Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          o/PfKQP6n/ZYzwwrd6I8pHU9ioxc8AOGAUqs+SQrbUM=
Subject key identifier:   91:EA:7D:62:7C:6D:31:37:10:03:0E:FF:F6:0B:AD:19:1A:0F:04:1B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       37C7DD80CF745C5C0C9A7A6A9A41717F6F782343
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS138195.roa
Signing time:             Tue 10 Jun 2025 06:52:24 +0000
ROA not before:           Tue 10 Jun 2025 06:47:24 +0000
ROA not after:            Tue 09 Jun 2026 06:52:24 +0000
asID:                     138195
IP address blocks:        143.20.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:c7:dd:80:cf:74:5c:5c:0c:9a:7a:6a:9a:41:71:7f:6f:78:23:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 10 06:47:24 2025 GMT
            Not After : Jun  9 06:52:24 2026 GMT
        Subject: CN=91EA7D627C6D313710030EFFF60BAD191A0F041B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f0:de:6a:fd:6a:cb:1c:1a:6c:d5:73:c1:ba:
                    90:6e:38:2f:ad:db:17:2f:39:33:08:ca:70:7d:89:
                    60:50:6d:10:fa:1b:87:fe:0a:81:e1:75:24:c8:a9:
                    22:a9:2c:eb:9f:91:82:65:c9:11:68:3c:05:15:c1:
                    7c:f2:6a:e2:91:7d:1d:bc:33:c3:31:cd:09:d2:3d:
                    b5:7f:f6:2e:e1:93:fa:41:c2:2f:a3:40:06:68:67:
                    d6:15:ad:e2:4e:f2:11:fd:82:87:2d:c9:a4:ce:50:
                    d7:ea:74:ce:15:2c:b0:f2:42:6f:0e:3e:b9:aa:68:
                    cc:f4:ad:93:dd:e6:a1:ed:c9:9e:ad:fd:16:d3:c3:
                    44:02:8c:cc:a8:b5:ea:21:ad:52:30:fc:73:0d:99:
                    6e:a4:74:09:2e:7a:51:11:2d:93:5f:35:c0:d1:90:
                    5a:46:da:5c:d9:fa:9b:5b:09:69:d6:ad:a3:5b:c7:
                    0b:13:00:86:96:5c:59:c1:b9:21:63:30:9e:07:d4:
                    a6:83:72:91:e9:28:ee:87:13:a2:ce:64:b5:5f:04:
                    4d:28:d7:de:5a:86:1d:d4:91:28:25:ed:0f:cb:29:
                    d9:0e:63:f4:01:2b:89:1a:54:c6:bf:3a:f2:17:d8:
                    c6:51:75:5b:da:77:f9:37:2f:27:fa:73:6f:49:a7:
                    19:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:EA:7D:62:7C:6D:31:37:10:03:0E:FF:F6:0B:AD:19:1A:0F:04:1B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:11:52:4b:3f:54:60:72:f5:fc:f1:a7:af:35:1c:48:0c:d8:
         d7:b4:8a:b8:c2:07:90:b3:8d:81:01:6c:a8:ab:85:17:17:2f:
         ef:2c:3e:90:15:4d:5c:ef:6a:fa:41:78:9e:1b:18:64:7a:ad:
         9f:b4:2b:69:57:d5:cd:de:59:31:84:a0:12:ec:27:6f:ff:d7:
         5e:e5:f5:90:67:38:45:6a:6b:7c:f5:cd:69:00:9f:30:24:b7:
         0a:dc:0d:e5:c3:92:06:0f:e2:d7:94:b5:6f:ea:21:1a:66:13:
         35:a6:e3:c5:d4:e3:36:8a:d8:fc:8a:7e:92:4a:4e:ae:f2:76:
         7a:6c:33:64:51:9d:5a:4c:e7:8a:54:ad:40:0d:0c:49:60:9c:
         47:9e:e7:e9:f9:b8:4f:ee:5a:7d:c6:d6:ba:84:20:2e:57:3e:
         20:64:c6:b4:c8:d4:70:95:68:13:fb:35:de:71:39:c4:fc:7b:
         33:26:ba:84:a5:84:ad:16:7e:2e:d8:2f:70:7d:16:6a:04:2c:
         ef:09:bc:39:e0:f0:d9:23:7c:55:30:67:6e:46:96:84:74:06:
         7c:ec:13:39:f9:57:77:ac:85:c4:67:69:b1:d1:95:2b:b0:cd:
         49:da:82:10:f0:c2:c5:54:55:8d:2f:d7:b8:d3:ab:32:d5:56:
         6b:63:dd:f5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUN8fdgM90XFwMmnpqmkFxf294I0MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTAwNjQ3MjRaFw0yNjA2MDkwNjUyMjRaMDMxMTAvBgNV
BAMTKDkxRUE3RDYyN0M2RDMxMzcxMDAzMEVGRkY2MEJBRDE5MUEwRjA0MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF8N5q/WrLHBps1XPBupBuOC+t
2xcvOTMIynB9iWBQbRD6G4f+CoHhdSTIqSKpLOufkYJlyRFoPAUVwXzyauKRfR28
M8MxzQnSPbV/9i7hk/pBwi+jQAZoZ9YVreJO8hH9goctyaTOUNfqdM4VLLDyQm8O
PrmqaMz0rZPd5qHtyZ6t/RbTw0QCjMyoteohrVIw/HMNmW6kdAkuelERLZNfNcDR
kFpG2lzZ+ptbCWnWraNbxwsTAIaWXFnBuSFjMJ4H1KaDcpHpKO6HE6LOZLVfBE0o
195ahh3UkSgl7Q/LKdkOY/QBK4kaVMa/OvIX2MZRdVvad/k3Lyf6c29JpxkjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkep9YnxtMTcQAw7/9gutGRoPBBswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQe
MA0GCSqGSIb3DQEBCwUAA4IBAQByEVJLP1RgcvX88aevNRxIDNjXtIq4wgeQs42B
AWyoq4UXFy/vLD6QFU1c72r6QXieGxhkeq2ftCtpV9XN3lkxhKAS7Cdv/9de5fWQ
ZzhFamt89c1pAJ8wJLcK3A3lw5IGD+LXlLVv6iEaZhM1puPF1OM2itj8in6SSk6u
8nZ6bDNkUZ1aTOeKVK1ADQxJYJxHnufp+bhP7lp9xta6hCAuVz4gZMa0yNRwlWgT
+zXecTnE/HszJrqEpYStFn4u2C9wfRZqBCzvCbw54PDZI3xVMGduRpaEdAZ87BM5
+Vd3rIXEZ2mx0ZUrsM1J2oIQ8MLFVFWNL9e406sy1VZrY931
-----END CERTIFICATE-----