Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          yZgqSGaYqFhwHdINCswpuX7RDphL/xafzB3sTqmcNog=
Subject key identifier:   D5:5D:7A:14:2B:C8:12:28:EA:D4:7E:36:08:9E:5E:09:2F:98:8C:DA
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       389777EB812E239D474454FE6E7BB799F02DC75C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
Signing time:             Fri 06 Jun 2025 07:13:43 +0000
ROA not before:           Fri 06 Jun 2025 07:08:43 +0000
ROA not after:            Fri 05 Jun 2026 07:13:43 +0000
asID:                     135402
IP address blocks:        143.20.88.0/24 maxlen: 24
                          143.20.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:97:77:eb:81:2e:23:9d:47:44:54:fe:6e:7b:b7:99:f0:2d:c7:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  6 07:08:43 2025 GMT
            Not After : Jun  5 07:13:43 2026 GMT
        Subject: CN=D55D7A142BC81228EAD47E36089E5E092F988CDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5d:a2:03:d1:dc:aa:82:7c:04:1b:a1:d3:1b:
                    b1:c1:4e:0f:84:d6:59:a7:0f:8b:8b:84:ad:29:f6:
                    1f:e8:45:82:ba:92:89:45:df:16:fd:64:2a:17:0e:
                    93:6f:05:9d:38:da:3e:a9:57:a6:b3:23:73:7f:dd:
                    d9:64:40:2b:2e:98:f2:58:6f:c1:fb:fe:ac:a3:fa:
                    f7:87:c7:b0:68:dd:12:5d:5f:a5:f9:21:de:c6:4e:
                    00:f5:e6:4f:38:38:1b:9d:21:20:0d:65:52:b9:67:
                    7b:e0:b1:c4:29:e7:a7:13:7b:19:80:9a:12:79:c2:
                    68:3c:b8:69:23:66:23:1e:5f:6e:83:29:13:45:6b:
                    8a:c2:0c:81:15:5a:4a:9a:b0:6e:6b:49:24:99:9b:
                    33:1e:a8:7b:16:81:31:70:e5:e9:5e:99:d3:af:7e:
                    e1:fe:a0:08:fa:3f:e4:4e:99:d3:7d:aa:ba:bc:d7:
                    05:ef:2d:4f:78:94:1e:43:0b:c3:f9:9a:75:c4:92:
                    75:44:0b:75:39:a0:99:e1:b0:26:bb:9f:1d:93:02:
                    f3:ca:89:c7:d9:c1:db:d7:0b:40:33:a7:7d:3e:82:
                    86:43:67:74:8c:46:bb:32:9d:e1:77:e2:8b:0f:c8:
                    06:76:97:a4:1c:f4:9a:f0:c9:40:d8:d2:22:55:90:
                    cc:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:5D:7A:14:2B:C8:12:28:EA:D4:7E:36:08:9E:5E:09:2F:98:8C:DA
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.88.0/24
                  143.20.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:b4:41:30:d0:4e:20:8e:80:3e:64:8d:29:02:67:59:de:1c:
         91:ba:46:10:c1:40:b7:72:bf:d6:94:0b:ea:e0:5c:5a:44:41:
         e7:cf:0b:bb:da:a9:cb:d8:03:36:e2:b1:54:9a:a2:6b:01:82:
         ab:bc:b5:92:26:63:ff:b3:34:a1:f1:42:28:1f:24:87:22:76:
         3a:7e:e7:38:be:df:4b:8a:b0:6b:ee:8c:97:74:e3:85:c3:c1:
         66:11:58:3d:22:b6:c8:e6:d4:80:b4:4d:c1:54:1b:98:de:6b:
         91:fe:ce:77:99:68:d6:f9:23:f8:fc:b7:14:e6:3f:b3:de:4e:
         82:d1:89:0b:e4:ea:7f:2f:4e:df:ae:f8:c3:48:49:b1:d5:71:
         5d:5c:72:46:a7:00:78:d4:ea:da:58:3a:df:0b:82:17:44:b5:
         e7:c6:55:e3:52:0b:28:74:22:9a:5b:8a:df:7c:58:4d:6d:ed:
         27:3b:d4:68:81:8c:6e:5a:de:f0:53:d0:57:75:6a:a8:83:3c:
         b3:29:5b:86:db:9b:4c:8d:ad:73:91:a9:06:1c:5c:8f:1d:ad:
         4b:ac:6a:e7:8a:f9:32:b2:47:c8:49:e0:cc:78:1d:25:5d:25:
         b0:ed:f5:d2:f7:dc:7e:45:9d:9b:ed:e7:48:dc:39:f7:8d:c2:
         9e:1e:59:f6
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUOJd364EuI51HRFT+bnu3mfAtx1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDYwNzA4NDNaFw0yNjA2MDUwNzEzNDNaMDMxMTAvBgNV
BAMTKEQ1NUQ3QTE0MkJDODEyMjhFQUQ0N0UzNjA4OUU1RTA5MkY5ODhDREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdXaID0dyqgnwEG6HTG7HBTg+E
1lmnD4uLhK0p9h/oRYK6kolF3xb9ZCoXDpNvBZ042j6pV6azI3N/3dlkQCsumPJY
b8H7/qyj+veHx7Bo3RJdX6X5Id7GTgD15k84OBudISANZVK5Z3vgscQp56cTexmA
mhJ5wmg8uGkjZiMeX26DKRNFa4rCDIEVWkqasG5rSSSZmzMeqHsWgTFw5elemdOv
fuH+oAj6P+ROmdN9qrq81wXvLU94lB5DC8P5mnXEknVEC3U5oJnhsCa7nx2TAvPK
icfZwdvXC0Azp30+goZDZ3SMRrsyneF34osPyAZ2l6Qc9JrwyUDY0iJVkMzzAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU1V16FCvIEijq1H42CJ5eCS+YjNowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRY
AwQAjxRgMA0GCSqGSIb3DQEBCwUAA4IBAQAvtEEw0E4gjoA+ZI0pAmdZ3hyRukYQ
wUC3cr/WlAvq4FxaREHnzwu72qnL2AM24rFUmqJrAYKrvLWSJmP/szSh8UIoHySH
InY6fuc4vt9LirBr7oyXdOOFw8FmEVg9IrbI5tSAtE3BVBuY3muR/s53mWjW+SP4
/LcU5j+z3k6C0YkL5Op/L07frvjDSEmx1XFdXHJGpwB41OraWDrfC4IXRLXnxlXj
UgsodCKaW4rffFhNbe0nO9RogYxuWt7wU9BXdWqogzyzKVuG25tMja1zkakGHFyP
Ha1LrGrnivkyskfISeDMeB0lXSWw7fXS99x+RZ2b7edI3Dn3jcKeHln2
-----END CERTIFICATE-----