Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS136501.roa
File:                     AS136501.roa (raw, json)
Hash identifier:          WHoAArKL0txITLsERN8nK9QgIsu59FqOzWoY8PFwGgE=
Subject key identifier:   CF:ED:88:7E:25:9D:D2:BE:E1:3D:58:D2:68:C4:48:5A:F9:9D:CD:3D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3C045C977C8FEAA3A0551E1B30C20493F6C1882F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS136501.roa
Signing time:             Thu 05 Jun 2025 17:39:51 +0000
ROA not before:           Thu 05 Jun 2025 17:34:51 +0000
ROA not after:            Thu 04 Jun 2026 17:39:51 +0000
asID:                     136501
IP address blocks:        143.20.143.0/24 maxlen: 24
                          143.20.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:04:5c:97:7c:8f:ea:a3:a0:55:1e:1b:30:c2:04:93:f6:c1:88:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:51 2025 GMT
            Not After : Jun  4 17:39:51 2026 GMT
        Subject: CN=CFED887E259DD2BEE13D58D268C4485AF99DCD3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d6:66:3c:29:82:e1:9c:72:ec:78:db:08:89:
                    d3:d7:23:e5:b4:8a:38:0f:7a:5f:24:dc:50:f8:be:
                    67:f3:c6:84:86:cd:97:1c:0d:37:4a:cf:c5:9c:01:
                    47:6e:c5:a5:a7:1f:8f:f0:80:e8:1c:02:40:56:db:
                    d3:85:e4:d6:ca:c6:f3:50:23:a2:8b:05:54:12:4e:
                    0f:07:e4:05:b0:22:bf:4a:e8:b0:c4:f7:c4:0f:af:
                    d0:ff:34:7c:52:1e:01:4d:31:07:02:34:9d:ca:00:
                    80:6f:c2:84:5e:9c:11:5b:6c:f7:e1:91:0c:66:d0:
                    15:8a:c4:61:9a:8a:d8:d0:55:63:0d:29:42:01:75:
                    4e:53:9c:7a:40:6b:ce:ba:a1:a4:4f:a0:47:23:37:
                    84:f4:62:50:a1:c9:ce:48:6a:07:5c:3a:5f:a3:2e:
                    f2:f0:e5:e8:7c:f9:0c:8f:16:91:6c:6b:7d:f0:b5:
                    5f:4c:69:17:b5:91:5d:d9:a8:01:2c:b6:7e:a8:53:
                    4e:b4:4e:2c:f0:d3:6b:07:c4:b7:43:d5:27:7b:51:
                    85:14:fc:84:a8:e8:00:f2:71:c4:b1:6b:fe:3b:23:
                    c0:8f:53:88:38:5b:d2:c8:a9:46:40:51:2b:b9:95:
                    e4:f7:15:4a:59:8a:d2:5a:a8:f2:1a:9f:f4:aa:48:
                    7e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:ED:88:7E:25:9D:D2:BE:E1:3D:58:D2:68:C4:48:5A:F9:9D:CD:3D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS136501.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.143.0/24
                  143.20.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:2b:92:35:32:55:89:b5:d1:46:46:d0:6f:82:dc:5f:d1:97:
         76:b8:d2:94:e5:2a:46:8e:11:04:84:df:da:6b:dc:fb:de:98:
         22:55:14:18:5f:38:58:91:93:2e:73:3a:5f:b9:4c:60:f3:7f:
         67:8d:6b:ca:42:6d:25:e2:c7:8f:23:0a:c8:3f:d3:ac:a6:b6:
         2b:e7:0b:12:ca:14:a6:30:ba:47:11:a1:37:1b:49:04:08:a8:
         b9:8c:26:46:d7:5f:e7:e4:09:24:f3:3c:23:73:08:76:e9:80:
         8c:3d:71:83:65:80:7a:b8:0b:18:73:c7:52:6e:3e:3c:7f:c6:
         2d:43:3c:3a:d4:ae:a4:c2:a9:46:aa:7c:60:25:72:da:7d:ed:
         8d:37:9e:df:37:95:c6:c6:00:a9:76:9e:3f:98:9e:e7:0c:5c:
         be:aa:65:92:1a:cf:f5:2c:75:12:5f:44:b2:b3:cb:45:a0:7b:
         b1:58:93:f9:6f:fa:19:db:b5:27:59:64:5f:c4:24:ee:3e:02:
         46:6f:34:da:a5:74:ed:1a:3f:0b:1d:a2:7c:82:17:a8:04:46:
         bd:16:e8:2f:20:c3:31:6f:40:a4:93:4a:48:62:cb:50:a8:f0:
         0f:5b:c1:0f:1e:6e:9d:a5:c0:f0:c5:f8:a9:97:ce:6d:29:78:
         6c:89:1b:f2
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUPARcl3yP6qOgVR4bMMIEk/bBiC8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTFaFw0yNjA2MDQxNzM5NTFaMDMxMTAvBgNV
BAMTKENGRUQ4ODdFMjU5REQyQkVFMTNENThEMjY4QzQ0ODVBRjk5RENEM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq1mY8KYLhnHLseNsIidPXI+W0
ijgPel8k3FD4vmfzxoSGzZccDTdKz8WcAUduxaWnH4/wgOgcAkBW29OF5NbKxvNQ
I6KLBVQSTg8H5AWwIr9K6LDE98QPr9D/NHxSHgFNMQcCNJ3KAIBvwoRenBFbbPfh
kQxm0BWKxGGaitjQVWMNKUIBdU5TnHpAa866oaRPoEcjN4T0YlChyc5IagdcOl+j
LvLw5eh8+QyPFpFsa33wtV9MaRe1kV3ZqAEstn6oU060Tizw02sHxLdD1Sd7UYUU
/ISo6ADyccSxa/47I8CPU4g4W9LIqUZAUSu5leT3FUpZitJaqPIan/SqSH4HAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUz+2IfiWd0r7hPVjSaMRIWvmdzT0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM2NTAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxSP
AwQAjxSyMA0GCSqGSIb3DQEBCwUAA4IBAQB1K5I1MlWJtdFGRtBvgtxf0Zd2uNKU
5SpGjhEEhN/aa9z73pgiVRQYXzhYkZMuczpfuUxg839njWvKQm0l4sePIwrIP9Os
prYr5wsSyhSmMLpHEaE3G0kECKi5jCZG11/n5Akk8zwjcwh26YCMPXGDZYB6uAsY
c8dSbj48f8YtQzw61K6kwqlGqnxgJXLafe2NN57fN5XGxgCpdp4/mJ7nDFy+qmWS
Gs/1LHUSX0Sys8tFoHuxWJP5b/oZ27UnWWRfxCTuPgJGbzTapXTtGj8LHaJ8gheo
BEa9FugvIMMxb0Ckk0pIYstQqPAPW8EPHm6dpcDwxfipl85tKXhsiRvy
-----END CERTIFICATE-----