Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS55720.roa
File:                     AS55720.roa (raw, json)
Hash identifier:          Lk/G251gSeJJN+AX547r/Fryd3Os6FKV4c0KtJNk+Iw=
Subject key identifier:   91:E7:F0:93:1E:C1:0D:49:E3:8B:3E:48:DA:56:DB:DB:37:37:69:DF
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       773E92D8CA84E1032EE989222C2F7302267A383A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS55720.roa
Signing time:             Mon 15 Sep 2025 13:51:51 +0000
ROA not before:           Mon 15 Sep 2025 13:46:51 +0000
ROA not after:            Mon 14 Sep 2026 13:51:51 +0000
asID:                     55720
IP address blocks:        143.20.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:3e:92:d8:ca:84:e1:03:2e:e9:89:22:2c:2f:73:02:26:7a:38:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 15 13:46:51 2025 GMT
            Not After : Sep 14 13:51:51 2026 GMT
        Subject: CN=91E7F0931EC10D49E38B3E48DA56DBDB373769DF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:63:0f:00:90:31:ee:9a:af:96:9f:fb:82:02:
                    7b:fa:1b:04:22:9e:ea:6b:cb:ab:70:15:01:eb:ce:
                    66:8d:8e:27:aa:0a:9f:ed:7b:aa:48:b1:c1:cf:a8:
                    4e:1b:b0:22:cd:38:cb:53:39:84:42:c6:7d:ed:80:
                    a4:be:da:85:27:83:50:a1:ce:5e:d7:a6:fa:3c:d9:
                    e1:81:4b:db:46:69:57:bb:a0:4b:2f:2d:ed:d7:c6:
                    6b:a5:0f:98:b7:9e:1c:e5:99:58:7a:1e:cc:86:68:
                    3f:13:a6:68:31:69:3d:bb:74:47:9b:e7:b4:59:c6:
                    32:f9:1c:27:c5:de:e4:1b:d8:96:bd:0d:11:9b:69:
                    5d:42:07:84:07:95:d3:2b:14:47:e0:46:a4:23:d4:
                    b7:ee:e4:11:4f:51:ae:ab:2e:a9:bd:d7:97:55:fb:
                    6e:df:74:48:37:76:e2:de:f7:ff:4e:70:91:09:56:
                    a7:43:91:a9:76:f1:54:ac:8f:4c:b9:f7:16:86:18:
                    66:46:39:be:a3:20:11:92:d8:34:8e:ef:40:ec:bf:
                    e2:27:10:9e:23:e5:36:3c:11:c7:da:17:b9:b7:14:
                    fe:f4:5d:90:62:41:ab:6e:cd:a7:43:cc:af:28:fd:
                    43:c1:0e:bd:32:bc:2d:19:57:19:ae:06:e3:6e:c0:
                    f9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E7:F0:93:1E:C1:0D:49:E3:8B:3E:48:DA:56:DB:DB:37:37:69:DF
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS55720.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:c4:94:cc:f3:02:3f:e5:6c:54:c4:9f:92:55:72:1c:09:af:
         2b:d3:d5:53:94:a9:64:ad:c7:4b:89:d8:81:6a:b1:7a:57:2b:
         40:e3:c8:50:d2:83:ba:35:e0:c3:46:63:ec:52:ad:6b:06:57:
         68:c7:db:94:0b:2d:32:01:c9:80:48:53:69:04:2b:ba:84:e4:
         89:08:ca:6b:2e:f0:5f:e2:5b:51:6b:94:14:7f:f1:f1:26:ae:
         be:a8:f1:b2:1a:a8:f1:82:16:21:df:0e:ec:68:20:3e:0d:fc:
         ff:1f:75:76:ff:b3:f6:54:9a:c8:bd:f1:21:a0:f6:5a:5c:b4:
         dc:a8:4c:35:5a:cd:a1:6e:a7:8a:2b:cb:2c:e7:3f:fd:cb:e8:
         d3:cc:49:b4:91:f4:9d:f5:59:f7:81:78:02:4b:b3:f3:f5:2e:
         c6:3d:e8:44:b0:a1:c8:a2:af:88:6a:d5:39:1e:fa:2e:29:92:
         e0:b1:fb:a4:74:4b:99:3b:c4:29:d9:bf:47:e0:5c:05:27:f1:
         02:06:ab:e2:ba:e3:bf:c6:c6:d7:91:25:22:02:ba:bf:b9:11:
         a4:50:5e:32:57:02:9f:df:1a:9c:e3:43:c8:28:6a:cd:09:24:
         08:6a:6b:d5:ee:fe:4a:77:93:25:93:7d:b1:1a:c0:9b:da:e9:
         c2:af:57:c0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdz6S2MqE4QMu6YkiLC9zAiZ6ODowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MTUxMzQ2NTFaFw0yNjA5MTQxMzUxNTFaMDMxMTAvBgNV
BAMTKDkxRTdGMDkzMUVDMTBENDlFMzhCM0U0OERBNTZEQkRCMzczNzY5REYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTYw8AkDHumq+Wn/uCAnv6GwQi
nupry6twFQHrzmaNjieqCp/te6pIscHPqE4bsCLNOMtTOYRCxn3tgKS+2oUng1Ch
zl7Xpvo82eGBS9tGaVe7oEsvLe3XxmulD5i3nhzlmVh6HsyGaD8TpmgxaT27dEeb
57RZxjL5HCfF3uQb2Ja9DRGbaV1CB4QHldMrFEfgRqQj1Lfu5BFPUa6rLqm915dV
+27fdEg3duLe9/9OcJEJVqdDkal28VSsj0y59xaGGGZGOb6jIBGS2DSO70Dsv+In
EJ4j5TY8EcfaF7m3FP70XZBiQatuzadDzK8o/UPBDr0yvC0ZVxmuBuNuwPlvAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUkefwkx7BDUnjiz5I2lbb2zc3ad8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTU3MjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFKYw
DQYJKoZIhvcNAQELBQADggEBAGTElMzzAj/lbFTEn5JVchwJryvT1VOUqWStx0uJ
2IFqsXpXK0DjyFDSg7o14MNGY+xSrWsGV2jH25QLLTIByYBIU2kEK7qE5IkIymsu
8F/iW1FrlBR/8fEmrr6o8bIaqPGCFiHfDuxoID4N/P8fdXb/s/ZUmsi98SGg9lpc
tNyoTDVazaFup4oryyznP/3L6NPMSbSR9J31WfeBeAJLs/P1LsY96ESwociir4hq
1Tke+i4pkuCx+6R0S5k7xCnZv0fgXAUn8QIGq+K647/GxteRJSICur+5EaRQXjJX
Ap/fGpzjQ8goas0JJAhqa9Xu/kp3kyWTfbEawJva6cKvV8A=
-----END CERTIFICATE-----