Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa
File:                     AS152868.roa (raw, json)
Hash identifier:          6dEDOTh/NoGqozCa0EkMLTZgc06UVb0UjCghct6vajc=
Subject key identifier:   C3:03:63:E6:3F:D6:83:EE:0E:CA:62:3E:0C:8E:1A:FA:30:EE:F0:4A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1D251E46678B28779013A294D3A3B6CE3C14CEFF
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa
Signing time:             Tue 28 Oct 2025 08:43:48 +0000
ROA not before:           Tue 28 Oct 2025 08:38:48 +0000
ROA not after:            Tue 27 Oct 2026 08:43:48 +0000
asID:                     152868
IP address blocks:        143.20.41.0/24 maxlen: 24
                          143.20.47.0/24 maxlen: 24
                          143.20.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:25:1e:46:67:8b:28:77:90:13:a2:94:d3:a3:b6:ce:3c:14:ce:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 28 08:38:48 2025 GMT
            Not After : Oct 27 08:43:48 2026 GMT
        Subject: CN=C30363E63FD683EE0ECA623E0C8E1AFA30EEF04A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:23:54:c6:e5:a6:92:31:25:66:76:06:41:a2:
                    ea:7c:d8:0e:07:11:e3:dc:ae:8f:4f:d7:7f:fe:52:
                    91:38:57:93:64:b7:45:f4:96:39:62:88:36:d1:42:
                    4f:d5:4b:fa:ad:22:05:8c:47:24:cd:b1:67:1c:73:
                    b3:92:ed:55:ba:c0:b0:2a:00:10:0d:27:a5:7d:de:
                    a0:da:f9:c0:52:a9:44:1a:85:f1:b9:f8:c0:32:87:
                    31:a6:b6:fc:c9:fa:85:a3:29:18:f7:78:b6:16:86:
                    63:4b:69:82:d8:fc:a0:25:3a:8c:79:2b:46:50:d0:
                    40:41:31:01:83:53:6c:e6:28:61:67:69:10:8e:6d:
                    e9:58:ef:97:45:00:60:17:c7:15:6b:a9:3a:a2:e1:
                    7d:18:83:33:9e:de:b2:74:d1:6c:31:7f:08:47:dd:
                    26:11:f0:fe:21:0d:df:44:9f:97:2a:64:29:6b:39:
                    40:98:a9:13:ef:02:64:e3:62:18:7d:f7:66:e7:d9:
                    0c:0b:1e:f5:d1:f4:af:71:f0:3b:1f:7b:42:4d:70:
                    fe:6f:75:67:8f:f3:49:7d:4f:34:79:c3:bd:20:41:
                    a8:08:c8:8b:ea:ce:b2:24:c3:5e:d5:90:f0:f2:b9:
                    ee:cd:39:a4:f0:b7:22:a5:7d:33:eb:4e:63:da:3e:
                    f5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:03:63:E6:3F:D6:83:EE:0E:CA:62:3E:0C:8E:1A:FA:30:EE:F0:4A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.41.0/24
                  143.20.47.0/24
                  143.20.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:86:70:bc:0a:b1:8e:35:8a:1d:ae:bf:b6:9b:58:b2:9e:cb:
         30:8b:34:3c:09:de:39:f6:2d:90:40:6f:5c:69:de:97:ac:4b:
         00:f1:b2:20:27:96:47:dc:2c:c8:14:09:a2:33:b4:c9:9b:10:
         42:bd:03:51:59:cb:17:58:ac:cc:2d:1e:7a:ee:07:bc:0e:5b:
         4e:31:3c:08:cd:ad:ba:aa:4d:13:3d:51:a9:44:2d:74:91:61:
         15:da:9c:64:50:7b:2c:44:b9:0a:b9:39:cf:37:55:86:7f:2d:
         fc:95:0b:f7:35:a6:1c:3a:1c:ea:9b:04:72:5f:02:69:78:ae:
         35:77:54:56:5d:c9:f0:c8:90:2a:3b:92:09:2d:2b:9e:ac:38:
         e9:c5:56:2a:e0:bb:4f:2a:a7:6e:55:02:6f:b3:00:9f:1a:fb:
         5d:e8:1f:f3:8f:e8:d2:83:91:42:01:c9:fd:13:56:86:f2:ac:
         b7:91:b6:fe:df:07:ae:fe:a6:02:4a:0e:0e:d7:e1:d6:71:47:
         5d:5f:88:70:23:4a:7b:40:f6:39:f7:47:0b:84:f0:e0:31:7f:
         41:15:a1:f3:ec:85:ff:eb:d0:41:af:f5:24:4f:a6:57:eb:a5:
         e9:ba:90:a0:38:6a:4a:0a:1e:52:03:a7:d6:5f:52:91:4f:71:
         a1:8f:68:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUHSUeRmeLKHeQE6KU06O2zjwUzv8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjgwODM4NDhaFw0yNjEwMjcwODQzNDhaMDMxMTAvBgNV
BAMTKEMzMDM2M0U2M0ZENjgzRUUwRUNBNjIzRTBDOEUxQUZBMzBFRUYwNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiI1TG5aaSMSVmdgZBoup82A4H
EePcro9P13/+UpE4V5Nkt0X0ljliiDbRQk/VS/qtIgWMRyTNsWccc7OS7VW6wLAq
ABANJ6V93qDa+cBSqUQahfG5+MAyhzGmtvzJ+oWjKRj3eLYWhmNLaYLY/KAlOox5
K0ZQ0EBBMQGDU2zmKGFnaRCObelY75dFAGAXxxVrqTqi4X0YgzOe3rJ00WwxfwhH
3SYR8P4hDd9En5cqZClrOUCYqRPvAmTjYhh992bn2QwLHvXR9K9x8Dsfe0JNcP5v
dWeP80l9TzR5w70gQagIyIvqzrIkw17VkPDyue7NOaTwtyKlfTPrTmPaPvUhAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUwwNj5j/Wg+4OymI+DI4a+jDu8EowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUyODY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxQp
AwQAjxQvAwQAjxSvMA0GCSqGSIb3DQEBCwUAA4IBAQC7hnC8CrGONYodrr+2m1iy
nsswizQ8Cd459i2QQG9cad6XrEsA8bIgJ5ZH3CzIFAmiM7TJmxBCvQNRWcsXWKzM
LR567ge8DltOMTwIza26qk0TPVGpRC10kWEV2pxkUHssRLkKuTnPN1WGfy38lQv3
NaYcOhzqmwRyXwJpeK41d1RWXcnwyJAqO5IJLSuerDjpxVYq4LtPKqduVQJvswCf
Gvtd6B/zj+jSg5FCAcn9E1aG8qy3kbb+3weu/qYCSg4O1+HWcUddX4hwI0p7QPY5
90cLhPDgMX9BFaHz7IX/69BBr/UkT6ZX66XpupCgOGpKCh5SA6fWX1KRT3Ghj2j5
-----END CERTIFICATE-----