Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152734.roa
File:                     AS152734.roa (raw, json)
Hash identifier:          kNqzddOK7uxcqIHiiLOKlncXCBE4Qa2NOSzUuocbm5U=
Subject key identifier:   B2:2B:7D:60:DB:35:43:27:22:71:E3:FE:F7:79:25:E5:C1:55:27:58
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       20779789353A28F8F45A5CA7D616C720496E5E54
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152734.roa
Signing time:             Wed 23 Jul 2025 05:34:28 +0000
ROA not before:           Wed 23 Jul 2025 05:29:28 +0000
ROA not after:            Wed 22 Jul 2026 05:34:28 +0000
asID:                     152734
IP address blocks:        143.20.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:77:97:89:35:3a:28:f8:f4:5a:5c:a7:d6:16:c7:20:49:6e:5e:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 23 05:29:28 2025 GMT
            Not After : Jul 22 05:34:28 2026 GMT
        Subject: CN=B22B7D60DB3543272271E3FEF77925E5C1552758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fd:2f:cc:2d:06:a6:e8:39:4f:66:f7:c7:c9:
                    33:d8:82:a5:bb:02:3e:b9:3d:21:c0:be:9c:88:0f:
                    39:d2:5d:e1:0f:72:88:b3:4e:d3:4a:93:00:5f:be:
                    e3:b4:7f:4d:04:e1:11:ea:4d:d5:c9:66:86:09:51:
                    f5:a2:1d:b2:5b:94:43:71:0d:52:43:85:6d:19:96:
                    f8:a8:d2:b7:3d:8d:1c:2d:60:f0:6c:d6:11:15:a0:
                    ad:70:a2:41:64:67:46:c1:dc:12:ac:64:a3:98:b9:
                    5f:d5:2d:d2:22:1f:ec:18:6f:0d:39:54:e8:7f:56:
                    84:06:e2:c3:5d:6d:64:6f:c0:57:4c:f4:e6:88:1b:
                    73:92:a4:64:c8:2d:c6:f3:df:b0:7f:31:f0:d9:4a:
                    aa:97:c5:2c:b4:d2:b7:d2:7a:17:7e:4d:e8:a9:8f:
                    f3:b3:08:da:96:65:1f:7d:39:b8:e4:64:36:42:3a:
                    da:1b:0a:c0:aa:00:08:7d:b1:e2:f1:1b:c4:8f:03:
                    59:62:d1:29:12:96:5b:75:24:2c:df:1d:8d:b7:33:
                    5b:b2:16:be:12:b7:13:32:aa:57:4d:f0:13:5c:b8:
                    32:ec:55:d9:a4:d7:7d:1d:08:34:d7:ff:f6:6a:61:
                    84:60:d7:d4:be:6b:b8:a0:32:fc:11:0a:1a:48:e4:
                    59:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:2B:7D:60:DB:35:43:27:22:71:E3:FE:F7:79:25:E5:C1:55:27:58
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:9d:6b:d9:8d:78:2d:fd:cc:6d:00:73:00:a7:8c:f6:3e:5c:
         2f:7b:e1:5b:f5:af:2e:9d:25:44:aa:2d:47:e9:8e:73:cf:9c:
         e8:2c:9d:a9:75:da:aa:8d:fd:ab:75:f5:8f:e7:3a:15:31:99:
         13:c9:4d:1c:e5:ed:d4:df:b7:2f:9a:6a:a5:d0:22:54:94:56:
         09:8b:b0:76:cc:d6:86:67:95:e5:be:5c:fd:36:e1:7f:39:55:
         eb:9a:4d:4e:c3:29:e9:c3:d5:18:cc:b3:ea:96:6a:77:ef:bb:
         33:65:d9:e5:ea:c3:4f:61:d9:b3:b9:b6:ce:d6:e6:7a:cd:e6:
         64:da:3f:f3:9e:d3:cd:d0:c5:e9:a9:f4:7d:ed:44:d9:9d:06:
         f0:c2:dd:c1:65:a0:59:92:ad:2b:03:f1:a7:68:a5:4c:b4:07:
         87:26:33:cb:cc:3e:2c:5a:50:cc:4e:7e:a3:25:c9:29:70:00:
         13:8e:0f:7b:94:a9:20:e1:ca:3f:1b:90:91:dd:4d:47:3e:22:
         96:cc:95:b3:5c:a8:35:84:02:92:80:3d:76:69:00:88:1b:80:
         ab:15:ae:09:5f:52:7f:b8:39:97:6f:c3:7b:75:c0:b7:a7:db:
         67:fe:b6:b8:5b:a0:ff:14:c3:8f:f5:fa:9e:e3:49:01:2a:eb:
         10:98:66:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIHeXiTU6KPj0Wlyn1hbHIEluXlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MjMwNTI5MjhaFw0yNjA3MjIwNTM0MjhaMDMxMTAvBgNV
BAMTKEIyMkI3RDYwREIzNTQzMjcyMjcxRTNGRUY3NzkyNUU1QzE1NTI3NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ/S/MLQam6DlPZvfHyTPYgqW7
Aj65PSHAvpyIDznSXeEPcoizTtNKkwBfvuO0f00E4RHqTdXJZoYJUfWiHbJblENx
DVJDhW0Zlvio0rc9jRwtYPBs1hEVoK1wokFkZ0bB3BKsZKOYuV/VLdIiH+wYbw05
VOh/VoQG4sNdbWRvwFdM9OaIG3OSpGTILcbz37B/MfDZSqqXxSy00rfSehd+Teip
j/OzCNqWZR99ObjkZDZCOtobCsCqAAh9seLxG8SPA1li0SkSllt1JCzfHY23M1uy
Fr4StxMyqldN8BNcuDLsVdmk130dCDTX//ZqYYRg19S+a7igMvwRChpI5Fn5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUsit9YNs1QyciceP+93kl5cFVJ1gwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUyNzM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSO
MA0GCSqGSIb3DQEBCwUAA4IBAQDSnWvZjXgt/cxtAHMAp4z2Plwve+Fb9a8unSVE
qi1H6Y5zz5zoLJ2pddqqjf2rdfWP5zoVMZkTyU0c5e3U37cvmmql0CJUlFYJi7B2
zNaGZ5Xlvlz9NuF/OVXrmk1Owynpw9UYzLPqlmp377szZdnl6sNPYdmzubbO1uZ6
zeZk2j/zntPN0MXpqfR97UTZnQbwwt3BZaBZkq0rA/GnaKVMtAeHJjPLzD4sWlDM
Tn6jJckpcAATjg97lKkg4co/G5CR3U1HPiKWzJWzXKg1hAKSgD12aQCIG4CrFa4J
X1J/uDmXb8N7dcC3p9tn/ra4W6D/FMOP9fqe40kBKusQmGal
-----END CERTIFICATE-----