Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          gOtuRq3yxC8Aj5+AJeqNYxXH/Y3bnK2YiQ5VmWq5+jo=
Subject key identifier:   57:28:CC:89:56:73:55:12:90:C4:97:1D:AA:7B:C4:A2:0D:72:68:68
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5C25CE88E2302726A75A083A1023BA3E903B9281
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
Signing time:             Tue 26 Aug 2025 03:59:44 +0000
ROA not before:           Tue 26 Aug 2025 03:54:44 +0000
ROA not after:            Tue 25 Aug 2026 03:59:44 +0000
asID:                     137235
IP address blocks:        143.20.74.0/24 maxlen: 24
                          143.20.89.0/24 maxlen: 24
                          143.20.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:25:ce:88:e2:30:27:26:a7:5a:08:3a:10:23:ba:3e:90:3b:92:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 26 03:54:44 2025 GMT
            Not After : Aug 25 03:59:44 2026 GMT
        Subject: CN=5728CC895673551290C4971DAA7BC4A20D726868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c7:58:54:17:9e:de:50:d1:24:35:15:3f:65:
                    d7:33:1c:e9:87:f0:64:ce:5c:c0:f1:1e:08:c1:29:
                    53:aa:9f:4d:ff:33:d3:da:d2:ac:74:15:0d:1f:58:
                    2f:64:eb:7b:2d:e7:54:5a:f6:1d:c0:f7:34:f4:dc:
                    b4:42:6e:61:ef:35:67:32:de:f7:4e:40:85:db:56:
                    a9:00:77:30:1e:04:e9:34:67:75:02:d9:1e:26:5e:
                    54:b5:3d:14:7e:33:49:08:d2:c9:83:a7:df:22:85:
                    28:13:49:50:15:51:b2:70:ca:2a:17:93:0c:1f:11:
                    71:52:f6:55:0f:09:08:82:73:d2:9e:1f:ac:0e:3f:
                    37:3a:28:f4:bf:14:34:a2:6a:72:94:b7:7e:5f:53:
                    3d:7e:80:46:08:ad:bc:ab:ce:72:35:96:e2:f2:47:
                    92:ad:3c:a2:c4:65:35:3b:1a:f6:4d:81:4e:74:44:
                    a4:15:78:ed:d4:35:1b:91:29:87:2b:cc:96:ff:25:
                    bd:c3:ea:27:b1:cf:e2:3c:9b:e1:3f:e4:1e:43:77:
                    83:24:7c:0c:11:4b:54:6a:4c:75:ec:5d:24:ee:55:
                    be:81:46:dd:ff:9a:77:23:29:62:ac:05:74:a1:82:
                    c0:eb:d0:d1:99:37:a8:a6:f9:82:7e:fb:75:56:40:
                    3f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:28:CC:89:56:73:55:12:90:C4:97:1D:AA:7B:C4:A2:0D:72:68:68
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.74.0/24
                  143.20.89.0/24
                  143.20.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:41:37:1e:51:b1:6c:31:b7:88:75:fb:03:6f:ea:db:8f:fb:
         fc:23:c7:32:a2:5a:86:d9:ec:8e:cf:9c:69:08:75:19:dc:b1:
         72:8d:1b:b7:ed:da:29:f2:79:3c:11:3e:41:a5:89:fd:ef:b6:
         f0:b8:60:29:21:6c:28:c5:b8:ee:0c:c5:18:be:de:6c:77:e0:
         e5:1c:16:8e:8d:3e:bc:95:76:4b:5c:1b:13:e3:5c:12:e4:54:
         ba:7e:04:c8:28:a2:ad:a4:57:35:67:b1:3b:0a:7a:cd:a7:bc:
         9f:ec:08:90:b9:67:f0:c7:6b:ed:ff:86:f6:69:ba:20:c8:cf:
         a1:fa:ed:99:64:0b:0d:2d:be:db:a0:19:d6:2f:c4:67:46:53:
         a1:71:f7:c1:71:4d:4c:fb:e8:6c:4c:d5:88:d5:97:6c:8d:54:
         a0:02:b4:59:50:47:5b:6c:67:3b:c3:d2:5a:83:1d:c7:3c:60:
         b0:0a:88:95:36:4d:e8:f8:4e:98:1c:e0:bb:41:ca:b8:7a:07:
         cd:75:44:53:67:71:40:c9:eb:a9:fc:46:1f:87:b0:88:97:55:
         f4:f8:4f:5a:39:56:65:8e:ae:91:fa:e4:ee:79:2c:f4:1f:03:
         3a:22:af:af:fd:31:50:ea:63:0b:dc:5c:d4:89:ee:f7:5d:4c:
         21:74:48:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUXCXOiOIwJyanWgg6ECO6PpA7koEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MjYwMzU0NDRaFw0yNjA4MjUwMzU5NDRaMDMxMTAvBgNV
BAMTKDU3MjhDQzg5NTY3MzU1MTI5MEM0OTcxREFBN0JDNEEyMEQ3MjY4NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPx1hUF57eUNEkNRU/ZdczHOmH
8GTOXMDxHgjBKVOqn03/M9Pa0qx0FQ0fWC9k63st51Ra9h3A9zT03LRCbmHvNWcy
3vdOQIXbVqkAdzAeBOk0Z3UC2R4mXlS1PRR+M0kI0smDp98ihSgTSVAVUbJwyioX
kwwfEXFS9lUPCQiCc9KeH6wOPzc6KPS/FDSianKUt35fUz1+gEYIrbyrznI1luLy
R5KtPKLEZTU7GvZNgU50RKQVeO3UNRuRKYcrzJb/Jb3D6iexz+I8m+E/5B5Dd4Mk
fAwRS1RqTHXsXSTuVb6BRt3/mncjKWKsBXShgsDr0NGZN6im+YJ++3VWQD/dAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUVyjMiVZzVRKQxJcdqnvEog1yaGgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxRK
AwQAjxRZAwQAjxRiMA0GCSqGSIb3DQEBCwUAA4IBAQBEQTceUbFsMbeIdfsDb+rb
j/v8I8cyolqG2eyOz5xpCHUZ3LFyjRu37dop8nk8ET5BpYn977bwuGApIWwoxbju
DMUYvt5sd+DlHBaOjT68lXZLXBsT41wS5FS6fgTIKKKtpFc1Z7E7CnrNp7yf7AiQ
uWfwx2vt/4b2abogyM+h+u2ZZAsNLb7boBnWL8RnRlOhcffBcU1M++hsTNWI1Zds
jVSgArRZUEdbbGc7w9Jagx3HPGCwCoiVNk3o+E6YHOC7Qcq4egfNdURTZ3FAyeup
/EYfh7CIl1X0+E9aOVZljq6R+uTueSz0HwM6Iq+v/TFQ6mML3FzUie73XUwhdEhc
-----END CERTIFICATE-----