Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151338.roa
File:                     AS151338.roa (raw, json)
Hash identifier:          JNvlKTvJ3O/dkgN7ngQ8Pu4bkR1CabRaG3t7fj8as6g=
Subject key identifier:   74:D7:F9:6F:8E:6D:27:C4:E7:5D:AD:A1:6A:34:00:8F:A3:F3:82:EA
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       288407262D090C96FA17172D16096CADA9C9E99F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151338.roa
Signing time:             Thu 05 Jun 2025 17:39:50 +0000
ROA not before:           Thu 05 Jun 2025 17:34:50 +0000
ROA not after:            Thu 04 Jun 2026 17:39:50 +0000
asID:                     151338
IP address blocks:        143.20.143.0/24 maxlen: 24
                          143.20.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:84:07:26:2d:09:0c:96:fa:17:17:2d:16:09:6c:ad:a9:c9:e9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:50 2025 GMT
            Not After : Jun  4 17:39:50 2026 GMT
        Subject: CN=74D7F96F8E6D27C4E75DADA16A34008FA3F382EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:63:9c:50:b1:0a:84:93:85:d4:cd:f4:68:fd:
                    d7:ed:55:89:36:bb:12:44:9f:c0:d1:07:ad:09:33:
                    f8:17:90:b6:0c:4c:12:31:48:34:d5:95:71:18:4b:
                    10:50:24:67:9d:b3:aa:25:2c:08:df:7b:3f:f4:67:
                    3c:4b:c6:aa:ca:c7:db:46:0e:21:3c:b6:1b:f8:99:
                    ae:2e:e0:3c:4a:a8:bf:86:13:61:b7:1c:d3:aa:86:
                    ff:06:df:d7:2c:07:ad:cd:56:de:26:95:25:1d:c1:
                    ea:de:39:75:b2:8c:d1:76:e5:2b:1e:e7:70:03:01:
                    b2:6b:06:9f:e3:74:2a:95:8e:8e:ad:37:18:32:99:
                    a0:f1:08:f5:c5:3c:83:39:fd:fc:ce:5d:6f:9e:0f:
                    cd:45:57:b0:50:56:93:e6:4f:42:c9:21:62:5c:7c:
                    05:98:19:95:60:e9:e1:9c:57:3a:a6:18:ce:87:d7:
                    7c:7b:aa:36:0c:dd:5a:2c:f8:a8:44:a7:ad:bb:df:
                    f2:e7:96:a2:b2:b3:27:f7:f3:2d:7c:51:bb:f2:d1:
                    5b:8e:c9:7b:fb:47:c1:2d:53:e7:9c:78:49:aa:6d:
                    f9:84:bf:02:70:80:a1:27:82:6f:29:ca:dd:43:53:
                    3b:04:5a:b9:bd:ae:f5:2d:49:28:a0:9b:f9:a5:af:
                    76:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D7:F9:6F:8E:6D:27:C4:E7:5D:AD:A1:6A:34:00:8F:A3:F3:82:EA
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.143.0/24
                  143.20.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:ff:5c:97:c9:e5:93:8f:04:0e:ed:51:bd:ef:75:ef:e4:b7:
         6b:08:79:ca:93:18:d0:17:f9:3a:ea:62:ec:81:5a:d2:f6:92:
         62:f9:aa:95:62:93:98:c5:da:35:13:33:f5:25:f2:37:c7:b0:
         2a:54:a6:4c:66:22:ea:b5:cc:e9:c3:c7:dc:91:91:48:8f:a1:
         f8:83:ad:7c:c2:d4:60:75:33:4a:8e:34:25:16:f6:d0:31:84:
         cb:8d:94:a3:60:b2:40:59:f9:b9:ac:3d:e3:5f:f3:5c:a0:bf:
         29:b7:9c:b9:4a:c3:fc:78:a7:fd:69:f4:ab:89:3d:da:07:5e:
         e2:08:4c:d8:00:e9:fe:6b:83:6b:28:e1:87:1b:ed:77:a8:fd:
         47:6c:b2:19:e9:96:76:81:f5:8f:8e:12:01:7e:9e:d6:b6:47:
         42:76:3f:5e:4f:01:85:5e:f8:d7:cc:9f:00:73:e5:2c:8b:bb:
         1e:fa:01:72:bd:12:96:2d:a5:8d:6f:00:3f:c3:3b:f4:01:aa:
         a8:b3:db:a3:d1:32:ef:71:d2:03:41:2b:f5:d5:da:32:ae:55:
         a9:42:d6:10:37:81:b6:ca:9e:b9:42:4e:58:ef:01:46:c8:be:
         5c:c4:b8:f1:c0:e9:56:9e:69:c5:e7:ff:5b:ac:3f:2e:46:72:
         11:15:21:2f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKIQHJi0JDJb6FxctFglsranJ6Z8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTBaFw0yNjA2MDQxNzM5NTBaMDMxMTAvBgNV
BAMTKDc0RDdGOTZGOEU2RDI3QzRFNzVEQURBMTZBMzQwMDhGQTNGMzgyRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLY5xQsQqEk4XUzfRo/dftVYk2
uxJEn8DRB60JM/gXkLYMTBIxSDTVlXEYSxBQJGeds6olLAjfez/0ZzxLxqrKx9tG
DiE8thv4ma4u4DxKqL+GE2G3HNOqhv8G39csB63NVt4mlSUdwereOXWyjNF25Sse
53ADAbJrBp/jdCqVjo6tNxgymaDxCPXFPIM5/fzOXW+eD81FV7BQVpPmT0LJIWJc
fAWYGZVg6eGcVzqmGM6H13x7qjYM3Vos+KhEp6273/LnlqKysyf38y18Ubvy0VuO
yXv7R8EtU+eceEmqbfmEvwJwgKEngm8pyt1DUzsEWrm9rvUtSSigm/mlr3YRAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUdNf5b45tJ8TnXa2hajQAj6PzguowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUxMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxSP
AwQAjxSyMA0GCSqGSIb3DQEBCwUAA4IBAQAf/1yXyeWTjwQO7VG973Xv5LdrCHnK
kxjQF/k66mLsgVrS9pJi+aqVYpOYxdo1EzP1JfI3x7AqVKZMZiLqtczpw8fckZFI
j6H4g618wtRgdTNKjjQlFvbQMYTLjZSjYLJAWfm5rD3jX/NcoL8pt5y5SsP8eKf9
afSriT3aB17iCEzYAOn+a4NrKOGHG+13qP1HbLIZ6ZZ2gfWPjhIBfp7WtkdCdj9e
TwGFXvjXzJ8Ac+Usi7se+gFyvRKWLaWNbwA/wzv0Aaqos9uj0TLvcdIDQSv11doy
rlWpQtYQN4G2yp65Qk5Y7wFGyL5cxLjxwOlWnmnF5/9brD8uRnIRFSEv
-----END CERTIFICATE-----