Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          0qY64hAAPtci8PIGr2cSAu26tw1GiDzGaf6QKkE1UfQ=
Subject key identifier:   6C:20:FF:BF:6A:5B:D1:E1:F9:2C:20:10:E7:E4:1A:7B:83:38:2C:25
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       202741770AE887F131D631EEFC37821D032C8D0E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
Signing time:             Mon 03 Nov 2025 09:51:59 +0000
ROA not before:           Mon 03 Nov 2025 09:46:59 +0000
ROA not after:            Mon 02 Nov 2026 09:51:59 +0000
asID:                     135402
IP address blocks:        143.20.88.0/24 maxlen: 24
                          143.20.96.0/24 maxlen: 24
                          143.20.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:27:41:77:0a:e8:87:f1:31:d6:31:ee:fc:37:82:1d:03:2c:8d:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Nov  3 09:46:59 2025 GMT
            Not After : Nov  2 09:51:59 2026 GMT
        Subject: CN=6C20FFBF6A5BD1E1F92C2010E7E41A7B83382C25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:59:22:b0:14:17:78:19:bd:aa:e8:a9:5e:54:
                    08:8f:59:2c:2d:95:fb:fc:ec:2a:11:ff:69:ab:e8:
                    db:ed:29:78:b9:9a:a9:55:7c:a2:37:28:e2:5d:56:
                    93:12:36:75:2e:1a:dc:6d:fa:d6:68:49:89:ce:7c:
                    d2:3d:70:fa:26:af:2f:2a:e5:05:a4:78:6f:25:9e:
                    91:89:72:20:f9:0b:8b:2e:8c:c7:9f:ed:94:60:44:
                    f8:c6:bd:21:e6:1b:81:01:99:7f:de:a4:fb:e1:41:
                    74:f5:b5:89:4c:35:be:ad:61:eb:5f:0d:0e:e2:b3:
                    19:bb:e3:78:fc:00:bd:a8:dd:4f:e0:e7:04:c4:ad:
                    dd:e3:ad:dd:ff:2a:59:6f:ca:4a:17:14:71:f2:dd:
                    2d:4f:71:17:85:0b:a6:31:17:d4:47:71:3c:42:66:
                    7d:b8:b4:41:e4:75:54:be:aa:c6:c0:94:3d:81:da:
                    65:f5:79:5e:59:a2:b7:23:7b:c2:39:33:1b:07:39:
                    24:e6:b3:fd:88:77:04:c2:5f:8d:68:86:9d:25:e2:
                    e6:5a:4f:7c:32:5f:62:f6:45:6e:fb:60:b4:3d:60:
                    3b:60:14:79:ab:c7:fe:3d:9a:4b:29:21:f3:64:bf:
                    b9:ec:61:81:a3:e1:b4:f0:c6:c4:3f:0b:2e:bd:1a:
                    ff:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:20:FF:BF:6A:5B:D1:E1:F9:2C:20:10:E7:E4:1A:7B:83:38:2C:25
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.88.0/24
                  143.20.96.0/24
                  143.20.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:03:ef:19:1b:89:8d:a2:b3:8b:10:b1:55:e4:0e:dc:8a:36:
         8a:d2:20:90:05:76:69:c3:a2:fb:70:ca:92:15:38:07:e7:a8:
         b9:99:36:aa:09:35:a5:7d:53:e3:f2:14:97:b3:d0:38:89:6f:
         39:ae:cc:13:28:dc:41:b6:11:91:61:22:c0:31:06:df:84:7e:
         ca:82:1d:11:8e:b7:08:e0:57:ff:ea:87:e6:f5:c8:e5:68:75:
         90:5f:f1:d1:f7:c6:50:33:05:0f:04:4d:f6:35:40:77:94:58:
         7c:ce:c3:fc:5b:be:5d:75:39:d0:2b:82:b6:88:66:75:ac:55:
         8a:03:e4:67:1d:ca:05:20:b4:c4:30:35:35:f0:b2:1d:f2:5b:
         cf:d1:52:1d:62:52:bb:c5:fb:4e:8a:85:e6:3d:b8:ef:20:07:
         22:20:11:c3:7a:23:21:33:6d:31:37:40:2c:11:ae:45:02:6c:
         5a:b7:74:fd:7e:73:1a:97:54:7c:47:40:33:cc:05:2d:d0:18:
         b0:53:9d:e6:23:7c:51:3c:db:5f:50:88:54:ce:d8:0f:23:c6:
         e0:fc:21:30:95:49:f6:bb:54:11:e4:91:84:d0:be:a8:8c:23:
         d4:7a:10:59:54:bb:9b:ac:09:78:cc:a5:08:25:35:6b:dc:f6:
         77:af:44:7b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUICdBdwroh/Ex1jHu/DeCHQMsjQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMDMwOTQ2NTlaFw0yNjExMDIwOTUxNTlaMDMxMTAvBgNV
BAMTKDZDMjBGRkJGNkE1QkQxRTFGOTJDMjAxMEU3RTQxQTdCODMzODJDMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOWSKwFBd4Gb2q6KleVAiPWSwt
lfv87CoR/2mr6NvtKXi5mqlVfKI3KOJdVpMSNnUuGtxt+tZoSYnOfNI9cPomry8q
5QWkeG8lnpGJciD5C4sujMef7ZRgRPjGvSHmG4EBmX/epPvhQXT1tYlMNb6tYetf
DQ7isxm743j8AL2o3U/g5wTErd3jrd3/KllvykoXFHHy3S1PcReFC6YxF9RHcTxC
Zn24tEHkdVS+qsbAlD2B2mX1eV5Zorcje8I5MxsHOSTms/2IdwTCX41ohp0l4uZa
T3wyX2L2RW77YLQ9YDtgFHmrx/49mkspIfNkv7nsYYGj4bTwxsQ/Cy69Gv93AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUbCD/v2pb0eH5LCAQ5+Qae4M4LCUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxRY
AwQAjxRgAwQAjxTUMA0GCSqGSIb3DQEBCwUAA4IBAQC5A+8ZG4mNorOLELFV5A7c
ijaK0iCQBXZpw6L7cMqSFTgH56i5mTaqCTWlfVPj8hSXs9A4iW85rswTKNxBthGR
YSLAMQbfhH7Kgh0RjrcI4Ff/6ofm9cjlaHWQX/HR98ZQMwUPBE32NUB3lFh8zsP8
W75ddTnQK4K2iGZ1rFWKA+RnHcoFILTEMDU18LId8lvP0VIdYlK7xftOioXmPbjv
IAciIBHDeiMhM20xN0AsEa5FAmxat3T9fnMal1R8R0AzzAUt0BiwU53mI3xRPNtf
UIhUztgPI8bg/CEwlUn2u1QR5JGE0L6ojCPUehBZVLubrAl4zKUIJTVr3PZ3r0R7
-----END CERTIFICATE-----