Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS10753.roa
File:                     AS10753.roa (raw, json)
Hash identifier:          KLaImYCpSZ84ynstGBy72ABalN8ftHXf0YjqRkS8DMg=
Subject key identifier:   5B:F0:15:04:8F:75:71:ED:AF:D3:D7:CA:09:42:BB:E0:78:96:53:B7
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       133F084677FF255F72BE8801AC5A4BE46EA2ED2E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS10753.roa
Signing time:             Thu 19 Jun 2025 18:28:40 +0000
ROA not before:           Thu 19 Jun 2025 18:23:40 +0000
ROA not after:            Thu 18 Jun 2026 18:28:40 +0000
asID:                     10753
IP address blocks:        143.20.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:3f:08:46:77:ff:25:5f:72:be:88:01:ac:5a:4b:e4:6e:a2:ed:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 19 18:23:40 2025 GMT
            Not After : Jun 18 18:28:40 2026 GMT
        Subject: CN=5BF015048F7571EDAFD3D7CA0942BBE0789653B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:68:7c:a0:97:b3:78:43:8d:46:5e:43:69:00:
                    89:b1:e6:1b:75:98:c5:5b:7b:9e:09:a8:1b:29:58:
                    2e:42:46:58:98:aa:9a:88:6f:1c:11:70:2e:18:5a:
                    16:05:1b:a3:dd:54:e8:54:43:c8:3a:33:e9:f0:c0:
                    cb:8d:ab:ab:ef:c2:34:eb:80:ec:c5:4e:bf:dc:ee:
                    99:63:67:e1:af:37:1e:e1:1e:4f:a8:2f:8d:71:5c:
                    10:b8:19:d1:56:db:3a:27:b6:d8:f4:1e:c3:1b:38:
                    11:20:a6:89:4d:7e:7c:0c:03:13:00:55:db:af:f4:
                    d7:b1:98:c7:63:4e:e5:5c:0b:69:5e:74:12:2e:11:
                    1b:d0:2e:1b:45:09:b2:de:5e:17:2c:89:e1:53:09:
                    4f:14:02:2e:67:b8:f1:38:fd:b1:2c:de:78:78:6c:
                    0b:cc:66:ce:83:77:b1:d0:70:32:4d:53:ae:af:d8:
                    89:be:af:c0:25:31:75:83:6d:47:a2:9e:7a:24:44:
                    84:d8:f3:b6:ce:e3:09:49:39:ba:c1:c6:0f:4f:f6:
                    d5:12:fb:1e:67:be:d8:aa:d2:be:03:d1:43:ab:a8:
                    ad:6b:c4:d9:a5:16:d4:f3:1e:7b:47:57:08:08:b8:
                    e3:ed:0e:ca:5a:2f:07:fa:c2:b9:d6:e2:6d:f2:58:
                    30:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F0:15:04:8F:75:71:ED:AF:D3:D7:CA:09:42:BB:E0:78:96:53:B7
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS10753.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:cc:74:af:8c:a9:2d:0b:1f:0b:bb:48:33:46:ea:92:e4:9b:
         94:31:64:39:7b:c6:3e:0e:ae:e5:4b:89:71:47:83:a5:14:78:
         21:1b:6d:49:74:88:24:bd:06:58:3b:65:18:0f:d7:b4:f1:35:
         0e:05:c0:eb:49:ca:d0:e6:e1:fd:cf:79:ee:46:ec:10:cc:b3:
         75:5e:82:97:42:da:52:62:aa:8d:b5:02:45:8d:7f:9e:a3:7e:
         0f:71:f1:ab:e4:83:c0:3f:8f:c4:bc:18:a9:5b:ea:dd:b1:a9:
         f8:f7:35:56:1c:df:21:16:62:90:08:7c:7f:76:36:54:e9:90:
         4a:89:33:57:c1:70:64:f0:29:27:23:87:e5:77:6e:0a:bb:8e:
         d3:cc:b5:1b:ee:cc:11:e2:1a:33:62:ee:bb:b6:bc:59:4b:f7:
         d9:ac:b6:07:60:ae:0d:f9:56:eb:f0:ec:37:25:15:64:67:56:
         bc:50:24:f5:7f:76:79:88:c7:da:46:c0:92:c3:a8:c1:ff:57:
         be:d5:32:c3:ec:c3:0a:29:04:7e:ba:38:6d:62:74:09:38:71:
         f6:55:e6:66:16:8e:4d:82:d6:fd:be:09:1f:4e:37:72:7b:b8:
         23:71:33:ca:fc:3d:32:04:9c:33:09:9e:8e:2f:40:99:24:f6:
         29:82:b2:ed
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEz8IRnf/JV9yvogBrFpL5G6i7S4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTkxODIzNDBaFw0yNjA2MTgxODI4NDBaMDMxMTAvBgNV
BAMTKDVCRjAxNTA0OEY3NTcxRURBRkQzRDdDQTA5NDJCQkUwNzg5NjUzQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1aHygl7N4Q41GXkNpAImx5ht1
mMVbe54JqBspWC5CRliYqpqIbxwRcC4YWhYFG6PdVOhUQ8g6M+nwwMuNq6vvwjTr
gOzFTr/c7pljZ+GvNx7hHk+oL41xXBC4GdFW2zonttj0HsMbOBEgpolNfnwMAxMA
Vduv9NexmMdjTuVcC2ledBIuERvQLhtFCbLeXhcsieFTCU8UAi5nuPE4/bEs3nh4
bAvMZs6Dd7HQcDJNU66v2Im+r8AlMXWDbUeinnokRITY87bO4wlJObrBxg9P9tUS
+x5nvtiq0r4D0UOrqK1rxNmlFtTzHntHVwgIuOPtDspaLwf6wrnW4m3yWDCLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUW/AVBI91ce2v09fKCUK74HiWU7cwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTA3NTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKPFEgw
DQYJKoZIhvcNAQELBQADggEBAA/MdK+MqS0LHwu7SDNG6pLkm5QxZDl7xj4OruVL
iXFHg6UUeCEbbUl0iCS9Blg7ZRgP17TxNQ4FwOtJytDm4f3Pee5G7BDMs3VegpdC
2lJiqo21AkWNf56jfg9x8avkg8A/j8S8GKlb6t2xqfj3NVYc3yEWYpAIfH92NlTp
kEqJM1fBcGTwKScjh+V3bgq7jtPMtRvuzBHiGjNi7ru2vFlL99mstgdgrg35Vuvw
7DclFWRnVrxQJPV/dnmIx9pGwJLDqMH/V77VMsPswwopBH66OG1idAk4cfZV5mYW
jk2C1v2+CR9ON3J7uCNxM8r8PTIEnDMJno4vQJkk9imCsu0=
-----END CERTIFICATE-----