Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa
File:                     AS152868.roa (raw, json)
Hash identifier:          spD4rTPTrzkK+HCFsyvkd4CBd6YEE6370f+MTUdCdLI=
Subject key identifier:   D4:40:09:7B:60:95:E9:AA:5C:13:4D:C5:A2:3E:95:CD:46:35:45:30
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2341CA56F1BA26A5750D1E4176FFBB6D79A15841
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa
Signing time:             Wed 16 Jul 2025 08:24:39 +0000
ROA not before:           Wed 16 Jul 2025 08:19:39 +0000
ROA not after:            Wed 15 Jul 2026 08:24:39 +0000
asID:                     152868
IP address blocks:        143.20.47.0/24 maxlen: 24
                          143.20.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:41:ca:56:f1:ba:26:a5:75:0d:1e:41:76:ff:bb:6d:79:a1:58:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 16 08:19:39 2025 GMT
            Not After : Jul 15 08:24:39 2026 GMT
        Subject: CN=D440097B6095E9AA5C134DC5A23E95CD46354530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:79:cd:40:68:d4:ec:83:e2:b4:24:5c:a1:65:
                    f8:c2:0d:5e:bc:0b:f4:6b:9b:52:10:a8:94:7a:e5:
                    e2:45:20:df:6c:75:a1:63:58:ec:91:d6:c2:1d:d6:
                    ac:f0:6e:94:f9:1e:73:d3:2d:ff:ca:bf:e2:30:a7:
                    09:b5:96:af:59:21:4c:a4:8b:07:f7:4c:b3:03:e0:
                    c9:2e:ef:7b:24:86:9c:78:4a:06:89:d5:77:a4:1d:
                    5a:3e:fb:c0:73:07:27:9f:17:dd:77:97:2e:c1:88:
                    24:2f:f4:8f:39:8b:26:15:28:f1:6f:00:9d:c6:77:
                    36:6e:b5:8c:31:ec:24:13:06:fc:76:dd:0e:13:60:
                    4e:db:ac:b4:d0:e6:39:60:e5:95:30:1b:dc:45:2f:
                    2f:b7:dd:46:d4:7d:ca:5d:c2:24:62:4d:44:2d:95:
                    d0:2c:b1:eb:0b:5b:b3:11:c2:9b:06:92:9b:01:9a:
                    73:62:c4:d0:d7:94:b5:4b:19:65:4b:c7:60:09:b8:
                    13:80:fc:b5:05:38:31:15:a1:73:bd:c2:2a:ef:de:
                    16:f5:bd:aa:a8:4b:51:b4:b8:51:b7:df:85:a9:54:
                    25:da:88:7a:01:d4:2d:b5:7b:45:f6:63:a4:7d:3c:
                    3e:c5:36:d7:42:d9:dc:bc:83:a3:8d:76:e6:f2:5a:
                    51:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:40:09:7B:60:95:E9:AA:5C:13:4D:C5:A2:3E:95:CD:46:35:45:30
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.47.0/24
                  143.20.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:3b:51:3d:74:74:15:ac:25:e5:0d:ed:2a:ee:84:4e:56:da:
         c3:b5:e0:04:50:1b:9a:ad:f1:ab:b7:1c:d6:2f:40:79:8e:0c:
         be:0e:3e:a2:3f:ba:3a:bd:23:72:f3:41:71:52:1a:ee:1c:fa:
         96:1d:33:36:8d:82:f8:5b:7f:cf:41:13:ca:2a:d8:bb:90:19:
         03:65:96:89:6e:7a:86:99:cd:f2:59:44:96:e5:73:27:30:81:
         40:b1:8d:19:58:60:bf:5f:6d:3e:32:75:d1:14:5c:1d:fc:13:
         5f:d0:43:a4:0d:93:dd:72:c1:b6:72:d1:ec:aa:be:96:68:d2:
         08:db:da:67:fd:84:08:33:52:4c:a7:fb:87:24:97:60:db:87:
         9e:72:e1:29:f0:ec:63:a1:1f:0b:f5:93:ae:53:40:c6:9d:4b:
         14:fe:81:c7:16:99:f0:59:80:5a:7f:d3:23:94:e5:d8:2d:9f:
         5a:87:02:3f:51:53:d4:c6:5d:c3:ff:a3:09:63:65:34:40:e8:
         02:50:31:dc:d1:5b:c6:e3:31:7c:f5:cd:d6:64:55:97:31:8a:
         4b:12:c9:12:79:7e:67:60:a1:20:d9:a5:45:c3:29:d8:0a:f2:
         0c:e5:d5:f6:7d:45:cf:72:44:63:d5:87:7e:0b:34:57:20:f5:
         31:e8:34:f5
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUI0HKVvG6JqV1DR5Bdv+7bXmhWEEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTYwODE5MzlaFw0yNjA3MTUwODI0MzlaMDMxMTAvBgNV
BAMTKEQ0NDAwOTdCNjA5NUU5QUE1QzEzNERDNUEyM0U5NUNENDYzNTQ1MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGec1AaNTsg+K0JFyhZfjCDV68
C/Rrm1IQqJR65eJFIN9sdaFjWOyR1sId1qzwbpT5HnPTLf/Kv+Iwpwm1lq9ZIUyk
iwf3TLMD4Mku73skhpx4SgaJ1XekHVo++8BzByefF913ly7BiCQv9I85iyYVKPFv
AJ3GdzZutYwx7CQTBvx23Q4TYE7brLTQ5jlg5ZUwG9xFLy+33UbUfcpdwiRiTUQt
ldAssesLW7MRwpsGkpsBmnNixNDXlLVLGWVLx2AJuBOA/LUFODEVoXO9wirv3hb1
vaqoS1G0uFG334WpVCXaiHoB1C21e0X2Y6R9PD7FNtdC2dy8g6ONdubyWlERAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU1EAJe2CV6apcE03Foj6VzUY1RTAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUyODY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQv
AwQAjxSvMA0GCSqGSIb3DQEBCwUAA4IBAQDVO1E9dHQVrCXlDe0q7oROVtrDteAE
UBuarfGrtxzWL0B5jgy+Dj6iP7o6vSNy80FxUhruHPqWHTM2jYL4W3/PQRPKKti7
kBkDZZaJbnqGmc3yWUSW5XMnMIFAsY0ZWGC/X20+MnXRFFwd/BNf0EOkDZPdcsG2
ctHsqr6WaNII29pn/YQIM1JMp/uHJJdg24eecuEp8OxjoR8L9ZOuU0DGnUsU/oHH
FpnwWYBaf9MjlOXYLZ9ahwI/UVPUxl3D/6MJY2U0QOgCUDHc0VvG4zF89c3WZFWX
MYpLEskSeX5nYKEg2aVFwynYCvIM5dX2fUXPckRj1Yd+CzRXIPUx6DT1
-----END CERTIFICATE-----