7:e1:b4:ed:25:38:a2:45:de:9c:bb:8d:f0:6d:fc:cb:
         f8:19:f9:36:63:fd:7e:1b:ef:79:7d:5c:24:4a:f0:07:0c:10:
         05:9a:8c:78:2d:31:95:63:61:03:bf:b0:07:1d:a4:12:85:9e:
         aa:90:f3:a4:35:80:84:5c:c7:e4:43:78:ac:cd:62:8c:74:75:
         64:47:59:5f:a8:76:b0:51:85:58:d7:f7:29:b0:b4:cc:4a:17:
         ef:48:fd:06:82:bc:de:f8:f6:f0:68:04:b3:41:2b:4c:17:49:
         fa:ff:77:11:6c:5c:05:d2:fa:0b:ec:83:04:6e:e2:3f:f8:3e:
         b0:fb:06:7a:c1:e4:19:4a:db:e7:76:df:b1:74:4b:ee:f8:7d:
         93:b6:54:01:95:cd:a0:8c:61:02:65:00:14:af:cc:cf:99:5c:
         81:be:e9:14:99:1b:a5:20:82:83:ce:1c:46:af:e8:c7:ec:b8:
         c3:b1:64:04:a8:10:6a:ef:a1:23:34:02:72:26:ca:a6:d1:26:
         7a:5f:6f:50:e1:c3:48:f4:ca:56:9e:23:75:9b:76:a3:c8:9d:
         26:7f:6d:e4:28:08:94:a2:ba:28:60:c8:19:18:79:ff:43:59:
         a5:d8:c4:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAkQ2+OBwrvKEMWGrTQhGw2heFCkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTFaFw0yNjA2MDQxNzM5NTFaMDMxMTAvBgNV
BAMTKDFGQTRCNTVDRDA1MzcwNTIxOEY4OTc4QzdFQzE5NzI4OEM2RjdBRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt2RJBeqTfQOj/zvH0bb7UXCNQ
TRJquhlVoytf9mrse9LDloRcq0BMtSDW9MikXY1jjD3Q0Fb25u2cztWZYxg7E9kk
CYo79ljCbJIa2E6vQIYEuCfdAfY2sGb/qgrTIWEjKctE+PNaR+Deu+9edrZU/74X
QSldDa2a3xCW+O8bA5D5t7uxCAxnvvaLy7AXYC4X9YwI8g8XtKb8d+L9t+uu4VPQ
lALmnFzs3eyFNB7QIKTDXp6Dm4Ij84WpDAWDpHiVVfVuIxTQgWqDNTRphjOcEf2l
QGVQnf9QeXcV+DrBmSfCu3+tCe2YjIDI2cLSaQ0V/AbJmclMA0rl0frdW20xAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUH6S1XNBTcFIY+JeMfsGXKIxvetMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAwNTU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxR6
MA0GCSqGSIb3DQEBCwUAA4IBAQBDNOwjys/GJZsKGqJ3OLqioZOPKqfhtO0lOKJF
3py7jfBt/Mv4Gfk2Y/1+G+95fVwkSvAHDBAFmox4LTGVY2EDv7AHHaQShZ6qkPOk
NYCEXMfkQ3iszWKMdHVkR1lfqHawUYVY1/cpsLTMShfvSP0Ggrze+PbwaASzQStM
F0n6/3cRbFwF0voL7IMEbuI/+D6w+wZ6weQZStvndt+xdEvu+H2TtlQBlc2gjGEC
ZQAUr8zPmVyBvukUmRulIIKDzhxGr+jH7LjDsWQEqBBq76EjNAJyJsqm0SZ6X29Q
4cNI9MpWniN1m3ajyJ0mf23kKAiUorooYMgZGHn/Q1ml2MQQ
-----END CERTIFICATE-----