Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          0PzLCb9XE5W+n0bFvK949QGvHzB+1x6cGVN9W0Kegj0=
Subject key identifier:   58:8A:7B:1C:F3:FB:9F:1E:FF:06:F2:56:9D:99:54:D4:80:1C:91:E4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7195A403470CE6AD31980C9B05E8AE16F52BD606
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135391.roa
Signing time:             Mon 28 Jul 2025 04:27:22 +0000
ROA not before:           Mon 28 Jul 2025 04:22:22 +0000
ROA not after:            Mon 27 Jul 2026 04:27:22 +0000
asID:                     135391
IP address blocks:        143.20.39.0/24 maxlen: 24
                          143.20.86.0/24 maxlen: 24
                          143.20.87.0/24 maxlen: 24
                          143.20.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:95:a4:03:47:0c:e6:ad:31:98:0c:9b:05:e8:ae:16:f5:2b:d6:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 28 04:22:22 2025 GMT
            Not After : Jul 27 04:27:22 2026 GMT
        Subject: CN=588A7B1CF3FB9F1EFF06F2569D9954D4801C91E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a7:c0:e5:46:63:3b:9e:48:39:2d:7b:e8:5f:
                    eb:b7:2d:79:83:29:76:84:fe:ba:0d:69:93:58:66:
                    75:a0:87:17:0d:38:56:c6:c6:eb:c2:05:d2:dc:9c:
                    93:95:6b:11:d8:ee:55:a6:09:32:de:01:ee:e4:ca:
                    b3:a7:b1:e6:be:2c:11:c2:bc:77:8d:7a:1a:5b:a1:
                    1c:27:27:30:ac:a3:19:bf:01:8f:87:0e:fa:17:de:
                    02:69:9d:d3:b7:be:9d:cd:25:f1:ce:eb:34:fb:a6:
                    ea:79:e5:52:1b:37:0c:d2:e5:f9:60:65:fd:5b:f8:
                    30:52:e4:d8:be:65:58:2c:b2:72:4d:68:0f:94:51:
                    34:0b:d6:b0:f1:38:2b:a4:e0:5a:49:f9:28:64:f4:
                    cf:aa:38:b0:0c:9c:a7:7d:ba:15:09:2c:dd:b8:b1:
                    0f:bf:b4:bd:47:31:dd:90:a7:56:58:95:5c:9e:8f:
                    39:e3:69:c4:76:bb:0a:a5:c1:ea:80:32:ff:da:7e:
                    fb:0b:fb:ed:99:56:1b:c9:16:53:b6:50:05:61:27:
                    72:ab:66:44:7f:41:7b:06:07:14:aa:4c:e0:a9:29:
                    a8:70:23:e8:45:d5:9a:af:76:d8:c6:69:ea:af:00:
                    ba:09:30:87:8e:65:ce:25:60:93:29:9d:80:71:52:
                    d3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:8A:7B:1C:F3:FB:9F:1E:FF:06:F2:56:9D:99:54:D4:80:1C:91:E4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.39.0/24
                  143.20.86.0/23
                  143.20.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:7d:3d:4d:bc:f4:26:90:4b:24:a1:f2:42:7b:f3:21:c3:1b:
         a6:c6:4b:5d:9c:78:9e:93:3f:c4:24:e7:c7:56:ce:77:22:12:
         ad:8c:3b:f3:f0:d1:34:7f:1f:c0:18:1b:9d:a6:17:12:c8:24:
         18:9d:aa:b5:19:50:39:9e:53:9d:d7:65:f4:6a:6c:8c:a4:64:
         a3:60:54:67:a7:a9:1d:6d:f4:96:91:12:f2:75:1a:72:1a:a4:
         00:5d:c8:96:70:88:ec:e0:f4:a0:82:2a:95:ec:b0:85:85:34:
         09:0d:7d:c1:3f:d0:24:c7:45:f8:6b:d8:80:76:4b:41:92:9e:
         76:df:50:21:d3:3b:f1:97:50:11:54:94:16:68:bf:3d:5a:a4:
         41:64:f3:ad:91:0e:e7:68:f7:c4:b2:1a:74:3d:d0:ad:47:44:
         b0:82:20:df:68:f2:d1:5b:d2:42:93:5b:86:99:0e:4a:73:0b:
         d5:6f:30:9e:83:d8:31:47:ac:a2:1b:ee:fe:d4:f2:2e:8c:e0:
         bb:7e:f2:3d:58:9f:54:7c:da:a0:6d:5d:2b:7a:6e:24:1b:d8:
         fa:a6:f6:03:2d:71:48:9f:6d:ed:db:41:3b:ac:9d:1b:6c:de:
         9c:79:8b:a1:cf:3f:0b:18:f1:6d:64:14:df:02:4d:b9:35:7b:
         6d:ba:5d:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUcZWkA0cM5q0xmAybBeiuFvUr1gYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjgwNDIyMjJaFw0yNjA3MjcwNDI3MjJaMDMxMTAvBgNV
BAMTKDU4OEE3QjFDRjNGQjlGMUVGRjA2RjI1NjlEOTk1NEQ0ODAxQzkxRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWp8DlRmM7nkg5LXvoX+u3LXmD
KXaE/roNaZNYZnWghxcNOFbGxuvCBdLcnJOVaxHY7lWmCTLeAe7kyrOnsea+LBHC
vHeNehpboRwnJzCsoxm/AY+HDvoX3gJpndO3vp3NJfHO6zT7pup55VIbNwzS5flg
Zf1b+DBS5Ni+ZVgssnJNaA+UUTQL1rDxOCuk4FpJ+Shk9M+qOLAMnKd9uhUJLN24
sQ+/tL1HMd2Qp1ZYlVyejznjacR2uwqlweqAMv/afvsL++2ZVhvJFlO2UAVhJ3Kr
ZkR/QXsGBxSqTOCpKahwI+hF1ZqvdtjGaeqvALoJMIeOZc4lYJMpnYBxUtOHAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUWIp7HPP7nx7/BvJWnZlU1IAckeQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxQn
AwQBjxRWAwQAjxR7MA0GCSqGSIb3DQEBCwUAA4IBAQBOfT1NvPQmkEskofJCe/Mh
wxumxktdnHiekz/EJOfHVs53IhKtjDvz8NE0fx/AGBudphcSyCQYnaq1GVA5nlOd
12X0amyMpGSjYFRnp6kdbfSWkRLydRpyGqQAXciWcIjs4PSggiqV7LCFhTQJDX3B
P9Akx0X4a9iAdktBkp5231Ah0zvxl1ARVJQWaL89WqRBZPOtkQ7naPfEshp0PdCt
R0SwgiDfaPLRW9JCk1uGmQ5KcwvVbzCeg9gxR6yiG+7+1PIujOC7fvI9WJ9UfNqg
bV0rem4kG9j6pvYDLXFIn23t20E7rJ0bbN6ceYuhzz8LGPFtZBTfAk25NXttul03
-----END CERTIFICATE-----