Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215152.roa
File:                     AS215152.roa (raw, json)
Hash identifier:          UL6ofAsqHN4EEiMEWwZVJ4Z/rdaBL6g1vUHHBgjTJdQ=
Subject key identifier:   28:2A:C7:17:A5:5D:0F:14:8E:E7:98:7C:42:C5:D1:B2:80:09:5A:08
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       13D4A7A81730BAFEF1398272EFB18F2A92FD062E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215152.roa
Signing time:             Tue 09 Jun 2026 01:01:08 +0000
ROA not before:           Tue 09 Jun 2026 00:56:08 +0000
ROA not after:            Tue 08 Jun 2027 01:01:08 +0000
asID:                     215152
IP address blocks:        143.20.113.0/24 maxlen: 24
                          143.20.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:39:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:d4:a7:a8:17:30:ba:fe:f1:39:82:72:ef:b1:8f:2a:92:fd:06:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  9 00:56:08 2026 GMT
            Not After : Jun  8 01:01:08 2027 GMT
        Subject: CN=282AC717A55D0F148EE7987C42C5D1B280095A08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ef:bb:c1:f7:17:76:ba:6b:bd:0c:14:d3:14:
                    08:34:0e:2f:a9:e1:5e:a9:9e:ec:b6:f4:84:97:51:
                    2b:e4:dc:38:e4:52:27:d8:b9:0b:0d:7e:cb:61:85:
                    4c:0a:ec:3b:f9:44:54:e6:d0:ba:c2:22:38:61:c8:
                    11:ab:27:bd:35:0e:c4:d8:42:9d:31:0c:b6:68:36:
                    0a:a3:ed:8c:c7:93:f8:56:21:b1:13:d3:68:78:2f:
                    4c:a5:5a:b6:43:0a:0b:63:af:9a:58:ca:a6:f3:89:
                    42:cf:37:5b:13:fe:50:af:f1:f3:38:4b:58:c1:8a:
                    55:4d:54:9e:96:80:97:07:11:04:b7:49:7b:96:ce:
                    9c:0f:61:33:13:54:96:f0:59:66:a8:a6:7a:5c:75:
                    d0:57:48:07:c5:c7:27:6d:78:40:d0:19:2e:0b:d3:
                    a1:e7:90:92:c8:29:29:6c:49:a5:29:aa:d6:e9:dd:
                    d5:ae:04:6e:38:2f:a0:36:82:fa:a3:51:c4:96:8f:
                    ea:ba:f8:b1:32:40:ed:72:8c:8e:38:65:90:80:28:
                    b2:b4:57:15:cb:fd:7a:a0:6b:42:ba:0c:1c:0d:94:
                    d2:b0:79:11:3a:4a:e9:42:79:98:d7:34:79:0f:3f:
                    81:0c:4d:f1:3e:87:a7:59:96:35:0a:74:ca:3c:60:
                    2e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:2A:C7:17:A5:5D:0F:14:8E:E7:98:7C:42:C5:D1:B2:80:09:5A:08
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS215152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.113.0/24
                  143.20.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:6e:22:f6:23:78:83:e1:f6:95:3c:ea:6f:1a:e0:c4:cc:7d:
         84:b2:64:b4:53:a4:43:a0:42:d0:cd:b4:a3:c3:04:84:23:fe:
         d1:94:13:33:55:f1:84:2b:f0:c0:be:7b:a1:4a:3b:b8:a6:6b:
         07:a3:24:d6:27:7a:42:df:98:0b:05:3e:8b:2b:22:44:3e:42:
         65:68:4e:3d:fa:44:d6:66:e6:33:3b:d7:38:98:2b:9e:ad:81:
         76:69:b0:19:ac:83:27:11:73:5b:36:16:f4:5f:5b:a9:11:42:
         63:0a:bd:d5:38:30:48:6b:4f:ff:98:08:aa:42:8a:49:37:8e:
         22:4d:95:92:5d:19:96:c5:b8:88:58:c4:e8:ff:e8:89:97:7a:
         dd:dc:dc:12:82:84:55:08:3f:08:1b:25:a3:98:b4:5d:2c:43:
         1f:91:a6:b9:3d:f4:83:26:93:8b:9a:65:69:42:9e:3a:9a:55:
         39:15:5c:4b:5b:00:df:2c:90:51:05:f2:75:a3:2c:50:da:39:
         97:87:03:b6:c2:26:58:23:6c:5c:ce:b2:da:5d:93:c3:63:f5:
         e9:dd:ba:00:d9:9a:39:fb:7c:66:57:a6:e0:0c:50:6d:43:6d:
         07:e5:a4:70:28:7b:f6:42:55:5d:e1:b2:48:d4:5e:70:49:9f:
         09:f9:77:34
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUE9SnqBcwuv7xOYJy77GPKpL9Bi4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA2MDkwMDU2MDhaFw0yNzA2MDgwMTAxMDhaMDMxMTAvBgNV
BAMTKDI4MkFDNzE3QTU1RDBGMTQ4RUU3OTg3QzQyQzVEMUIyODAwOTVBMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC177vB9xd2umu9DBTTFAg0Di+p
4V6pnuy29ISXUSvk3DjkUifYuQsNfsthhUwK7Dv5RFTm0LrCIjhhyBGrJ701DsTY
Qp0xDLZoNgqj7YzHk/hWIbET02h4L0ylWrZDCgtjr5pYyqbziULPN1sT/lCv8fM4
S1jBilVNVJ6WgJcHEQS3SXuWzpwPYTMTVJbwWWaopnpcddBXSAfFxydteEDQGS4L
06HnkJLIKSlsSaUpqtbp3dWuBG44L6A2gvqjUcSWj+q6+LEyQO1yjI44ZZCAKLK0
VxXL/Xqga0K6DBwNlNKweRE6SulCeZjXNHkPP4EMTfE+h6dZljUKdMo8YC5jAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUKCrHF6VdDxSO55h8QsXRsoAJWggwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE1MTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRx
AwQAjxTLMA0GCSqGSIb3DQEBCwUAA4IBAQCLbiL2I3iD4faVPOpvGuDEzH2EsmS0
U6RDoELQzbSjwwSEI/7RlBMzVfGEK/DAvnuhSju4pmsHoyTWJ3pC35gLBT6LKyJE
PkJlaE49+kTWZuYzO9c4mCuerYF2abAZrIMnEXNbNhb0X1upEUJjCr3VODBIa0//
mAiqQopJN44iTZWSXRmWxbiIWMTo/+iJl3rd3NwSgoRVCD8IGyWjmLRdLEMfkaa5
PfSDJpOLmmVpQp46mlU5FVxLWwDfLJBRBfJ1oyxQ2jmXhwO2wiZYI2xczrLaXZPD
Y/Xp3boA2Zo5+3xmV6bgDFBtQ20H5aRwKHv2QlVd4bJI1F5wSZ8J+Xc0
-----END CERTIFICATE-----