Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401903.roa
File:                     AS401903.roa (raw, json)
Hash identifier:          BVglOB58+CsIOoAZ/AA8ni+2RQH2JhUM16CvH27YkqY=
Subject key identifier:   D2:AA:E1:09:8C:9E:72:E9:BA:77:4D:F6:E0:2C:27:E9:19:AE:A4:8E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       53B5529C0E16860070727722BE3CD5A8A931E06F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401903.roa
Signing time:             Thu 28 Aug 2025 16:26:02 +0000
ROA not before:           Thu 28 Aug 2025 16:21:02 +0000
ROA not after:            Thu 27 Aug 2026 16:26:02 +0000
asID:                     401903
IP address blocks:        143.20.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:b5:52:9c:0e:16:86:00:70:72:77:22:be:3c:d5:a8:a9:31:e0:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 28 16:21:02 2025 GMT
            Not After : Aug 27 16:26:02 2026 GMT
        Subject: CN=D2AAE1098C9E72E9BA774DF6E02C27E919AEA48E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:aa:30:16:0f:3c:27:2a:ef:cc:f3:8b:4e:02:
                    16:71:c6:ca:85:7d:f4:02:7b:da:30:e1:4f:e7:f8:
                    df:db:57:f8:68:65:be:20:9d:b1:5f:7f:c3:1a:be:
                    07:72:e7:66:3d:f8:ef:fe:24:66:91:09:ef:c6:de:
                    09:ce:04:d8:3d:1c:cd:10:0a:20:b3:8f:8c:ef:ad:
                    ec:cf:ab:39:77:9b:e4:4e:85:5d:d3:0b:b4:ec:c9:
                    dc:30:49:8d:9f:4e:9b:8b:cc:9e:60:9d:bc:06:fc:
                    58:4a:fb:9c:b7:aa:49:da:38:4a:db:4a:77:5f:64:
                    48:ef:ed:a0:e0:39:f9:97:22:08:33:d7:7a:45:97:
                    39:e2:dd:2a:d0:40:f8:0a:f8:6f:94:a4:35:f1:4c:
                    be:e2:5d:55:43:91:be:df:42:51:58:0d:81:7f:88:
                    2e:fc:7b:b5:38:54:be:44:34:d1:0d:6e:00:b1:20:
                    bf:08:49:40:7e:38:35:a3:8a:a7:7a:40:60:4b:1a:
                    44:4e:0b:ab:b8:76:54:d1:ef:45:4a:ef:4c:68:9d:
                    c2:39:6a:f4:3c:75:9e:47:3c:ec:fd:49:63:ed:f8:
                    40:dc:47:38:ef:c9:d3:72:e3:d9:b1:0e:ea:33:2b:
                    7b:83:12:3b:81:ca:b7:ad:94:4d:34:43:f6:be:8c:
                    17:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:AA:E1:09:8C:9E:72:E9:BA:77:4D:F6:E0:2C:27:E9:19:AE:A4:8E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401903.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:10:e9:a6:ed:9b:40:ec:6e:9d:49:47:45:5d:8e:92:6f:9e:
         73:b8:fd:c6:c2:cb:75:1a:7a:f8:83:83:e2:b3:a7:86:6c:dc:
         d6:f6:23:7c:ec:68:5a:54:7a:9f:74:27:1e:81:8c:19:a7:ae:
         b0:b6:49:4d:a4:4a:ac:9b:ca:8c:86:16:97:4c:9b:c9:a9:02:
         5f:be:c3:c8:f8:8e:90:5a:47:24:fe:89:3c:71:23:a2:53:d7:
         5a:32:1d:19:41:74:fe:ad:bf:f2:3b:be:3c:24:ab:28:ed:c3:
         fc:56:38:15:d1:75:1a:bd:df:35:6c:02:bc:68:1a:12:8a:1c:
         65:2a:da:e9:a6:df:19:ae:f6:9a:93:18:fa:24:66:c0:62:ac:
         6f:be:b9:26:ad:24:92:c9:89:b8:69:1b:c1:03:8f:85:c7:d9:
         8e:11:9b:92:52:de:34:23:a2:fa:5e:07:c8:ae:97:e4:9c:91:
         e3:e2:cf:9f:b5:48:99:f6:b9:d4:05:0d:d7:3d:91:12:60:cb:
         ee:38:48:19:ae:e8:bb:e9:f4:3b:34:d3:63:b9:2a:61:a2:19:
         3b:c4:ed:ab:19:92:79:87:4f:1e:2f:b1:38:20:1f:4f:84:08:
         b1:f4:c6:9a:8e:8d:62:3f:ee:0c:5f:9f:e2:c5:7a:93:c1:74:
         65:a9:c6:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU7VSnA4WhgBwcncivjzVqKkx4G8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MjgxNjIxMDJaFw0yNjA4MjcxNjI2MDJaMDMxMTAvBgNV
BAMTKEQyQUFFMTA5OEM5RTcyRTlCQTc3NERGNkUwMkMyN0U5MTlBRUE0OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWqjAWDzwnKu/M84tOAhZxxsqF
ffQCe9ow4U/n+N/bV/hoZb4gnbFff8Mavgdy52Y9+O/+JGaRCe/G3gnOBNg9HM0Q
CiCzj4zvrezPqzl3m+ROhV3TC7TsydwwSY2fTpuLzJ5gnbwG/FhK+5y3qknaOErb
SndfZEjv7aDgOfmXIggz13pFlzni3SrQQPgK+G+UpDXxTL7iXVVDkb7fQlFYDYF/
iC78e7U4VL5ENNENbgCxIL8ISUB+ODWjiqd6QGBLGkROC6u4dlTR70VK70xoncI5
avQ8dZ5HPOz9SWPt+EDcRzjvydNy49mxDuozK3uDEjuByretlE00Q/a+jBefAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU0qrhCYyecum6d0324Cwn6RmupI4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAxOTAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSW
MA0GCSqGSIb3DQEBCwUAA4IBAQDHEOmm7ZtA7G6dSUdFXY6Sb55zuP3Gwst1Gnr4
g4Pis6eGbNzW9iN87GhaVHqfdCcegYwZp66wtklNpEqsm8qMhhaXTJvJqQJfvsPI
+I6QWkck/ok8cSOiU9daMh0ZQXT+rb/yO748JKso7cP8VjgV0XUavd81bAK8aBoS
ihxlKtrppt8Zrvaakxj6JGbAYqxvvrkmrSSSyYm4aRvBA4+Fx9mOEZuSUt40I6L6
XgfIrpfknJHj4s+ftUiZ9rnUBQ3XPZESYMvuOEgZrui76fQ7NNNjuSphohk7xO2r
GZJ5h08eL7E4IB9PhAix9Maajo1iP+4MX5/ixXqTwXRlqca4
-----END CERTIFICATE-----