Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135391.roa
File:                     AS135391.roa (raw, json)
Hash identifier:          e941zz45uf2DBp6yKVF6A1yjpROs+E0Gbmv6m1XPWHI=
Subject key identifier:   3C:6F:60:A6:7B:8F:F3:0B:D2:3E:43:67:91:C9:21:41:CF:AE:DB:1C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       708E9D90867E48B3B8E45C284BAF9EE23182658F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135391.roa
Signing time:             Fri 06 Jun 2025 07:01:42 +0000
ROA not before:           Fri 06 Jun 2025 06:56:42 +0000
ROA not after:            Fri 05 Jun 2026 07:01:42 +0000
asID:                     135391
IP address blocks:        143.20.86.0/24 maxlen: 24
                          143.20.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:8e:9d:90:86:7e:48:b3:b8:e4:5c:28:4b:af:9e:e2:31:82:65:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  6 06:56:42 2025 GMT
            Not After : Jun  5 07:01:42 2026 GMT
        Subject: CN=3C6F60A67B8FF30BD23E436791C92141CFAEDB1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2e:e3:9a:be:77:52:7c:36:c9:06:47:ed:ce:
                    bf:91:2f:4d:6d:e1:50:ce:40:a7:3c:5b:39:63:16:
                    f3:ad:40:66:de:1f:6c:90:83:62:6e:74:f2:e9:dd:
                    7c:4e:b7:49:5f:c1:03:67:b5:61:83:f9:c7:f5:c8:
                    20:d5:d5:61:4c:fd:01:ce:de:95:1b:6e:8c:e7:61:
                    d4:ed:a4:c6:ee:46:f7:3e:f4:5a:0f:f1:f9:72:2c:
                    7a:a8:f4:64:7f:a6:f8:27:af:22:0b:d6:9e:9d:76:
                    e6:e5:14:9f:0e:d7:10:27:e3:e2:39:97:03:2b:15:
                    a3:33:81:66:68:40:4b:b9:3b:3d:66:88:50:40:3d:
                    69:44:d6:73:60:4d:0d:78:03:b1:f3:e8:8e:65:97:
                    42:9b:62:4f:7a:62:d2:dd:2a:31:95:46:fc:b4:dc:
                    c2:aa:61:62:e3:90:c7:26:dc:82:04:52:77:00:74:
                    f3:fd:75:0a:d5:53:71:a4:fd:e3:7d:08:5b:1d:3c:
                    ab:9e:58:d9:1c:c1:a7:30:d6:19:87:5a:48:7b:86:
                    61:d2:84:b7:d2:5a:a5:af:54:45:89:6d:b1:6f:8c:
                    14:69:69:06:89:e4:ba:87:e2:ff:48:08:01:13:6b:
                    6d:3d:9b:2b:fc:ae:01:a2:85:da:53:21:c7:42:8e:
                    ac:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:6F:60:A6:7B:8F:F3:0B:D2:3E:43:67:91:C9:21:41:CF:AE:DB:1C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135391.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:88:46:9a:e3:f9:db:4e:42:f2:d2:69:e4:38:d2:9e:72:1f:
         5c:d7:a5:e9:01:d0:b4:aa:5e:d0:5b:1f:a3:4a:f7:5d:1c:d4:
         d8:c6:46:23:10:de:69:fc:47:ca:ac:0e:16:c9:d5:c5:ce:c0:
         fc:74:44:ef:73:44:b6:60:1f:b9:77:d4:62:d6:cd:23:42:dd:
         23:13:85:48:d9:39:12:e1:3b:11:cb:91:b7:09:c0:f3:7d:0e:
         2f:78:e8:e5:c2:3c:66:fe:57:cd:0d:fa:41:c9:1c:1e:3e:a1:
         2d:1b:47:a0:ba:ac:6a:0e:fe:f0:41:b2:a9:43:9b:06:0c:03:
         7c:42:93:58:65:50:c6:ff:5c:bc:36:d4:d9:f8:4f:bf:c4:d5:
         ec:a7:79:f8:86:4c:87:21:13:dc:77:81:c4:68:c5:e3:33:8f:
         9c:e9:6c:ce:e9:1b:06:f8:7d:6d:86:d4:19:71:40:a9:a1:8e:
         63:11:17:6c:92:f2:f5:85:f7:40:30:cf:a3:2a:a5:19:3c:06:
         72:5a:cd:93:c6:68:4e:b9:56:37:f8:be:f8:69:d0:d0:6d:39:
         b0:a1:40:00:fa:cd:78:ce:a7:b1:97:2d:5f:17:fa:80:c1:ce:
         16:97:1a:47:80:3b:2b:e7:55:c1:10:5a:88:27:fb:c1:04:df:
         fb:70:42:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcI6dkIZ+SLO45FwoS6+e4jGCZY8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDYwNjU2NDJaFw0yNjA2MDUwNzAxNDJaMDMxMTAvBgNV
BAMTKDNDNkY2MEE2N0I4RkYzMEJEMjNFNDM2NzkxQzkyMTQxQ0ZBRURCMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5LuOavndSfDbJBkftzr+RL01t
4VDOQKc8WzljFvOtQGbeH2yQg2JudPLp3XxOt0lfwQNntWGD+cf1yCDV1WFM/QHO
3pUbboznYdTtpMbuRvc+9FoP8flyLHqo9GR/pvgnryIL1p6ddublFJ8O1xAn4+I5
lwMrFaMzgWZoQEu5Oz1miFBAPWlE1nNgTQ14A7Hz6I5ll0KbYk96YtLdKjGVRvy0
3MKqYWLjkMcm3IIEUncAdPP9dQrVU3Gk/eN9CFsdPKueWNkcwacw1hmHWkh7hmHS
hLfSWqWvVEWJbbFvjBRpaQaJ5LqH4v9ICAETa209myv8rgGihdpTIcdCjqzvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPG9gpnuP8wvSPkNnkckhQc+u2xwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjxRW
MA0GCSqGSIb3DQEBCwUAA4IBAQBDiEaa4/nbTkLy0mnkONKech9c16XpAdC0ql7Q
Wx+jSvddHNTYxkYjEN5p/EfKrA4WydXFzsD8dETvc0S2YB+5d9Ri1s0jQt0jE4VI
2TkS4TsRy5G3CcDzfQ4veOjlwjxm/lfNDfpByRwePqEtG0eguqxqDv7wQbKpQ5sG
DAN8QpNYZVDG/1y8NtTZ+E+/xNXsp3n4hkyHIRPcd4HEaMXjM4+c6WzO6RsG+H1t
htQZcUCpoY5jERdskvL1hfdAMM+jKqUZPAZyWs2TxmhOuVY3+L74adDQbTmwoUAA
+s14zqexly1fF/qAwc4WlxpHgDsr51XBEFqIJ/vBBN/7cEJD
-----END CERTIFICATE-----