Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          zTGrLKtQMoem7g8UWH7sOGAZZuXb3XKcY6ZRopXdqDQ=
Subject key identifier:   FE:EA:45:0D:E0:9E:AF:5E:B4:EF:89:F1:BE:E1:DD:06:86:1D:1A:6E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6068B2646B0C16F4A7F3AF3F75445E285FEFC02C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
Signing time:             Sat 23 Aug 2025 00:00:08 +0000
ROA not before:           Fri 22 Aug 2025 23:55:08 +0000
ROA not after:            Sat 22 Aug 2026 00:00:08 +0000
asID:                     135402
IP address blocks:        143.20.88.0/24 maxlen: 24
                          143.20.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:68:b2:64:6b:0c:16:f4:a7:f3:af:3f:75:44:5e:28:5f:ef:c0:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 22 23:55:08 2025 GMT
            Not After : Aug 22 00:00:08 2026 GMT
        Subject: CN=FEEA450DE09EAF5EB4EF89F1BEE1DD06861D1A6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b5:25:f6:a9:da:a4:2f:03:fd:20:b7:ad:0a:
                    14:c7:5b:a6:9a:78:7b:c1:6a:11:4e:93:56:75:a5:
                    3c:4e:20:22:91:f4:ec:f2:aa:51:d7:e5:07:26:bf:
                    9c:74:d4:b1:74:c9:66:72:f5:a7:71:15:69:eb:c6:
                    e3:01:7b:6a:0d:c2:3a:f9:68:08:80:1d:f0:5d:41:
                    95:ff:8a:32:39:75:36:73:e9:9b:8b:1f:71:67:00:
                    20:8f:1e:71:c1:75:16:16:ff:2c:3c:c3:27:52:5a:
                    7a:ee:61:a1:c2:c8:6f:5a:2f:18:e3:d9:0f:d2:1a:
                    9c:4b:06:c3:1d:4f:6f:4e:cd:03:09:b3:10:24:ac:
                    78:16:22:ea:28:06:e3:40:3b:53:db:64:3a:50:2b:
                    95:f6:dc:c7:b0:db:a2:d4:a9:78:5d:6b:ab:2c:64:
                    69:90:79:e3:ab:4d:d1:cb:54:85:d5:23:39:7c:4d:
                    b2:b5:35:fd:67:f1:7f:3f:65:69:e6:d3:77:0d:1c:
                    0c:3f:f3:fc:19:c6:7f:77:23:f5:32:15:0c:19:0f:
                    21:a3:fb:2b:dd:b6:cc:9f:78:a5:fb:1b:7b:cb:ff:
                    9d:69:78:97:13:39:49:84:5f:30:7d:bf:e4:f3:2c:
                    43:d8:00:da:5b:98:c4:10:de:ad:77:09:35:48:fb:
                    eb:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:EA:45:0D:E0:9E:AF:5E:B4:EF:89:F1:BE:E1:DD:06:86:1D:1A:6E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.88.0/24
                  143.20.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:b9:2f:c0:c6:d0:f1:10:d1:49:2c:f9:be:86:8d:03:bd:db:
         fb:43:32:7c:27:0a:a6:97:2f:de:49:c5:8e:5f:60:09:dc:ee:
         11:89:ac:81:e0:84:cd:2f:d3:c8:ee:03:e9:ae:5b:b9:f9:cc:
         cd:99:1f:3d:4d:09:07:fd:49:e5:50:6b:79:32:fc:f7:2d:21:
         7b:ad:f5:d8:d1:b1:12:d4:01:16:58:75:a4:8e:f6:36:1e:e5:
         f9:96:36:63:4d:87:c9:66:d8:0c:2e:53:8c:98:be:0d:a7:46:
         96:35:5b:92:89:5f:35:a2:a0:7e:5d:12:e4:5d:20:39:7e:81:
         db:b4:b0:4a:6c:eb:a7:1c:07:f0:7b:df:2c:9d:12:40:58:0e:
         a6:8c:aa:75:94:07:77:de:66:28:9f:d5:cb:93:58:9f:19:78:
         a8:4e:38:ae:d7:af:b9:c6:d5:16:87:a8:4a:22:32:65:8a:0e:
         a9:06:6d:17:ed:96:6e:88:6e:1b:c9:13:df:3e:cd:1d:3f:74:
         0a:9a:a1:fc:f0:92:d1:02:1c:f1:c2:80:62:66:92:d3:ea:e2:
         12:35:da:06:bc:96:85:9e:41:0b:ac:67:c6:dc:f5:c4:37:22:
         02:d3:4d:12:d7:04:d7:a4:81:f9:9a:df:3f:8a:9d:45:1f:74:
         41:53:fb:bc
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUYGiyZGsMFvSn868/dUReKF/vwCwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MjIyMzU1MDhaFw0yNjA4MjIwMDAwMDhaMDMxMTAvBgNV
BAMTKEZFRUE0NTBERTA5RUFGNUVCNEVGODlGMUJFRTFERDA2ODYxRDFBNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCltSX2qdqkLwP9ILetChTHW6aa
eHvBahFOk1Z1pTxOICKR9OzyqlHX5Qcmv5x01LF0yWZy9adxFWnrxuMBe2oNwjr5
aAiAHfBdQZX/ijI5dTZz6ZuLH3FnACCPHnHBdRYW/yw8wydSWnruYaHCyG9aLxjj
2Q/SGpxLBsMdT29OzQMJsxAkrHgWIuooBuNAO1PbZDpQK5X23Mew26LUqXhda6ss
ZGmQeeOrTdHLVIXVIzl8TbK1Nf1n8X8/ZWnm03cNHAw/8/wZxn93I/UyFQwZDyGj
+yvdtsyfeKX7G3vL/51peJcTOUmEXzB9v+TzLEPYANpbmMQQ3q13CTVI++vnAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU/upFDeCer16074nxvuHdBoYdGm4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRY
AwQAjxRgMA0GCSqGSIb3DQEBCwUAA4IBAQBXuS/AxtDxENFJLPm+ho0Dvdv7QzJ8
Jwqmly/eScWOX2AJ3O4RiayB4ITNL9PI7gPprlu5+czNmR89TQkH/UnlUGt5Mvz3
LSF7rfXY0bES1AEWWHWkjvY2HuX5ljZjTYfJZtgMLlOMmL4Np0aWNVuSiV81oqB+
XRLkXSA5foHbtLBKbOunHAfwe98snRJAWA6mjKp1lAd33mYon9XLk1ifGXioTjiu
16+5xtUWh6hKIjJlig6pBm0X7ZZuiG4byRPfPs0dP3QKmqH88JLRAhzxwoBiZpLT
6uISNdoGvJaFnkELrGfG3PXENyIC000S1wTXpIH5mt8/ip1FH3RBU/u8
-----END CERTIFICATE-----