Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS150249.roa
File:                     AS150249.roa (raw, json)
Hash identifier:          rtjaaD2OX+doSTCa6iUJNTmTPYKzEBKoMGZSUp6uY1s=
Subject key identifier:   41:BA:0F:F1:68:B0:49:FA:0B:7D:6A:C8:F3:F7:14:C8:2B:FA:75:41
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       285D5E008F31773DEA313EF0EA3FDDB06C7C968C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS150249.roa
Signing time:             Sat 26 Jul 2025 02:44:41 +0000
ROA not before:           Sat 26 Jul 2025 02:39:41 +0000
ROA not after:            Sat 25 Jul 2026 02:44:41 +0000
asID:                     150249
IP address blocks:        143.20.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:5d:5e:00:8f:31:77:3d:ea:31:3e:f0:ea:3f:dd:b0:6c:7c:96:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 26 02:39:41 2025 GMT
            Not After : Jul 25 02:44:41 2026 GMT
        Subject: CN=41BA0FF168B049FA0B7D6AC8F3F714C82BFA7541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ac:5e:cf:6e:63:34:c6:8a:51:7d:42:fd:1e:
                    43:8e:ca:cb:8e:b9:72:fb:f3:2a:8c:7c:a2:72:34:
                    f9:68:d8:25:0d:13:33:67:01:e6:f5:c8:b9:92:f6:
                    63:55:6b:1b:6b:c5:e5:5d:86:a2:c2:dc:b3:7e:3c:
                    43:6f:af:0d:7c:bc:b6:b0:cf:49:37:2b:d6:64:04:
                    df:05:dc:9b:d4:f2:51:32:0b:d3:be:5e:4a:3f:c9:
                    5f:59:17:7c:84:bf:07:ca:e8:1a:f4:01:41:f8:cb:
                    f4:64:74:77:fb:ed:51:40:fb:9a:96:4f:83:57:67:
                    f7:fe:df:e2:bd:8a:34:17:fd:d8:27:51:3e:76:00:
                    e8:48:c4:cc:4f:3b:75:90:0c:64:63:9f:78:18:6f:
                    76:77:64:7f:e1:76:63:c1:26:a7:15:ed:72:9c:f9:
                    fb:91:d8:9a:94:84:3a:25:47:43:35:cf:e2:2b:e9:
                    c3:34:88:9d:31:e5:8d:6a:7a:81:d0:db:b0:7a:5b:
                    7c:36:29:f8:d2:68:b8:a2:5c:0a:07:19:1a:34:00:
                    93:ac:86:58:de:00:e0:67:7f:57:02:19:f1:d5:bc:
                    57:df:38:b2:2c:a0:84:c9:1e:0c:e7:0c:41:64:6a:
                    1f:ba:94:1e:95:51:58:31:d3:bd:77:4f:21:ac:71:
                    5c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:BA:0F:F1:68:B0:49:FA:0B:7D:6A:C8:F3:F7:14:C8:2B:FA:75:41
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS150249.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:68:e6:bd:34:fa:fe:a9:eb:1d:48:17:8a:71:1f:cd:7a:d2:
         07:79:fc:53:f2:a0:8e:48:a1:20:09:7a:17:20:88:b2:1a:e2:
         38:6d:40:95:99:de:00:33:12:ab:c0:04:85:7b:2a:c1:f5:47:
         5e:42:bf:07:0d:09:d3:8c:40:65:d9:05:94:15:a0:35:a1:e8:
         e2:cd:9f:2f:b3:93:84:70:e6:95:f3:7a:f7:9f:25:f3:e9:2c:
         5b:0e:f3:20:55:5f:86:1b:bf:c8:98:00:8c:6b:f7:51:c3:8d:
         62:02:bc:ec:22:54:1c:8e:75:84:55:d8:a1:c9:f9:b3:30:48:
         0b:9a:44:3e:f9:93:42:ae:79:18:29:cf:0f:d4:80:1d:1a:91:
         64:1d:27:cd:4d:0b:1d:19:e3:80:4c:4f:65:08:d0:4a:68:d2:
         65:56:c4:0c:00:a1:49:7b:23:2c:cc:5c:1a:c5:8a:21:9a:a4:
         cc:6b:f7:c2:e1:c2:57:bb:e8:dd:78:8d:0c:c9:c7:25:cb:c7:
         2c:47:dd:68:2b:b0:aa:48:25:c9:05:1a:1f:9f:e9:d3:d6:be:
         ea:d4:e6:f9:66:ae:3a:86:2e:f6:c7:c4:85:09:4c:cc:bc:e1:
         58:4d:c4:e1:37:2e:96:43:91:b0:23:ef:4b:7e:52:0d:1d:7f:
         f9:35:03:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKF1eAI8xdz3qMT7w6j/dsGx8lowwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjYwMjM5NDFaFw0yNjA3MjUwMjQ0NDFaMDMxMTAvBgNV
BAMTKDQxQkEwRkYxNjhCMDQ5RkEwQjdENkFDOEYzRjcxNEM4MkJGQTc1NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMrF7PbmM0xopRfUL9HkOOysuO
uXL78yqMfKJyNPlo2CUNEzNnAeb1yLmS9mNVaxtrxeVdhqLC3LN+PENvrw18vLaw
z0k3K9ZkBN8F3JvU8lEyC9O+Xko/yV9ZF3yEvwfK6Br0AUH4y/RkdHf77VFA+5qW
T4NXZ/f+3+K9ijQX/dgnUT52AOhIxMxPO3WQDGRjn3gYb3Z3ZH/hdmPBJqcV7XKc
+fuR2JqUhDolR0M1z+Ir6cM0iJ0x5Y1qeoHQ27B6W3w2KfjSaLiiXAoHGRo0AJOs
hljeAOBnf1cCGfHVvFffOLIsoITJHgznDEFkah+6lB6VUVgx0713TyGscVwtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQboP8WiwSfoLfWrI8/cUyCv6dUEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUwMjQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQx
MA0GCSqGSIb3DQEBCwUAA4IBAQB9aOa9NPr+qesdSBeKcR/NetIHefxT8qCOSKEg
CXoXIIiyGuI4bUCVmd4AMxKrwASFeyrB9UdeQr8HDQnTjEBl2QWUFaA1oejizZ8v
s5OEcOaV83r3nyXz6SxbDvMgVV+GG7/ImACMa/dRw41iArzsIlQcjnWEVdihyfmz
MEgLmkQ++ZNCrnkYKc8P1IAdGpFkHSfNTQsdGeOATE9lCNBKaNJlVsQMAKFJeyMs
zFwaxYohmqTMa/fC4cJXu+jdeI0Myccly8csR91oK7CqSCXJBRofn+nT1r7q1Ob5
Zq46hi72x8SFCUzMvOFYTcThNy6WQ5GwI+9LflINHX/5NQMX
-----END CERTIFICATE-----