Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
File:                     AS135402.roa (raw, json)
Hash identifier:          P0FabAx0US+JVYAholR9ney4X4KnWrPovBcfz7ULtVA=
Subject key identifier:   02:A4:36:1E:2A:AD:68:12:C4:8D:9B:9F:C1:80:9A:9F:E0:B9:57:DE
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       270B2F561DE5FC3A96C96DF882E560B35644962A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa
Signing time:             Mon 23 Jun 2025 08:51:16 +0000
ROA not before:           Mon 23 Jun 2025 08:46:16 +0000
ROA not after:            Mon 22 Jun 2026 08:51:16 +0000
asID:                     135402
IP address blocks:        143.20.64.0/24 maxlen: 24
                          143.20.88.0/24 maxlen: 24
                          143.20.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:0b:2f:56:1d:e5:fc:3a:96:c9:6d:f8:82:e5:60:b3:56:44:96:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 23 08:46:16 2025 GMT
            Not After : Jun 22 08:51:16 2026 GMT
        Subject: CN=02A4361E2AAD6812C48D9B9FC1809A9FE0B957DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:fd:50:2d:5f:96:89:0b:8a:a1:c3:7d:3c:96:
                    b3:2b:f2:38:3e:4a:ce:ea:78:7f:70:7e:38:02:b0:
                    72:0c:be:a0:42:23:19:f1:00:00:f4:24:06:f2:2b:
                    d7:d1:ca:6e:5c:11:fa:fe:c6:36:85:c5:88:c1:d0:
                    26:72:66:c9:14:55:06:85:84:f1:1b:16:63:1b:75:
                    2b:7d:8d:ec:e6:3d:4d:35:99:a5:70:52:4f:24:be:
                    52:2a:98:a9:0d:1d:f8:26:2a:fa:47:21:4f:38:5b:
                    d7:e3:c4:2b:8a:3f:08:79:b2:22:82:fc:b7:ee:3f:
                    1b:9f:bf:33:1f:d1:8a:e8:0f:6a:f0:d4:e0:43:84:
                    6a:14:10:ae:2e:e3:28:b9:8d:95:4e:11:4a:d4:cd:
                    06:0c:93:6a:a0:0f:9a:e8:97:c1:fb:c6:d4:68:0f:
                    72:0a:86:ee:e8:00:4c:e1:96:c5:37:87:74:59:50:
                    54:f8:b9:fd:31:d0:d0:dd:33:8d:95:db:c7:da:4e:
                    83:e8:5d:62:b7:e3:f0:5b:ba:a4:37:16:72:c9:ed:
                    83:8c:02:fa:d7:f2:99:7a:f0:b0:80:4a:5c:fb:7d:
                    79:c1:9a:bf:db:47:d3:99:9c:f3:29:93:ab:f8:93:
                    06:b2:7c:2c:7f:4c:55:de:56:f4:9b:57:06:81:17:
                    d3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A4:36:1E:2A:AD:68:12:C4:8D:9B:9F:C1:80:9A:9F:E0:B9:57:DE
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS135402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.64.0/24
                  143.20.88.0/24
                  143.20.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:59:44:90:ae:ea:c8:f8:20:b4:da:91:3e:e0:65:b0:3f:e5:
         cf:c4:0f:ed:52:f9:aa:69:e4:cb:05:83:81:ba:e3:d3:72:38:
         c8:73:d5:c0:0f:25:00:de:f9:ff:1f:e2:bd:7c:bd:97:a5:f4:
         dd:e1:48:5f:40:46:fd:5c:9f:4f:6a:3d:2b:58:34:6d:4d:2c:
         43:a5:f8:61:c9:0d:f3:10:fe:56:d8:02:0c:37:da:d0:01:ed:
         41:9c:b5:db:93:74:55:e9:09:56:19:37:4c:1e:4e:f8:6b:91:
         b2:ab:dd:65:25:b3:97:7d:7a:9a:7a:ca:99:9a:98:4b:20:33:
         e5:a7:79:5e:df:bd:e9:2c:e3:1c:85:13:e0:0c:d1:92:1b:7c:
         14:b0:e7:ac:e5:46:31:55:4a:e2:b3:6a:10:84:70:ef:1c:e4:
         ce:aa:9a:93:59:2f:4e:3e:73:61:4e:92:55:67:1d:22:6c:cf:
         66:f0:ea:16:fd:de:45:6c:1f:76:60:e6:0b:62:e5:16:b6:ff:
         2f:7f:01:3e:63:c8:07:24:12:40:06:17:6e:7e:58:2a:4d:15:
         3a:5c:0a:d0:c6:f0:8f:13:da:7b:6b:4d:ae:b7:f1:59:29:94:
         b3:2f:36:03:11:e9:eb:30:1e:78:f8:c1:eb:c5:58:9b:c3:f7:
         82:1b:ff:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUJwsvVh3l/DqWyW34guVgs1ZEliowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjMwODQ2MTZaFw0yNjA2MjIwODUxMTZaMDMxMTAvBgNV
BAMTKDAyQTQzNjFFMkFBRDY4MTJDNDhEOUI5RkMxODA5QTlGRTBCOTU3REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo/VAtX5aJC4qhw308lrMr8jg+
Ss7qeH9wfjgCsHIMvqBCIxnxAAD0JAbyK9fRym5cEfr+xjaFxYjB0CZyZskUVQaF
hPEbFmMbdSt9jezmPU01maVwUk8kvlIqmKkNHfgmKvpHIU84W9fjxCuKPwh5siKC
/LfuPxufvzMf0YroD2rw1OBDhGoUEK4u4yi5jZVOEUrUzQYMk2qgD5rol8H7xtRo
D3IKhu7oAEzhlsU3h3RZUFT4uf0x0NDdM42V28faToPoXWK34/BbuqQ3FnLJ7YOM
AvrX8pl68LCASlz7fXnBmr/bR9OZnPMpk6v4kwayfCx/TFXeVvSbVwaBF9ONAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUAqQ2HiqtaBLEjZufwYCan+C5V94wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM1NDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxRA
AwQAjxRYAwQAjxRgMA0GCSqGSIb3DQEBCwUAA4IBAQBAWUSQrurI+CC02pE+4GWw
P+XPxA/tUvmqaeTLBYOBuuPTcjjIc9XADyUA3vn/H+K9fL2XpfTd4UhfQEb9XJ9P
aj0rWDRtTSxDpfhhyQ3zEP5W2AIMN9rQAe1BnLXbk3RV6QlWGTdMHk74a5Gyq91l
JbOXfXqaesqZmphLIDPlp3le373pLOMchRPgDNGSG3wUsOes5UYxVUris2oQhHDv
HOTOqpqTWS9OPnNhTpJVZx0ibM9m8OoW/d5FbB92YOYLYuUWtv8vfwE+Y8gHJBJA
BhduflgqTRU6XArQxvCPE9p7a02ut/FZKZSzLzYDEenrMB54+MHrxVibw/eCG//i
-----END CERTIFICATE-----