Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          yVIx38/DFXutiBfvMF6s7A8C3HTeTs3sbkppbXoAvg0=
Subject key identifier:   58:DD:EE:A8:D6:96:4D:E6:50:67:38:46:15:AB:83:E3:AD:E8:45:C2
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2770419487A9FEB3333BD67ACAFD45334021985D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
Signing time:             Tue 03 Feb 2026 02:28:59 +0000
ROA not before:           Tue 03 Feb 2026 02:23:59 +0000
ROA not after:            Tue 02 Feb 2027 02:28:59 +0000
asID:                     135402
IP address blocks:        143.20.88.0/24 maxlen: 24
                          143.20.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:70:41:94:87:a9:fe:b3:33:3b:d6:7a:ca:fd:45:33:40:21:98:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Feb  3 02:23:59 2026 GMT
            Not After : Feb  2 02:28:59 2027 GMT
        Subject: CN=58DDEEA8D6964DE65067384615AB83E3ADE845C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:bf:26:80:34:94:68:6d:a2:6a:02:ce:5f:14:
                    62:c8:8d:5d:8e:13:8e:05:35:c8:8b:c6:04:fb:e3:
                    5a:44:e1:3a:bb:3c:13:41:f3:73:86:88:d0:35:8c:
                    e7:8e:95:e2:9c:b5:a1:10:2b:98:d6:38:1c:13:76:
                    a4:da:c4:1d:99:90:2d:26:3e:09:75:96:c7:c2:3c:
                    0c:53:99:a6:82:67:b0:7c:99:15:b4:dc:e1:0c:51:
                    f5:d5:56:dc:13:1e:36:73:f6:92:72:c7:95:f4:0c:
                    a0:a1:5f:c2:3d:1c:69:3c:20:50:7c:e5:42:a2:0c:
                    ca:57:99:1b:18:00:7e:3f:19:e0:35:b9:65:14:8c:
                    47:cc:05:b8:86:1c:e8:8f:9b:3f:66:43:f4:a4:91:
                    6f:da:b4:12:49:05:17:99:a2:b4:8a:59:09:e5:a2:
                    27:e5:24:cd:2e:5d:53:4b:fc:a1:69:18:fe:db:42:
                    2c:99:75:58:a6:58:76:bb:51:06:94:b5:07:a6:d1:
                    39:90:51:b2:c7:d5:f8:6c:1f:64:2e:dc:69:eb:b2:
                    70:48:f2:c3:d3:c1:e9:0a:34:94:4f:63:bf:1d:42:
                    72:5d:e5:da:be:88:ff:0a:93:70:20:72:1b:ec:12:
                    aa:1f:12:c3:5b:c5:d3:66:4b:8b:5f:a1:52:3d:61:
                    2c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:DD:EE:A8:D6:96:4D:E6:50:67:38:46:15:AB:83:E3:AD:E8:45:C2
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.88.0/24
                  143.20.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d0:f9:58:ee:1d:56:08:fe:35:6e:1e:5b:cf:b6:90:d6:8e:
         9f:ef:b3:90:9c:51:3d:cc:f2:27:80:e6:67:dc:29:3c:46:03:
         6d:6b:19:f1:65:64:94:7c:70:d3:ba:97:32:9e:77:9c:89:82:
         f8:91:d1:27:d8:f0:26:84:8c:8c:f1:14:2f:01:48:ec:0d:39:
         39:9c:08:23:7d:a1:f0:44:d7:ff:c8:71:37:c3:96:b4:bf:e5:
         ca:8a:d2:d1:9a:13:91:e4:24:75:e5:82:cd:a9:e7:90:6f:0e:
         4e:6b:89:7e:c5:fd:c3:27:3e:3e:46:ff:bd:c6:9a:4d:a7:6e:
         0a:d1:b5:fc:13:08:ea:c7:84:b8:f1:fd:3c:5a:cc:d3:fb:f4:
         3e:4a:7b:8a:9a:3c:4e:fd:d4:80:19:48:ff:10:49:98:1a:9e:
         42:13:20:86:44:a7:01:10:25:03:0f:c4:7a:b1:0e:33:47:ac:
         58:cb:7f:c8:9b:70:20:a2:e1:91:83:bb:f8:ad:db:42:ff:cc:
         ee:6f:6e:85:03:39:fe:be:e2:ba:19:73:49:27:e8:ee:01:e8:
         b4:b4:c8:82:f0:4b:4b:60:a4:c4:1a:2f:f1:5d:58:4d:d5:aa:
         13:2e:01:39:d1:92:0a:f1:0d:53:0e:7a:d9:84:72:3b:13:36:
         1f:74:f7:a1
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUJ3BBlIep/rMzO9Z6yv1FM0AhmF0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAyMDMwMjIzNTlaFw0yNzAyMDIwMjI4NTlaMDMxMTAvBgNV
BAMTKDU4RERFRUE4RDY5NjRERTY1MDY3Mzg0NjE1QUI4M0UzQURFODQ1QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpvyaANJRobaJqAs5fFGLIjV2O
E44FNciLxgT741pE4Tq7PBNB83OGiNA1jOeOleKctaEQK5jWOBwTdqTaxB2ZkC0m
Pgl1lsfCPAxTmaaCZ7B8mRW03OEMUfXVVtwTHjZz9pJyx5X0DKChX8I9HGk8IFB8
5UKiDMpXmRsYAH4/GeA1uWUUjEfMBbiGHOiPmz9mQ/SkkW/atBJJBReZorSKWQnl
oiflJM0uXVNL/KFpGP7bQiyZdVimWHa7UQaUtQem0TmQUbLH1fhsH2Qu3GnrsnBI
8sPTwekKNJRPY78dQnJd5dq+iP8Kk3AgchvsEqofEsNbxdNmS4tfoVI9YSwbAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUWN3uqNaWTeZQZzhGFauD463oRcIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRY
AwQAjxRgMA0GCSqGSIb3DQEBCwUAA4IBAQAw0PlY7h1WCP41bh5bz7aQ1o6f77OQ
nFE9zPIngOZn3Ck8RgNtaxnxZWSUfHDTupcynneciYL4kdEn2PAmhIyM8RQvAUjs
DTk5nAgjfaHwRNf/yHE3w5a0v+XKitLRmhOR5CR15YLNqeeQbw5Oa4l+xf3DJz4+
Rv+9xppNp24K0bX8Ewjqx4S48f08WszT+/Q+SnuKmjxO/dSAGUj/EEmYGp5CEyCG
RKcBECUDD8R6sQ4zR6xYy3/Im3AgouGRg7v4rdtC/8zub26FAzn+vuK6GXNJJ+ju
Aei0tMiC8EtLYKTEGi/xXVhN1aoTLgE50ZIK8Q1TDnrZhHI7EzYfdPeh
-----END CERTIFICATE-----