Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137962.roa
File:                     AS137962.roa (raw, json)
Hash identifier:          co3474SRyEBqtMUbWay2+JytkoM1Dv1hkwRki1Cu9SQ=
Subject key identifier:   6F:AD:B2:21:F2:BE:EE:51:CD:8E:BF:41:AC:CE:15:4C:31:BC:7B:61
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4381FD0079305C66AA6A64EF06802E4A0B1B0F5B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137962.roa
Signing time:             Wed 29 Oct 2025 02:53:16 +0000
ROA not before:           Wed 29 Oct 2025 02:48:16 +0000
ROA not after:            Wed 28 Oct 2026 02:53:16 +0000
asID:                     137962
IP address blocks:        143.20.55.0/24 maxlen: 24
                          143.20.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:81:fd:00:79:30:5c:66:aa:6a:64:ef:06:80:2e:4a:0b:1b:0f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 29 02:48:16 2025 GMT
            Not After : Oct 28 02:53:16 2026 GMT
        Subject: CN=6FADB221F2BEEE51CD8EBF41ACCE154C31BC7B61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c1:52:c3:31:67:7b:40:6d:2a:7b:da:7b:32:
                    05:d2:e4:09:a8:a9:47:a5:52:7f:da:e2:f2:25:0c:
                    d5:01:5d:21:36:e3:3b:68:07:b1:fa:34:3d:06:02:
                    3d:01:18:0d:bc:6c:d3:d3:89:2f:a6:11:2c:68:e4:
                    10:ef:8c:5e:fb:05:82:d6:db:24:39:e5:4b:48:b7:
                    b0:d1:c3:c4:89:e6:ff:fc:1c:b4:c2:77:b9:5d:53:
                    ab:a6:9c:a1:52:f3:80:00:31:8b:3d:51:4a:bd:e9:
                    b5:ae:3d:3e:d5:21:8f:79:eb:cd:0d:36:06:8d:f5:
                    88:1d:d5:20:b6:d9:cc:35:38:92:f1:f1:1b:9b:35:
                    ae:45:e0:bf:94:bf:f8:70:e0:ac:f3:18:b4:2a:09:
                    23:ac:13:5b:9b:00:c2:eb:1f:b1:3f:cf:74:08:ec:
                    fd:61:e6:83:7b:6d:6f:9b:85:53:98:d6:66:19:0d:
                    64:ae:44:73:4e:ae:a1:11:12:46:1c:bf:36:09:ad:
                    b7:76:56:c7:22:36:46:c7:95:e1:4f:d8:2b:b8:19:
                    66:c9:d1:ab:95:87:e6:22:dc:e0:0d:cd:6b:b0:8c:
                    3d:6d:87:b6:7f:6c:20:5e:37:2a:b2:9e:c8:88:a4:
                    28:b3:d0:0c:d5:e3:19:3f:14:9b:41:f7:53:81:78:
                    64:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:AD:B2:21:F2:BE:EE:51:CD:8E:BF:41:AC:CE:15:4C:31:BC:7B:61
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137962.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.55.0/24
                  143.20.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:b1:7c:50:8f:93:cf:7b:97:3f:c6:1a:cf:bc:2a:bf:18:a8:
         d8:a2:ef:8e:b6:c5:76:fb:20:bc:44:ee:b4:c4:30:d1:4f:07:
         d7:d9:0f:80:f9:9a:a7:81:be:06:95:17:d8:a7:c3:80:1c:2b:
         bf:48:7b:1e:bb:40:81:6b:3a:a0:ce:8c:3c:f9:ff:00:0a:db:
         d9:1b:0b:8f:df:57:15:6a:98:24:0a:c5:71:dd:47:02:57:44:
         ae:cc:be:3d:9e:a3:71:bc:6f:ae:30:47:f7:ab:56:24:03:1f:
         1f:8c:8d:e6:84:6c:6e:fe:a8:d1:e8:61:2a:39:65:3e:e4:33:
         d3:df:ed:80:1b:78:1b:be:fc:1f:a2:d3:df:60:e2:53:ae:9c:
         6b:7f:ed:a1:dc:01:5c:85:15:b0:d9:a2:7b:31:33:5f:99:d3:
         23:ad:13:49:6a:bc:4f:e9:94:c0:81:a6:a8:28:53:31:0e:90:
         9b:7a:02:87:5d:d1:dc:fc:e6:7e:3b:58:57:5e:b5:f5:48:21:
         d0:8b:1f:01:5b:8a:f0:90:61:e3:1b:e1:fb:ce:af:c2:52:db:
         ee:e1:61:9f:c8:cd:83:cb:05:7d:20:0b:f0:a2:d8:41:41:e4:
         61:69:22:1c:29:16:f4:90:85:c6:63:66:20:62:21:eb:6e:81:
         95:3a:80:b9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUQ4H9AHkwXGaqamTvBoAuSgsbD1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjkwMjQ4MTZaFw0yNjEwMjgwMjUzMTZaMDMxMTAvBgNV
BAMTKDZGQURCMjIxRjJCRUVFNTFDRDhFQkY0MUFDQ0UxNTRDMzFCQzdCNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTwVLDMWd7QG0qe9p7MgXS5Amo
qUelUn/a4vIlDNUBXSE24ztoB7H6ND0GAj0BGA28bNPTiS+mESxo5BDvjF77BYLW
2yQ55UtIt7DRw8SJ5v/8HLTCd7ldU6umnKFS84AAMYs9UUq96bWuPT7VIY95680N
NgaN9Ygd1SC22cw1OJLx8RubNa5F4L+Uv/hw4KzzGLQqCSOsE1ubAMLrH7E/z3QI
7P1h5oN7bW+bhVOY1mYZDWSuRHNOrqEREkYcvzYJrbd2VsciNkbHleFP2Cu4GWbJ
0auVh+Yi3OANzWuwjD1th7Z/bCBeNyqynsiIpCiz0AzV4xk/FJtB91OBeGSpAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUb62yIfK+7lHNjr9BrM4VTDG8e2EwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM3OTYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQ3
AwQAjxREMA0GCSqGSIb3DQEBCwUAA4IBAQC4sXxQj5PPe5c/xhrPvCq/GKjYou+O
tsV2+yC8RO60xDDRTwfX2Q+A+Zqngb4GlRfYp8OAHCu/SHseu0CBazqgzow8+f8A
CtvZGwuP31cVapgkCsVx3UcCV0SuzL49nqNxvG+uMEf3q1YkAx8fjI3mhGxu/qjR
6GEqOWU+5DPT3+2AG3gbvvwfotPfYOJTrpxrf+2h3AFchRWw2aJ7MTNfmdMjrRNJ
arxP6ZTAgaaoKFMxDpCbegKHXdHc/OZ+O1hXXrX1SCHQix8BW4rwkGHjG+H7zq/C
Utvu4WGfyM2DywV9IAvwothBQeRhaSIcKRb0kIXGY2YgYiHrboGVOoC5
-----END CERTIFICATE-----