Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          7G1wxQ7Pe9XcVtu6eCbLSe2xjPxuCjdVQ8o+F+kyoNc=
Subject key identifier:   E0:4E:E8:3D:51:69:97:0A:CD:2C:A7:3F:27:72:41:B9:36:3F:EC:F5
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4BAFF833087D552574A282838825B376017980D9
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
Signing time:             Mon 28 Jul 2025 00:01:57 +0000
ROA not before:           Sun 27 Jul 2025 23:56:57 +0000
ROA not after:            Mon 27 Jul 2026 00:01:57 +0000
asID:                     137235
IP address blocks:        143.20.89.0/24 maxlen: 24
                          143.20.98.0/24 maxlen: 24
                          143.20.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:af:f8:33:08:7d:55:25:74:a2:82:83:88:25:b3:76:01:79:80:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 27 23:56:57 2025 GMT
            Not After : Jul 27 00:01:57 2026 GMT
        Subject: CN=E04EE83D5169970ACD2CA73F277241B9363FECF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d6:26:c3:81:27:47:10:6f:d7:4e:87:4d:0b:
                    a0:d3:48:5c:8d:6f:8b:ff:62:ec:3e:fa:19:97:5a:
                    0a:43:33:84:54:3a:9d:d4:70:68:40:53:e1:4e:6f:
                    23:3a:f1:c1:3c:72:9d:c9:ec:b5:e1:ed:15:6c:f8:
                    9b:6f:58:a6:1b:6f:be:9c:14:ed:45:75:b4:a8:3a:
                    eb:9d:68:ba:31:15:6c:de:48:16:62:8a:f4:fa:85:
                    a7:bc:89:c5:93:98:c2:a4:4b:7a:ea:9e:05:0a:85:
                    44:27:b6:36:5d:77:c9:14:10:88:44:06:af:b2:30:
                    7b:44:76:bd:d6:0a:4e:57:06:96:5f:7b:ae:f7:df:
                    c1:22:84:cc:32:bc:94:44:b7:68:4f:cc:97:6d:ee:
                    34:09:a1:d8:8a:6b:29:40:ba:b6:44:7f:6d:52:68:
                    d5:bb:e5:b6:e3:f2:11:43:58:12:a2:83:ea:2f:48:
                    9b:50:76:15:02:04:e8:e9:c4:e8:db:7f:02:08:49:
                    65:3c:a7:cb:6b:72:b2:90:e6:3d:ec:24:5f:ff:d5:
                    51:09:88:00:d6:42:c0:5b:6f:d1:5d:f3:a1:d5:d1:
                    a6:d9:58:a4:7d:36:5d:d5:9d:ab:e7:6e:d3:7e:8b:
                    27:36:ae:6d:76:95:33:22:0a:1b:34:99:10:f7:02:
                    26:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:4E:E8:3D:51:69:97:0A:CD:2C:A7:3F:27:72:41:B9:36:3F:EC:F5
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.89.0/24
                  143.20.98.0/24
                  143.20.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:05:ba:50:19:1d:1b:84:86:da:5f:b5:58:1e:77:21:fd:c9:
         80:91:d7:df:08:51:47:9e:d6:04:86:2c:fc:a2:02:ce:2b:9a:
         c8:6b:17:84:5e:fa:6d:e8:03:19:e5:8c:df:0a:ea:77:35:a4:
         46:1f:ae:20:ba:bc:87:0e:7f:5e:a0:4c:96:40:31:f6:f9:ec:
         ac:11:6b:49:85:20:c0:c9:c3:d6:39:44:75:04:fe:08:96:86:
         59:22:d0:71:51:17:1d:52:61:8b:7c:4f:c3:00:39:2a:06:09:
         f9:a2:3a:86:0b:32:32:9a:98:35:65:89:d9:c1:b0:ce:32:e3:
         5b:02:31:e1:e6:c8:18:93:07:7a:a9:8e:97:3e:b8:d6:36:af:
         d7:b9:2b:0a:a4:98:2a:71:eb:17:11:b9:76:1a:3e:59:71:6a:
         83:04:3e:cc:fa:44:08:c8:d7:22:50:25:ba:d0:36:35:4b:f0:
         c3:b7:a0:87:98:87:75:78:51:bb:15:a4:97:9d:32:c3:60:d8:
         6a:cc:20:f2:48:92:ee:38:72:d2:62:3b:12:0f:fc:1c:f0:26:
         fd:ce:12:36:c1:7f:9f:3d:87:21:0c:fd:78:0d:cb:9f:6d:49:
         e9:87:fd:51:95:3f:6b:c6:18:2c:8c:f3:76:e5:4c:bb:07:3d:
         46:fd:a8:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUS6/4Mwh9VSV0ooKDiCWzdgF5gNkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjcyMzU2NTdaFw0yNjA3MjcwMDAxNTdaMDMxMTAvBgNV
BAMTKEUwNEVFODNENTE2OTk3MEFDRDJDQTczRjI3NzI0MUI5MzYzRkVDRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm1ibDgSdHEG/XTodNC6DTSFyN
b4v/Yuw++hmXWgpDM4RUOp3UcGhAU+FObyM68cE8cp3J7LXh7RVs+JtvWKYbb76c
FO1FdbSoOuudaLoxFWzeSBZiivT6hae8icWTmMKkS3rqngUKhUQntjZdd8kUEIhE
Bq+yMHtEdr3WCk5XBpZfe67338EihMwyvJREt2hPzJdt7jQJodiKaylAurZEf21S
aNW75bbj8hFDWBKig+ovSJtQdhUCBOjpxOjbfwIISWU8p8trcrKQ5j3sJF//1VEJ
iADWQsBbb9Fd86HV0abZWKR9Nl3VnavnbtN+iyc2rm12lTMiChs0mRD3AiYRAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU4E7oPVFplwrNLKc/J3JBuTY/7PUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxRZ
AwQAjxRiAwQAjxTNMA0GCSqGSIb3DQEBCwUAA4IBAQAzBbpQGR0bhIbaX7VYHnch
/cmAkdffCFFHntYEhiz8ogLOK5rIaxeEXvpt6AMZ5YzfCup3NaRGH64guryHDn9e
oEyWQDH2+eysEWtJhSDAycPWOUR1BP4IloZZItBxURcdUmGLfE/DADkqBgn5ojqG
CzIympg1ZYnZwbDOMuNbAjHh5sgYkwd6qY6XPrjWNq/XuSsKpJgqcesXEbl2Gj5Z
cWqDBD7M+kQIyNciUCW60DY1S/DDt6CHmId1eFG7FaSXnTLDYNhqzCDySJLuOHLS
YjsSD/wc8Cb9zhI2wX+fPYchDP14DcufbUnph/1RlT9rxhgsjPN25Uy7Bz1G/agp
-----END CERTIFICATE-----