Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          PFUVGN+YWaaG+pLEy3vd77vb+rUuoNdy9d7QZAbFXGw=
Subject key identifier:   21:20:7A:79:2D:48:A2:0A:DB:2D:71:D1:91:D5:1A:49:F6:ED:A0:DE
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       34B66DAB107466C1BDC9646218A6E4097964F45C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
Signing time:             Fri 06 Jun 2025 07:13:06 +0000
ROA not before:           Fri 06 Jun 2025 07:08:06 +0000
ROA not after:            Fri 05 Jun 2026 07:13:06 +0000
asID:                     137235
IP address blocks:        143.20.89.0/24 maxlen: 24
                          143.20.98.0/24 maxlen: 24
                          143.20.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:b6:6d:ab:10:74:66:c1:bd:c9:64:62:18:a6:e4:09:79:64:f4:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  6 07:08:06 2025 GMT
            Not After : Jun  5 07:13:06 2026 GMT
        Subject: CN=21207A792D48A20ADB2D71D191D51A49F6EDA0DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4e:69:5f:fc:3a:d4:0f:34:39:02:d3:c8:c9:
                    84:88:b2:95:3d:5a:7f:0c:1d:bc:6f:6d:8f:75:dd:
                    63:db:f9:89:57:ba:80:84:8f:07:39:9c:e8:b0:43:
                    77:14:d0:8e:59:17:7b:83:4e:af:89:2c:79:76:62:
                    1a:43:fa:37:28:59:b0:2b:99:f9:2e:28:37:2c:17:
                    32:2c:3c:6c:8e:7d:45:46:ca:72:d8:19:8c:a7:5f:
                    6e:65:39:8a:0c:6e:54:c6:39:f5:f9:82:d8:d4:91:
                    97:f6:1e:25:42:d1:c7:ff:9c:6d:40:c5:98:f5:8d:
                    94:68:a6:ed:12:da:ff:d4:c3:23:02:b1:33:d3:01:
                    cd:67:6e:4b:94:a7:f9:55:43:8c:18:1f:e8:df:c4:
                    b5:dd:50:c6:b0:1d:2d:7c:53:ca:61:35:0a:a2:f4:
                    16:71:23:ed:4d:66:a8:54:86:ac:7a:c5:b9:31:66:
                    30:cf:57:f2:79:b2:88:be:d1:fe:0a:d2:92:a2:fa:
                    d4:7d:e3:61:a0:4e:1c:b2:34:f0:ad:ba:6f:46:93:
                    7c:5a:4e:cd:3a:ac:81:b0:a5:57:e6:3d:94:3a:5e:
                    b6:32:85:0e:4a:fb:a6:eb:fd:de:8c:d4:09:2e:e1:
                    d1:85:71:c6:8d:96:71:85:88:44:27:a3:3d:4e:16:
                    b8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:20:7A:79:2D:48:A2:0A:DB:2D:71:D1:91:D5:1A:49:F6:ED:A0:DE
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.89.0/24
                  143.20.98.0/24
                  143.20.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:70:9b:1b:5d:c7:83:eb:be:b3:62:94:6d:cd:34:79:a2:a9:
         8f:0e:ac:a2:84:1c:36:b2:6c:53:2a:94:46:7c:b0:3e:c4:72:
         d4:1a:af:64:a5:cf:89:ab:51:d8:b4:3d:c3:c9:7d:53:78:e4:
         41:fb:ca:d8:9a:aa:5a:26:64:ce:dd:d9:d4:0a:aa:60:60:ad:
         9b:05:0a:17:eb:38:75:eb:7e:88:4b:65:b6:65:84:f8:b9:b6:
         b3:9a:dc:e8:4b:84:af:be:fd:58:c2:80:88:34:0c:5e:4d:b3:
         c4:3b:f3:43:40:6c:e7:bd:39:f7:26:f9:68:86:c7:64:00:b1:
         81:a2:b5:87:b5:cd:f5:ac:3a:ad:91:3d:6e:f3:c2:27:99:08:
         bd:ec:40:1f:d7:44:63:e9:7a:f8:b7:82:5e:89:21:21:a0:8c:
         ca:6f:7a:f9:a4:9e:dd:31:62:fd:55:ec:51:52:5d:bb:80:23:
         e7:64:fd:34:9f:66:e8:da:1a:40:86:15:29:ab:2d:82:19:4e:
         34:80:c6:ac:46:31:96:f4:6a:61:7f:00:7c:eb:ae:1f:03:6d:
         c6:9e:a1:92:82:75:eb:63:dd:98:e1:3d:66:93:cc:0e:03:c1:
         e0:42:39:66:2e:90:cd:ca:05:62:07:d4:ee:28:14:74:6d:15:
         b8:e7:fa:d3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUNLZtqxB0ZsG9yWRiGKbkCXlk9FwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDYwNzA4MDZaFw0yNjA2MDUwNzEzMDZaMDMxMTAvBgNV
BAMTKDIxMjA3QTc5MkQ0OEEyMEFEQjJENzFEMTkxRDUxQTQ5RjZFREEwREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNTmlf/DrUDzQ5AtPIyYSIspU9
Wn8MHbxvbY913WPb+YlXuoCEjwc5nOiwQ3cU0I5ZF3uDTq+JLHl2YhpD+jcoWbAr
mfkuKDcsFzIsPGyOfUVGynLYGYynX25lOYoMblTGOfX5gtjUkZf2HiVC0cf/nG1A
xZj1jZRopu0S2v/UwyMCsTPTAc1nbkuUp/lVQ4wYH+jfxLXdUMawHS18U8phNQqi
9BZxI+1NZqhUhqx6xbkxZjDPV/J5soi+0f4K0pKi+tR942GgThyyNPCtum9Gk3xa
Ts06rIGwpVfmPZQ6XrYyhQ5K+6br/d6M1Aku4dGFccaNlnGFiEQnoz1OFrhPAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUISB6eS1IogrbLXHRkdUaSfbtoN4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxRZ
AwQAjxRiAwQAjxTOMA0GCSqGSIb3DQEBCwUAA4IBAQB0cJsbXceD676zYpRtzTR5
oqmPDqyihBw2smxTKpRGfLA+xHLUGq9kpc+Jq1HYtD3DyX1TeORB+8rYmqpaJmTO
3dnUCqpgYK2bBQoX6zh1636IS2W2ZYT4ubazmtzoS4Svvv1YwoCINAxeTbPEO/ND
QGznvTn3JvlohsdkALGBorWHtc31rDqtkT1u88InmQi97EAf10Rj6Xr4t4JeiSEh
oIzKb3r5pJ7dMWL9VexRUl27gCPnZP00n2bo2hpAhhUpqy2CGU40gMasRjGW9Gph
fwB8664fA23GnqGSgnXrY92Y4T1mk8wOA8HgQjlmLpDNygViB9TuKBR0bRW45/rT
-----END CERTIFICATE-----