Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa
File:                     AS152868.roa (raw, json)
Hash identifier:          /mV+10ncnBGSfc+TDiQvNOwcNFyZ/0ZyOdOxlxLm3As=
Subject key identifier:   5A:65:CF:22:63:B7:BB:78:C1:7E:A6:F7:AE:32:E8:18:26:42:46:22
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       109ED042804F9C1106DD7D573D6F85B0430AC38A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa
Signing time:             Thu 03 Jul 2025 11:57:40 +0000
ROA not before:           Thu 03 Jul 2025 11:52:40 +0000
ROA not after:            Thu 02 Jul 2026 11:57:40 +0000
asID:                     152868
IP address blocks:        143.20.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 10:36:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:9e:d0:42:80:4f:9c:11:06:dd:7d:57:3d:6f:85:b0:43:0a:c3:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jul  3 11:52:40 2025 GMT
            Not After : Jul  2 11:57:40 2026 GMT
        Subject: CN=5A65CF2263B7BB78C17EA6F7AE32E81826424622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:84:f5:d7:27:67:e1:af:73:d2:64:f9:f2:86:
                    fc:e0:39:88:ca:80:c8:5f:6c:38:7a:11:93:3d:5c:
                    a6:dd:c7:90:65:c4:08:52:5d:96:72:60:f0:2c:9f:
                    82:6e:63:9e:1a:6b:d1:c1:fe:af:e7:df:d4:3f:4e:
                    25:47:5d:3a:88:53:00:5c:45:c4:be:cf:69:ce:a9:
                    1c:83:9b:c9:71:16:d6:a7:fc:ed:eb:67:20:28:b1:
                    1d:11:85:20:04:f9:eb:16:69:84:5a:e7:77:2f:a6:
                    50:1c:b9:6c:d2:d3:79:44:79:b3:df:94:62:c9:9a:
                    38:06:d3:4d:db:60:bc:74:1d:76:ff:0b:18:ac:e8:
                    5f:fb:2b:58:1b:cd:a2:00:bb:d4:64:a6:17:7e:ea:
                    e9:5b:5c:cb:8c:38:79:04:a8:65:b3:32:78:f0:76:
                    21:77:5e:23:3e:1f:70:b3:e1:c6:9e:74:00:80:41:
                    96:55:ca:72:97:38:a9:0c:13:e3:a7:d4:6e:00:33:
                    2f:77:0a:f1:d0:4e:ff:cd:c6:7d:87:14:62:68:5a:
                    32:df:d1:57:91:50:b7:60:5a:e3:52:21:75:35:65:
                    eb:6d:37:29:19:b4:77:dc:71:20:fe:14:53:aa:8f:
                    f7:ea:90:92:ff:c2:3c:17:07:08:3f:11:25:42:6c:
                    05:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:65:CF:22:63:B7:BB:78:C1:7E:A6:F7:AE:32:E8:18:26:42:46:22
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:98:3e:86:9e:c5:1a:3c:73:e6:17:54:33:63:8b:74:14:e0:
         f6:9d:bb:c3:0e:78:32:6e:c6:1e:cd:24:fb:cd:f6:eb:2c:1f:
         e5:07:db:62:3c:fc:50:6f:12:c5:1a:bb:7a:78:b3:ff:5f:d9:
         80:ea:8e:47:16:5f:3b:a0:fa:75:e8:49:ff:4c:49:c5:e1:7c:
         b8:96:10:4a:15:04:29:b0:e2:82:4c:98:3d:51:f7:d2:0b:c5:
         dd:9a:28:a0:cd:f4:0e:b3:52:ec:8f:4b:5d:4c:81:31:81:0c:
         aa:ff:8d:9e:2b:c9:08:21:fc:96:1b:35:85:04:6e:ac:ba:dd:
         c2:4a:ee:ee:14:b6:d2:c9:45:da:78:88:68:dd:7c:e3:79:7f:
         c3:1f:b5:a2:0e:1e:3d:44:00:15:93:f9:6a:ae:d1:4e:70:46:
         b3:6d:4b:2e:f1:1d:6f:fc:e3:75:3d:5d:93:17:6b:93:06:76:
         42:b0:b2:1c:ae:b6:2c:0e:6f:65:24:57:21:f6:b6:bd:31:59:
         09:80:1a:43:79:61:4c:f9:e7:9c:12:98:6f:05:a4:0c:03:8f:
         5d:f0:e6:65:c3:32:48:25:f0:5e:3c:cf:85:f9:c9:70:76:58:
         50:a6:eb:2a:1b:d0:87:85:f7:44:50:7e:c9:66:e6:d7:dc:f2:
         6b:e7:45:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEJ7QQoBPnBEG3X1XPW+FsEMKw4owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MDMxMTUyNDBaFw0yNjA3MDIxMTU3NDBaMDMxMTAvBgNV
BAMTKDVBNjVDRjIyNjNCN0JCNzhDMTdFQTZGN0FFMzJFODE4MjY0MjQ2MjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUhPXXJ2fhr3PSZPnyhvzgOYjK
gMhfbDh6EZM9XKbdx5BlxAhSXZZyYPAsn4JuY54aa9HB/q/n39Q/TiVHXTqIUwBc
RcS+z2nOqRyDm8lxFtan/O3rZyAosR0RhSAE+esWaYRa53cvplAcuWzS03lEebPf
lGLJmjgG003bYLx0HXb/Cxis6F/7K1gbzaIAu9Rkphd+6ulbXMuMOHkEqGWzMnjw
diF3XiM+H3Cz4caedACAQZZVynKXOKkME+On1G4AMy93CvHQTv/Nxn2HFGJoWjLf
0VeRULdgWuNSIXU1ZettNykZtHfccSD+FFOqj/fqkJL/wjwXBwg/ESVCbAW9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWmXPImO3u3jBfqb3rjLoGCZCRiIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUyODY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQv
MA0GCSqGSIb3DQEBCwUAA4IBAQBHmD6GnsUaPHPmF1QzY4t0FOD2nbvDDngybsYe
zST7zfbrLB/lB9tiPPxQbxLFGrt6eLP/X9mA6o5HFl87oPp16En/TEnF4Xy4lhBK
FQQpsOKCTJg9UffSC8XdmiigzfQOs1Lsj0tdTIExgQyq/42eK8kIIfyWGzWFBG6s
ut3CSu7uFLbSyUXaeIho3XzjeX/DH7WiDh49RAAVk/lqrtFOcEazbUsu8R1v/ON1
PV2TF2uTBnZCsLIcrrYsDm9lJFch9ra9MVkJgBpDeWFM+eecEphvBaQMA49d8OZl
wzJIJfBePM+F+clwdlhQpusqG9CHhfdEUH7JZubX3PJr50UI
-----END CERTIFICATE-----