Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS57974.roa
File:                     AS57974.roa (raw, json)
Hash identifier:          /KKmKR565hikR4SnWPnhODqkCLV/61+o8A7rgq548yI=
Subject key identifier:   3F:37:F3:47:77:30:A0:B8:B3:36:3A:41:59:F0:A7:FC:84:85:3F:E2
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3C740EFD4D5F1C9DE160DF24165EE3FBD02E06E2
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS57974.roa
Signing time:             Wed 03 Sep 2025 20:14:20 +0000
ROA not before:           Wed 03 Sep 2025 20:09:20 +0000
ROA not after:            Wed 02 Sep 2026 20:14:20 +0000
asID:                     57974
IP address blocks:        143.20.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:74:0e:fd:4d:5f:1c:9d:e1:60:df:24:16:5e:e3:fb:d0:2e:06:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep  3 20:09:20 2025 GMT
            Not After : Sep  2 20:14:20 2026 GMT
        Subject: CN=3F37F3477730A0B8B3363A4159F0A7FC84853FE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0a:f4:48:ea:d5:15:a7:c2:e4:e1:3d:cb:52:
                    cf:dd:33:35:36:8d:31:15:66:8c:2a:71:0a:38:9b:
                    85:75:57:fb:94:fc:75:aa:00:46:17:6b:b4:4b:86:
                    6d:f1:46:13:bc:ac:4e:5b:24:bf:55:e1:fc:1b:4b:
                    10:e0:ab:33:a4:f9:a4:00:b4:c2:f6:2c:2c:3a:95:
                    7f:12:13:3b:59:68:8e:9d:b5:68:90:b0:69:4a:9d:
                    ad:05:44:a2:e0:48:87:8a:04:e6:de:57:20:f9:fb:
                    81:92:7d:2b:73:96:01:54:cb:be:62:23:f8:d2:72:
                    67:7b:2c:2e:f2:81:14:cb:55:46:ed:b4:91:68:7e:
                    a6:f0:57:04:31:74:17:b5:21:27:1d:b2:a9:78:7f:
                    a3:f4:04:30:2f:68:30:c1:12:bf:49:ec:c3:ca:69:
                    97:60:fd:4d:dd:7a:20:73:8a:d5:4e:35:3c:ac:7c:
                    8e:17:70:94:a3:a5:a5:72:14:03:cd:f5:09:c0:36:
                    43:11:2b:90:a3:8f:e5:86:c8:d6:fc:ab:37:2c:fb:
                    48:77:49:50:33:74:5a:d5:86:3a:55:1b:11:69:54:
                    13:fa:a2:95:97:46:af:69:13:d4:c4:05:bd:5d:ee:
                    85:ba:46:83:98:32:1a:69:e8:a9:d0:88:81:66:e1:
                    fb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:37:F3:47:77:30:A0:B8:B3:36:3A:41:59:F0:A7:FC:84:85:3F:E2
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS57974.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:e5:ad:06:c5:f1:08:ec:17:46:b9:f4:f2:76:14:01:71:97:
         42:06:b0:96:c0:f9:96:20:9d:aa:78:2e:7b:34:0b:d2:97:82:
         91:5b:a5:ac:4c:e4:bb:65:a9:3b:d9:e1:e6:ea:60:12:88:f2:
         5b:15:a9:88:b8:f5:4f:78:88:ba:72:7f:71:42:46:73:70:70:
         35:88:6c:59:b0:fe:89:cf:71:85:4e:c9:6e:b5:f4:11:5f:ef:
         27:3a:f6:40:89:a0:61:de:d4:50:a3:cf:c3:17:79:5a:bc:86:
         eb:5b:5a:ce:a7:d9:6b:61:4b:60:32:32:97:1d:5e:b7:01:74:
         7a:65:bd:b9:07:22:f9:57:12:56:76:ee:11:a3:a2:fd:56:7f:
         1a:bb:29:53:3c:94:ed:e1:44:a6:29:ba:ed:5e:60:7b:98:11:
         91:21:c4:1e:78:3f:43:3c:76:2d:d5:da:c4:18:12:7e:aa:00:
         16:d3:6e:24:87:14:4f:81:97:a0:0f:48:b7:f1:5c:48:1f:8b:
         fc:4d:61:a3:46:4f:75:cc:4a:33:c0:a1:73:0d:7b:be:34:86:
         37:65:dc:05:cd:1c:16:f0:34:30:0b:19:b5:c2:a3:19:16:c4:
         5c:f9:5c:82:63:ec:c9:2e:6f:e1:52:16:49:67:bc:8e:02:03:
         76:99:f0:44
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPHQO/U1fHJ3hYN8kFl7j+9AuBuIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MDMyMDA5MjBaFw0yNjA5MDIyMDE0MjBaMDMxMTAvBgNV
BAMTKDNGMzdGMzQ3NzczMEEwQjhCMzM2M0E0MTU5RjBBN0ZDODQ4NTNGRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjCvRI6tUVp8Lk4T3LUs/dMzU2
jTEVZowqcQo4m4V1V/uU/HWqAEYXa7RLhm3xRhO8rE5bJL9V4fwbSxDgqzOk+aQA
tML2LCw6lX8SEztZaI6dtWiQsGlKna0FRKLgSIeKBObeVyD5+4GSfStzlgFUy75i
I/jScmd7LC7ygRTLVUbttJFofqbwVwQxdBe1IScdsql4f6P0BDAvaDDBEr9J7MPK
aZdg/U3deiBzitVONTysfI4XcJSjpaVyFAPN9QnANkMRK5Cjj+WGyNb8qzcs+0h3
SVAzdFrVhjpVGxFpVBP6opWXRq9pE9TEBb1d7oW6RoOYMhpp6KnQiIFm4fuRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUPzfzR3cwoLizNjpBWfCn/ISFP+IwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTc5NzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFGEw
DQYJKoZIhvcNAQELBQADggEBANblrQbF8QjsF0a59PJ2FAFxl0IGsJbA+ZYgnap4
Lns0C9KXgpFbpaxM5LtlqTvZ4ebqYBKI8lsVqYi49U94iLpyf3FCRnNwcDWIbFmw
/onPcYVOyW619BFf7yc69kCJoGHe1FCjz8MXeVq8hutbWs6n2WthS2AyMpcdXrcB
dHplvbkHIvlXElZ27hGjov1Wfxq7KVM8lO3hRKYpuu1eYHuYEZEhxB54P0M8di3V
2sQYEn6qABbTbiSHFE+Bl6APSLfxXEgfi/xNYaNGT3XMSjPAoXMNe740hjdl3AXN
HBbwNDALGbXCoxkWxFz5XIJj7Mkub+FSFklnvI4CA3aZ8EQ=
-----END CERTIFICATE-----