Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151592.roa
File:                     AS151592.roa (raw, json)
Hash identifier:          LrwJFWSpQx0qsRhHqv++nF5B/osPRmhigCeYnNxCvI4=
Subject key identifier:   3D:80:63:A2:A1:22:C6:B5:BC:93:EB:BA:94:F8:12:A6:E2:CE:73:0D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       597ECD82491C17C9F531D9416C4D1D7D7689BBE6
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151592.roa
Signing time:             Tue 28 Oct 2025 16:47:05 +0000
ROA not before:           Tue 28 Oct 2025 16:42:05 +0000
ROA not after:            Tue 27 Oct 2026 16:47:05 +0000
asID:                     151592
IP address blocks:        143.20.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:7e:cd:82:49:1c:17:c9:f5:31:d9:41:6c:4d:1d:7d:76:89:bb:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 28 16:42:05 2025 GMT
            Not After : Oct 27 16:47:05 2026 GMT
        Subject: CN=3D8063A2A122C6B5BC93EBBA94F812A6E2CE730D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3f:6e:1f:5e:06:65:e7:e7:8a:c9:95:37:33:
                    7c:10:0a:19:c6:65:8a:a3:e6:cb:5e:19:a6:bf:7a:
                    79:11:87:56:5e:45:81:8a:77:18:37:e5:64:60:5b:
                    d9:d0:81:de:14:3b:4e:e4:ad:34:2a:f0:ff:2e:c3:
                    68:32:1e:82:6e:0d:61:5e:45:c1:d3:54:25:51:20:
                    20:c3:a0:49:f3:fe:be:9c:b4:69:d5:c0:70:72:59:
                    58:ca:34:fa:f2:72:b2:dd:5f:62:d1:8f:60:a9:87:
                    86:7c:1f:0c:7a:91:66:81:f5:43:5d:70:2d:4b:bc:
                    4d:d0:6c:04:1c:e0:89:46:8e:97:db:bf:87:fe:ff:
                    ca:68:26:ac:d1:91:8c:a1:c9:51:b3:14:e0:75:b3:
                    09:ed:fa:eb:0b:46:e2:ee:93:e6:94:b6:fb:81:24:
                    f4:70:f5:47:d2:60:7b:63:af:82:65:63:66:b3:d6:
                    69:19:a5:ee:8f:ce:f1:f6:d5:b1:78:b4:78:7f:2b:
                    14:21:61:56:8c:2b:19:5c:43:04:ef:f3:0b:a8:56:
                    13:d4:cd:e5:ba:4e:a5:ce:df:1a:b0:f7:37:67:30:
                    81:bf:85:45:56:b1:15:86:14:94:05:20:6b:00:dd:
                    61:43:f5:af:d1:d7:52:7c:59:fa:a5:47:61:09:e0:
                    67:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:80:63:A2:A1:22:C6:B5:BC:93:EB:BA:94:F8:12:A6:E2:CE:73:0D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151592.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:5f:06:33:66:24:04:ba:52:6e:90:96:e3:db:9a:0f:05:64:
         d5:31:17:4d:1c:bb:1b:50:69:92:dd:fe:e9:6c:6b:2e:71:fa:
         77:f5:06:07:c4:4b:b2:81:dd:26:eb:48:e0:35:a4:63:f0:83:
         1c:d4:37:f1:fe:68:b0:a4:4b:84:16:bc:c8:93:89:31:cc:93:
         32:b0:46:43:2f:a0:69:52:2f:30:60:c5:90:0e:f1:5a:48:20:
         83:3b:80:69:95:35:1f:f5:da:54:87:e8:72:96:80:0b:97:97:
         d6:8d:cd:68:ca:81:2f:b6:14:6e:52:54:3d:71:ee:7c:29:62:
         a9:44:3e:83:d0:42:5c:a8:f2:fa:44:d9:d2:23:bf:78:e1:89:
         a6:21:a7:a1:97:61:fd:1d:02:da:84:47:50:fa:c1:38:93:f5:
         47:58:96:ac:75:b8:2e:38:7b:ea:60:fd:be:c1:93:e2:a4:58:
         7b:7c:1a:bb:a4:1a:a9:77:16:c2:85:ec:7f:00:0f:8a:50:a8:
         17:b5:6e:7c:a7:16:25:3b:5c:6d:9a:00:86:79:b3:45:b7:82:
         63:21:92:57:f7:c0:3e:23:ba:56:b7:f7:6a:84:18:39:ed:dc:
         78:a2:88:20:68:b9:8a:a4:df:a9:03:e1:6e:c3:af:7f:58:de:
         3b:91:d5:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWX7NgkkcF8n1MdlBbE0dfXaJu+YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjgxNjQyMDVaFw0yNjEwMjcxNjQ3MDVaMDMxMTAvBgNV
BAMTKDNEODA2M0EyQTEyMkM2QjVCQzkzRUJCQTk0RjgxMkE2RTJDRTczMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrP24fXgZl5+eKyZU3M3wQChnG
ZYqj5steGaa/enkRh1ZeRYGKdxg35WRgW9nQgd4UO07krTQq8P8uw2gyHoJuDWFe
RcHTVCVRICDDoEnz/r6ctGnVwHByWVjKNPrycrLdX2LRj2Cph4Z8Hwx6kWaB9UNd
cC1LvE3QbAQc4IlGjpfbv4f+/8poJqzRkYyhyVGzFOB1swnt+usLRuLuk+aUtvuB
JPRw9UfSYHtjr4JlY2az1mkZpe6PzvH21bF4tHh/KxQhYVaMKxlcQwTv8wuoVhPU
zeW6TqXO3xqw9zdnMIG/hUVWsRWGFJQFIGsA3WFD9a/R11J8WfqlR2EJ4GcDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPYBjoqEixrW8k+u6lPgSpuLOcw0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUxNTkyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxTH
MA0GCSqGSIb3DQEBCwUAA4IBAQCwXwYzZiQEulJukJbj25oPBWTVMRdNHLsbUGmS
3f7pbGsucfp39QYHxEuygd0m60jgNaRj8IMc1Dfx/miwpEuEFrzIk4kxzJMysEZD
L6BpUi8wYMWQDvFaSCCDO4BplTUf9dpUh+hyloALl5fWjc1oyoEvthRuUlQ9ce58
KWKpRD6D0EJcqPL6RNnSI7944YmmIaehl2H9HQLahEdQ+sE4k/VHWJasdbguOHvq
YP2+wZPipFh7fBq7pBqpdxbChex/AA+KUKgXtW58pxYlO1xtmgCGebNFt4JjIZJX
98A+I7pWt/dqhBg57dx4ooggaLmKpN+pA+Fuw69/WN47kdVD
-----END CERTIFICATE-----