Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151368.roa
File:                     AS151368.roa (raw, json)
Hash identifier:          7NGdrKxPPe61nR+IZ9tPU+yNv1QPOQVXRI/zoJwqdxs=
Subject key identifier:   72:13:98:FD:57:A0:79:20:D3:09:77:EF:65:0C:BA:55:5D:94:9A:85
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1DBCA4E6BE75523B56FE44CCD5E1526253C87EA4
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151368.roa
Signing time:             Tue 15 Jul 2025 16:13:02 +0000
ROA not before:           Tue 15 Jul 2025 16:08:02 +0000
ROA not after:            Tue 14 Jul 2026 16:13:02 +0000
asID:                     151368
IP address blocks:        143.20.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:bc:a4:e6:be:75:52:3b:56:fe:44:cc:d5:e1:52:62:53:c8:7e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul 15 16:08:02 2025 GMT
            Not After : Jul 14 16:13:02 2026 GMT
        Subject: CN=721398FD57A07920D30977EF650CBA555D949A85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:03:78:59:de:1f:dc:6d:89:a1:db:78:71:eb:
                    0d:0c:d9:55:11:2d:38:14:ec:82:5e:c4:18:4d:7a:
                    2e:1c:c2:8c:53:9f:1b:f3:40:06:a9:df:92:51:86:
                    08:92:e8:0f:ab:a1:3e:fa:b1:ac:57:55:4e:b4:bd:
                    15:52:8c:71:2b:24:77:1b:99:c7:f6:7e:16:67:6a:
                    67:6d:d9:5f:6e:0b:c7:c9:22:1a:06:8e:28:24:da:
                    c2:99:d0:9e:e3:d5:8d:8e:f1:1c:02:90:8d:ed:bf:
                    d4:00:53:f7:35:01:ae:22:03:fd:21:f5:4b:b1:b5:
                    e3:93:be:ba:7a:47:28:d8:24:12:fc:9a:a6:1a:9d:
                    44:5d:a4:8f:9c:f0:38:60:fe:c0:ac:67:e4:21:4c:
                    ae:a0:fa:60:23:71:42:92:19:04:a3:44:94:c0:74:
                    52:7e:34:1a:9c:d0:96:38:4c:5b:f4:65:77:3d:9a:
                    38:a5:80:40:8b:23:9f:a1:b3:12:59:16:ab:7a:32:
                    97:15:c1:b6:6c:ee:e0:dc:35:e6:94:a1:20:0c:da:
                    19:95:7e:09:da:b5:17:0c:b7:01:c0:3e:2a:3f:1e:
                    7c:f4:df:29:62:67:cb:97:0a:07:d1:4b:be:12:3a:
                    6a:a4:28:ad:99:d8:79:8d:af:27:ce:5e:89:8b:29:
                    6a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:13:98:FD:57:A0:79:20:D3:09:77:EF:65:0C:BA:55:5D:94:9A:85
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151368.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:e8:b6:6c:e0:55:c8:da:8c:15:a6:fb:1d:e8:95:4d:63:a2:
         e6:cc:8c:e4:b9:20:13:5a:d8:b1:fe:e4:a5:82:b0:7a:51:a6:
         3d:01:77:73:8a:e2:50:25:54:08:27:5d:7a:40:0c:40:9c:fd:
         64:84:9a:01:3a:2d:42:43:65:b9:43:95:c2:51:11:cb:ae:7e:
         76:78:71:e6:bc:64:ce:60:75:46:7b:23:7a:c5:dc:4f:8c:cb:
         be:5d:a5:21:8f:68:e9:f1:23:8e:e6:54:4d:3c:f6:d2:df:84:
         23:36:b7:7f:4b:c1:43:f6:d9:8c:b0:c1:a6:ad:e0:b5:98:06:
         09:0b:7b:ae:7b:bb:d3:43:34:a4:c4:59:6f:19:4a:6a:84:21:
         84:f1:7e:17:19:b7:33:1b:90:69:01:03:f4:f0:68:2d:fd:a4:
         d7:ce:b4:bc:a4:53:64:f4:55:d5:75:42:ad:3c:1d:f3:d5:2b:
         67:d1:12:62:46:09:25:08:c7:1e:58:84:15:92:11:9a:56:7b:
         1f:31:5a:a0:44:cb:51:d6:57:2d:dd:d1:c7:2e:67:33:87:d3:
         a0:b4:13:79:10:d7:16:4f:cd:8f:1f:cb:7f:b3:8d:02:43:39:
         0f:de:17:ff:d8:0b:f1:9c:7c:11:2e:15:1b:34:89:8c:9c:e6:
         e9:fe:c9:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHbyk5r51UjtW/kTM1eFSYlPIfqQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTUxNjA4MDJaFw0yNjA3MTQxNjEzMDJaMDMxMTAvBgNV
BAMTKDcyMTM5OEZENTdBMDc5MjBEMzA5NzdFRjY1MENCQTU1NUQ5NDlBODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTA3hZ3h/cbYmh23hx6w0M2VUR
LTgU7IJexBhNei4cwoxTnxvzQAap35JRhgiS6A+roT76saxXVU60vRVSjHErJHcb
mcf2fhZnamdt2V9uC8fJIhoGjigk2sKZ0J7j1Y2O8RwCkI3tv9QAU/c1Aa4iA/0h
9UuxteOTvrp6RyjYJBL8mqYanURdpI+c8Dhg/sCsZ+QhTK6g+mAjcUKSGQSjRJTA
dFJ+NBqc0JY4TFv0ZXc9mjilgECLI5+hsxJZFqt6MpcVwbZs7uDcNeaUoSAM2hmV
fgnatRcMtwHAPio/Hnz03yliZ8uXCgfRS74SOmqkKK2Z2HmNryfOXomLKWprAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUchOY/VegeSDTCXfvZQy6VV2UmoUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUxMzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSG
MA0GCSqGSIb3DQEBCwUAA4IBAQBB6LZs4FXI2owVpvsd6JVNY6LmzIzkuSATWtix
/uSlgrB6UaY9AXdziuJQJVQIJ116QAxAnP1khJoBOi1CQ2W5Q5XCURHLrn52eHHm
vGTOYHVGeyN6xdxPjMu+XaUhj2jp8SOO5lRNPPbS34QjNrd/S8FD9tmMsMGmreC1
mAYJC3uue7vTQzSkxFlvGUpqhCGE8X4XGbczG5BpAQP08Ggt/aTXzrS8pFNk9FXV
dUKtPB3z1Stn0RJiRgklCMceWIQVkhGaVnsfMVqgRMtR1lct3dHHLmczh9OgtBN5
ENcWT82PH8t/s40CQzkP3hf/2AvxnHwRLhUbNImMnObp/smF
-----END CERTIFICATE-----