Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa
File:                     AS152868.roa (raw, json)
Hash identifier:          kmNFIuyRwDiFY7g0bhp80ciS6q/cDBS2owy54aVuuHo=
Subject key identifier:   25:D1:20:DB:D2:61:87:14:C4:B1:3F:67:49:96:30:8A:D5:14:9A:22
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       494B1B69F9C3A287DBC17AB38B6CAB3379FD3A1E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa
Signing time:             Tue 16 Jun 2026 00:19:14 +0000
ROA not before:           Tue 16 Jun 2026 00:14:14 +0000
ROA not after:            Tue 15 Jun 2027 00:19:14 +0000
asID:                     152868
IP address blocks:        143.20.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:4b:1b:69:f9:c3:a2:87:db:c1:7a:b3:8b:6c:ab:33:79:fd:3a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 16 00:14:14 2026 GMT
            Not After : Jun 15 00:19:14 2027 GMT
        Subject: CN=25D120DBD2618714C4B13F674996308AD5149A22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0d:b1:e0:7d:d4:32:d0:da:06:5d:19:1c:08:
                    09:25:85:60:ff:99:db:e8:b1:66:bb:d1:80:a1:31:
                    ad:83:36:7d:2a:1e:d3:fd:a6:a9:cb:9b:7a:1d:c9:
                    28:10:dc:b8:3c:e3:fa:48:26:6c:51:27:04:09:23:
                    3c:3a:f2:03:98:f4:df:1c:77:ef:72:52:01:15:9b:
                    4b:2f:e3:00:bb:6c:cd:7a:28:9b:7e:2e:60:7a:42:
                    07:19:b4:51:35:54:9e:ba:ad:48:53:18:87:54:2f:
                    bf:d8:0a:c1:8b:8f:e2:8b:6b:c3:a8:6c:16:3e:17:
                    60:55:63:b3:0d:02:0f:60:d7:85:0b:f7:f7:fb:88:
                    00:c1:50:26:e0:64:79:12:75:b2:3a:43:52:2d:98:
                    23:5c:aa:57:28:c8:33:9c:4e:b1:e9:1d:c8:b6:5c:
                    0c:4b:90:0a:2f:45:18:b8:90:5d:16:45:65:1d:34:
                    56:99:fb:9e:cf:fd:75:4e:a4:eb:b0:d5:ef:29:c9:
                    34:b6:c7:66:36:4b:32:cb:f7:bf:67:8b:b0:5f:26:
                    9d:2c:33:f5:e2:bb:cd:b6:cb:29:5d:c1:d6:a5:f5:
                    85:ed:a6:c1:53:19:cf:f1:11:24:9f:63:f8:bb:f7:
                    46:90:c9:f5:ae:dd:96:e0:74:45:88:9d:68:d2:7a:
                    57:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:D1:20:DB:D2:61:87:14:C4:B1:3F:67:49:96:30:8A:D5:14:9A:22
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152868.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:2e:3a:fe:f5:8c:52:61:a6:33:60:91:4c:d1:58:b5:12:e7:
         08:0b:14:16:74:65:d8:85:28:31:41:ab:75:20:4c:61:0f:e9:
         7a:26:c2:cb:17:c4:c0:0a:0d:2a:0c:22:6d:c6:1a:9c:53:2c:
         58:3c:61:eb:b0:8d:ce:50:07:ba:ea:2f:a9:5c:7a:a3:27:32:
         14:9b:9d:84:a8:bc:ee:5b:cd:8d:7a:ad:a1:de:b9:89:5b:cc:
         48:b9:36:88:a1:7d:9e:cf:73:ba:8d:12:0c:8c:30:5d:10:2f:
         47:3e:12:3e:34:81:05:8b:c6:e9:9a:b6:4c:5f:f2:04:78:05:
         1f:c9:72:f4:86:bc:d6:e3:11:1c:69:5c:e3:95:43:18:fd:d6:
         21:ad:6a:85:4a:47:13:8d:4d:d3:78:73:de:3d:3a:07:5a:ad:
         d9:30:b4:ee:cd:ce:60:ef:ce:c8:ec:6c:d0:81:cf:20:1c:99:
         80:47:66:00:c5:a9:ac:fe:40:30:4e:b9:bf:d4:2f:e4:ae:79:
         49:4a:af:e4:1e:a1:a0:d7:90:9d:3a:fb:62:6f:25:3b:d5:96:
         86:bf:ca:85:04:5d:0a:43:d8:09:89:3a:32:fd:3b:0b:d0:07:
         71:a0:ad:4f:dc:3c:79:ab:01:d5:f8:ca:73:90:a4:d9:b4:1e:
         5f:bb:85:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSUsbafnDoofbwXqzi2yrM3n9Oh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA2MTYwMDE0MTRaFw0yNzA2MTUwMDE5MTRaMDMxMTAvBgNV
BAMTKDI1RDEyMERCRDI2MTg3MTRDNEIxM0Y2NzQ5OTYzMDhBRDUxNDlBMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzDbHgfdQy0NoGXRkcCAklhWD/
mdvosWa70YChMa2DNn0qHtP9pqnLm3odySgQ3Lg84/pIJmxRJwQJIzw68gOY9N8c
d+9yUgEVm0sv4wC7bM16KJt+LmB6QgcZtFE1VJ66rUhTGIdUL7/YCsGLj+KLa8Oo
bBY+F2BVY7MNAg9g14UL9/f7iADBUCbgZHkSdbI6Q1ItmCNcqlcoyDOcTrHpHci2
XAxLkAovRRi4kF0WRWUdNFaZ+57P/XVOpOuw1e8pyTS2x2Y2SzLL979ni7BfJp0s
M/Xiu822yyldwdal9YXtpsFTGc/xESSfY/i790aQyfWu3ZbgdEWInWjSelcxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJdEg29JhhxTEsT9nSZYwitUUmiIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUyODY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQp
MA0GCSqGSIb3DQEBCwUAA4IBAQDILjr+9YxSYaYzYJFM0Vi1EucICxQWdGXYhSgx
Qat1IExhD+l6JsLLF8TACg0qDCJtxhqcUyxYPGHrsI3OUAe66i+pXHqjJzIUm52E
qLzuW82Neq2h3rmJW8xIuTaIoX2ez3O6jRIMjDBdEC9HPhI+NIEFi8bpmrZMX/IE
eAUfyXL0hrzW4xEcaVzjlUMY/dYhrWqFSkcTjU3TeHPePToHWq3ZMLTuzc5g787I
7GzQgc8gHJmAR2YAxams/kAwTrm/1C/krnlJSq/kHqGg15CdOvtibyU71ZaGv8qF
BF0KQ9gJiToy/TsL0AdxoK1P3Dx5qwHV+MpzkKTZtB5fu4Ue
-----END CERTIFICATE-----
Generated at Sat Jul 18 00:51:56 2026 by rpki-client