Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9232.roa
File:                     AS9232.roa (raw, json)
Hash identifier:          FKFXZG5XSZZGnBrZ46hD7uYp+ElzJzuweNxY0ugRnJY=
Subject key identifier:   C4:06:D2:31:24:5A:B4:0A:FF:D3:02:68:B5:82:3A:10:9F:37:9D:F6
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5D4C7B5A22A9E9B4CC745AD93D778386364C15BB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9232.roa
Signing time:             Thu 05 Jun 2025 17:39:50 +0000
ROA not before:           Thu 05 Jun 2025 17:34:50 +0000
ROA not after:            Thu 04 Jun 2026 17:39:50 +0000
asID:                     9232
IP address blocks:        143.20.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:4c:7b:5a:22:a9:e9:b4:cc:74:5a:d9:3d:77:83:86:36:4c:15:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:50 2025 GMT
            Not After : Jun  4 17:39:50 2026 GMT
        Subject: CN=C406D231245AB40AFFD30268B5823A109F379DF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3f:bb:97:63:a4:71:c4:74:ad:ee:ae:a5:92:
                    98:02:40:63:f8:1b:17:9d:fe:0b:58:05:29:fc:2c:
                    44:80:b5:e0:47:59:f4:20:11:fd:81:18:66:7d:8d:
                    d9:d9:29:a6:86:fa:73:e5:94:f2:42:aa:0d:f6:8c:
                    f5:f5:9e:4f:27:7f:23:6b:20:09:ee:b9:68:ba:d3:
                    c5:11:73:2d:90:d9:72:80:60:de:d6:71:e5:3f:e5:
                    5d:79:93:84:76:57:a4:a7:d6:28:48:5d:5c:da:28:
                    1f:19:5f:20:b9:be:f3:aa:2e:09:7e:d1:a5:df:15:
                    0d:95:c8:d0:57:a4:10:6a:90:ee:ce:af:75:e7:dc:
                    b8:58:03:45:84:18:23:45:26:90:87:16:21:b2:26:
                    55:03:f4:f5:d4:bd:f1:27:f4:8e:5f:17:4a:97:11:
                    59:ba:f8:93:09:ae:b2:4a:68:c3:1c:cb:88:bf:62:
                    2b:42:49:87:c8:8b:52:13:7f:f0:f5:8d:fd:a5:5c:
                    24:11:ab:c5:ae:1c:83:70:b2:ad:ea:b9:15:83:fe:
                    4e:b8:ea:11:e4:5d:47:db:06:74:c0:d1:29:73:d9:
                    6d:31:39:61:08:8c:da:a5:33:3f:67:e1:3f:ed:3a:
                    1b:3a:6f:dd:a1:49:d6:27:b8:1e:d6:3e:ad:43:f0:
                    5e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:06:D2:31:24:5A:B4:0A:FF:D3:02:68:B5:82:3A:10:9F:37:9D:F6
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS9232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:84:82:bd:a9:5c:20:ea:a9:1d:51:1d:1d:d3:45:fa:d8:66:
         84:ee:98:8c:35:83:f6:6c:b5:5e:ee:85:42:d8:cd:ff:fa:a9:
         19:9e:5c:c1:f5:7e:98:81:7b:eb:b9:8e:53:e9:4b:44:49:60:
         60:d8:6f:d9:9f:36:44:a4:7a:3f:fc:5f:1f:bc:25:9c:5d:4f:
         8b:d1:f5:d8:95:f9:05:01:2d:c4:dc:a9:78:4d:c7:2c:00:2d:
         0d:f0:3e:bf:5c:e2:1c:aa:8b:41:77:02:86:34:c9:b4:df:db:
         74:77:09:cc:5e:74:30:01:75:82:2a:1a:a5:6a:4b:0a:5b:01:
         9c:5d:6d:ad:f3:8e:8d:2a:a5:e9:bd:4d:08:31:79:e7:e0:b2:
         3f:e4:de:75:40:e0:a6:f4:7c:7f:86:dc:e8:70:1f:c9:e3:c0:
         3c:5d:17:01:08:99:08:1e:ed:70:40:59:a5:c1:44:bb:29:23:
         5d:4c:21:13:29:1f:78:35:4a:76:00:58:40:61:11:f3:9f:e7:
         05:fa:90:0d:32:e9:51:75:03:2e:be:20:5b:17:7c:c3:41:c1:
         b8:e0:cb:3b:76:5b:31:2d:8b:38:08:75:9b:3e:d8:27:da:84:
         4e:82:c4:f2:12:10:57:dc:e4:22:67:fb:1a:ed:96:7e:8c:63:
         00:6c:e9:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUXUx7WiKp6bTMdFrZPXeDhjZMFbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTBaFw0yNjA2MDQxNzM5NTBaMDMxMTAvBgNV
BAMTKEM0MDZEMjMxMjQ1QUI0MEFGRkQzMDI2OEI1ODIzQTEwOUYzNzlERjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLP7uXY6RxxHSt7q6lkpgCQGP4
Gxed/gtYBSn8LESAteBHWfQgEf2BGGZ9jdnZKaaG+nPllPJCqg32jPX1nk8nfyNr
IAnuuWi608URcy2Q2XKAYN7WceU/5V15k4R2V6Sn1ihIXVzaKB8ZXyC5vvOqLgl+
0aXfFQ2VyNBXpBBqkO7Or3Xn3LhYA0WEGCNFJpCHFiGyJlUD9PXUvfEn9I5fF0qX
EVm6+JMJrrJKaMMcy4i/YitCSYfIi1ITf/D1jf2lXCQRq8WuHINwsq3quRWD/k64
6hHkXUfbBnTA0Slz2W0xOWEIjNqlMz9n4T/tOhs6b92hSdYnuB7WPq1D8F6JAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUxAbSMSRatAr/0wJotYI6EJ83nfYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTOTIzMi5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UBDAN
BgkqhkiG9w0BAQsFAAOCAQEAcYSCvalcIOqpHVEdHdNF+thmhO6YjDWD9my1Xu6F
QtjN//qpGZ5cwfV+mIF767mOU+lLRElgYNhv2Z82RKR6P/xfH7wlnF1Pi9H12JX5
BQEtxNypeE3HLAAtDfA+v1ziHKqLQXcChjTJtN/bdHcJzF50MAF1gioapWpLClsB
nF1trfOOjSql6b1NCDF55+CyP+TedUDgpvR8f4bc6HAfyePAPF0XAQiZCB7tcEBZ
pcFEuykjXUwhEykfeDVKdgBYQGER85/nBfqQDTLpUXUDLr4gWxd8w0HBuODLO3Zb
MS2LOAh1mz7YJ9qEToLE8hIQV9zkImf7Gu2WfoxjAGzpWA==
-----END CERTIFICATE-----