Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS138156.roa
File:                     AS138156.roa (raw, json)
Hash identifier:          3R4hZDnGWJXyprOp/Z6ynsmD2TtsWg164rV3wYgvcEU=
Subject key identifier:   53:62:06:C2:E3:70:65:05:E3:07:63:F5:B0:6C:9E:82:05:B3:5F:A4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3A319FF389EE416F87C8B1617AF1ABA0DA0860D6
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS138156.roa
Signing time:             Wed 29 Oct 2025 18:05:24 +0000
ROA not before:           Wed 29 Oct 2025 18:00:24 +0000
ROA not after:            Wed 28 Oct 2026 18:05:24 +0000
asID:                     138156
IP address blocks:        143.20.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:48:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:31:9f:f3:89:ee:41:6f:87:c8:b1:61:7a:f1:ab:a0:da:08:60:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 29 18:00:24 2025 GMT
            Not After : Oct 28 18:05:24 2026 GMT
        Subject: CN=536206C2E3706505E30763F5B06C9E8205B35FA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c8:6c:7c:75:96:15:a4:80:2d:21:78:87:fb:
                    49:63:77:4d:a7:0e:cc:80:5a:9d:0c:f1:92:92:9f:
                    a6:24:35:3f:42:e3:69:75:a7:e7:ec:a1:4a:a9:bd:
                    cd:75:82:ac:b2:5b:42:c0:08:db:72:38:05:14:bb:
                    df:97:55:f0:f4:68:64:19:97:a6:a8:01:ad:37:4e:
                    39:ed:bf:73:50:05:2c:23:c9:0c:b4:2c:12:34:f1:
                    89:0f:e1:d9:d6:bb:90:9b:8b:30:19:5f:73:d3:b5:
                    bb:9e:6f:2c:d6:c9:93:43:ad:e6:86:14:32:21:44:
                    bc:30:f2:8e:23:02:58:b8:5c:7b:af:ac:ed:28:14:
                    69:b4:ff:f3:a6:93:9d:38:e3:c2:61:f1:88:62:bd:
                    f4:43:23:ea:02:af:a4:2b:e1:3a:70:7d:43:3e:91:
                    7a:cb:a4:63:55:3d:5a:37:42:cb:bc:cc:28:fc:0e:
                    8b:e6:f0:ed:25:05:fa:cf:99:e6:4d:06:95:a6:89:
                    e1:50:4c:11:69:67:ed:48:f7:87:90:6d:03:dc:b7:
                    4a:7c:7e:ab:17:a1:db:fe:9e:ad:a8:fe:89:35:c8:
                    d0:2a:0c:8d:16:e8:08:c4:ef:9b:92:3f:8a:c7:96:
                    07:b1:53:14:c9:18:32:a4:69:3e:0b:6a:9d:55:ad:
                    02:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:62:06:C2:E3:70:65:05:E3:07:63:F5:B0:6C:9E:82:05:B3:5F:A4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS138156.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:8b:43:eb:1e:49:b1:03:13:4e:f9:31:dc:32:17:93:0e:27:
         18:b8:22:12:d3:7d:d3:81:37:72:80:5d:dc:34:f7:7d:3a:a9:
         16:45:14:3a:d3:89:e4:27:4b:91:0b:66:3c:ed:7f:2c:a4:16:
         a2:7d:9d:89:f7:2a:92:21:a0:bf:d0:2e:ba:b6:76:9b:e8:f9:
         03:bf:68:0b:80:16:ff:a9:64:38:2a:5f:45:8d:a0:dd:5e:df:
         05:d9:bc:f7:89:b8:2d:7c:a8:d2:a7:e2:4c:0f:3a:9c:57:3d:
         29:3a:f4:61:e8:9e:5a:38:d6:e1:58:52:f8:75:c1:eb:3f:79:
         30:c3:9c:da:03:76:96:dc:fb:82:1c:86:cd:d0:63:9e:51:b5:
         2c:0b:df:ed:45:65:4c:a5:bd:4c:3a:b1:89:4b:6e:4c:8a:3e:
         b0:70:5b:22:3b:8a:52:a7:4d:e1:b7:89:e1:75:e2:8e:0c:69:
         f6:ef:eb:2c:6d:50:ed:d7:2d:f3:13:95:f1:47:c3:71:d1:f6:
         c0:74:57:5c:3e:f6:ba:16:46:ba:31:a8:35:cb:5c:c6:db:d9:
         a6:d2:cd:a0:34:69:93:1a:a6:d9:cc:d9:19:6e:ea:ef:5f:28:
         4e:90:cd:36:a6:0f:98:67:01:51:2d:d4:2c:b3:7e:4a:dd:3c:
         52:f7:fe:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOjGf84nuQW+HyLFhevGroNoIYNYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjkxODAwMjRaFw0yNjEwMjgxODA1MjRaMDMxMTAvBgNV
BAMTKDUzNjIwNkMyRTM3MDY1MDVFMzA3NjNGNUIwNkM5RTgyMDVCMzVGQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4yGx8dZYVpIAtIXiH+0ljd02n
DsyAWp0M8ZKSn6YkNT9C42l1p+fsoUqpvc11gqyyW0LACNtyOAUUu9+XVfD0aGQZ
l6aoAa03Tjntv3NQBSwjyQy0LBI08YkP4dnWu5CbizAZX3PTtbuebyzWyZNDreaG
FDIhRLww8o4jAli4XHuvrO0oFGm0//Omk50448Jh8YhivfRDI+oCr6Qr4TpwfUM+
kXrLpGNVPVo3Qsu8zCj8Dovm8O0lBfrPmeZNBpWmieFQTBFpZ+1I94eQbQPct0p8
fqsXodv+nq2o/ok1yNAqDI0W6AjE75uSP4rHlgexUxTJGDKkaT4Lap1VrQKbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUU2IGwuNwZQXjB2P1sGyeggWzX6QwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM4MTU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQJ
MA0GCSqGSIb3DQEBCwUAA4IBAQDEi0PrHkmxAxNO+THcMheTDicYuCIS033TgTdy
gF3cNPd9OqkWRRQ604nkJ0uRC2Y87X8spBaifZ2J9yqSIaC/0C66tnab6PkDv2gL
gBb/qWQ4Kl9FjaDdXt8F2bz3ibgtfKjSp+JMDzqcVz0pOvRh6J5aONbhWFL4dcHr
P3kww5zaA3aW3PuCHIbN0GOeUbUsC9/tRWVMpb1MOrGJS25Mij6wcFsiO4pSp03h
t4nhdeKODGn27+ssbVDt1y3zE5XxR8Nx0fbAdFdcPva6Fka6Mag1y1zG29mm0s2g
NGmTGqbZzNkZburvXyhOkM02pg+YZwFRLdQss35K3TxS9/6v
-----END CERTIFICATE-----