Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS136501.roa
File:                     AS136501.roa (raw, json)
Hash identifier:          C/KjhgFMgf5WWlRi7Thvwj1eTKryX1pY3LDkhnMhUO0=
Subject key identifier:   7A:98:F4:6A:66:9E:F1:B8:67:17:DD:FA:05:3A:28:62:18:C3:01:6C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       097044284C85D465FDEC72F3DF04EDB1E903971C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS136501.roa
Signing time:             Tue 19 Aug 2025 00:00:06 +0000
ROA not before:           Mon 18 Aug 2025 23:55:06 +0000
ROA not after:            Tue 18 Aug 2026 00:00:06 +0000
asID:                     136501
IP address blocks:        143.20.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:70:44:28:4c:85:d4:65:fd:ec:72:f3:df:04:ed:b1:e9:03:97:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 18 23:55:06 2025 GMT
            Not After : Aug 18 00:00:06 2026 GMT
        Subject: CN=7A98F46A669EF1B86717DDFA053A286218C3016C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e7:33:b8:cc:81:ed:e8:5a:c7:12:3f:28:e0:
                    88:36:30:fb:1c:f8:59:6d:6e:1d:e5:7f:7e:d6:af:
                    bb:bc:40:f6:6b:9a:7e:ee:aa:54:6b:92:29:97:43:
                    82:d2:92:14:39:b3:32:3a:27:6f:dd:33:dc:a1:2a:
                    18:df:33:c4:59:88:6f:9e:8e:6a:68:a1:a3:14:21:
                    b2:c1:84:5e:e5:8f:ec:93:31:ba:44:66:ca:72:59:
                    d8:05:47:8b:04:53:73:ce:ab:83:15:78:d5:c8:79:
                    87:d5:7f:f3:c7:ab:cf:e5:73:a6:c9:12:f1:ac:a5:
                    ff:3f:5b:63:ae:3d:3b:c5:2c:7a:3d:7d:5b:cc:ed:
                    8b:48:44:87:71:41:96:f4:d3:45:e4:c5:e3:95:a4:
                    40:0c:4f:d7:88:98:ff:d0:15:95:82:d1:a5:e1:e4:
                    dc:ea:d0:58:9b:7b:e8:3b:2c:03:cf:2b:d0:10:1a:
                    0b:9e:9a:be:b9:5c:ae:a3:1d:a4:14:43:5f:01:80:
                    b3:63:c3:63:bc:a0:21:d4:0f:2c:16:82:96:f1:ba:
                    51:57:82:7c:d6:18:a7:e5:d5:36:cb:45:7b:fc:e6:
                    33:6a:5a:2d:e2:c2:0b:95:36:5a:5c:8b:29:17:5e:
                    ae:dd:c7:39:3c:a9:8b:c8:2a:51:95:8b:6c:78:6c:
                    80:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:98:F4:6A:66:9E:F1:B8:67:17:DD:FA:05:3A:28:62:18:C3:01:6C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS136501.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d5:ff:6f:98:22:de:e0:45:3b:55:83:4b:14:41:ab:ec:fb:
         87:05:e6:3f:b0:cd:94:a6:e8:86:59:b6:be:97:86:d7:6d:93:
         88:3e:f3:7b:3a:94:e2:17:dd:d7:33:77:ef:44:76:a9:82:44:
         c6:b9:29:3b:18:72:62:a0:cf:2d:9e:74:e4:38:61:00:82:cd:
         c2:e0:c5:0c:8b:37:c5:b9:d9:f2:ea:f3:70:57:d0:5c:c7:38:
         11:ae:ce:c4:84:37:dc:7b:0c:dc:a4:a1:33:bc:af:6d:60:95:
         39:4a:b9:4a:c6:79:80:98:bc:c9:b5:f6:ce:2a:db:62:18:72:
         46:3a:c7:ea:7f:05:14:73:a7:90:d0:5f:bb:2f:f4:1c:6c:fe:
         45:6e:1e:83:d6:03:a3:94:1d:ed:aa:97:db:5b:82:4f:f0:46:
         01:84:97:9d:42:3f:c2:81:73:ae:43:ae:c1:15:bf:68:23:44:
         d2:7e:ce:69:cc:f6:06:5a:23:9e:bf:17:21:7d:67:6f:66:4d:
         ff:c9:65:08:4c:49:39:87:80:8f:1b:68:0b:d7:43:ba:c4:15:
         2a:f4:c3:25:8e:c1:c6:f2:39:1c:25:14:86:3f:cb:4a:8c:c7:
         47:4f:f9:b6:69:c6:90:d1:34:28:e6:e7:77:d8:df:cd:5b:90:
         51:8b:80:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCXBEKEyF1GX97HLz3wTtsekDlxwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MTgyMzU1MDZaFw0yNjA4MTgwMDAwMDZaMDMxMTAvBgNV
BAMTKDdBOThGNDZBNjY5RUYxQjg2NzE3RERGQTA1M0EyODYyMThDMzAxNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs5zO4zIHt6FrHEj8o4Ig2MPsc
+Fltbh3lf37Wr7u8QPZrmn7uqlRrkimXQ4LSkhQ5szI6J2/dM9yhKhjfM8RZiG+e
jmpooaMUIbLBhF7lj+yTMbpEZspyWdgFR4sEU3POq4MVeNXIeYfVf/PHq8/lc6bJ
EvGspf8/W2OuPTvFLHo9fVvM7YtIRIdxQZb000XkxeOVpEAMT9eImP/QFZWC0aXh
5Nzq0Fibe+g7LAPPK9AQGguemr65XK6jHaQUQ18BgLNjw2O8oCHUDywWgpbxulFX
gnzWGKfl1TbLRXv85jNqWi3iwguVNlpciykXXq7dxzk8qYvIKlGVi2x4bIDJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUepj0amae8bhnF936BTooYhjDAWwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM2NTAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSP
MA0GCSqGSIb3DQEBCwUAA4IBAQAJ1f9vmCLe4EU7VYNLFEGr7PuHBeY/sM2UpuiG
Wba+l4bXbZOIPvN7OpTiF93XM3fvRHapgkTGuSk7GHJioM8tnnTkOGEAgs3C4MUM
izfFudny6vNwV9BcxzgRrs7EhDfcewzcpKEzvK9tYJU5SrlKxnmAmLzJtfbOKtti
GHJGOsfqfwUUc6eQ0F+7L/QcbP5Fbh6D1gOjlB3tqpfbW4JP8EYBhJedQj/CgXOu
Q67BFb9oI0TSfs5pzPYGWiOevxchfWdvZk3/yWUITEk5h4CPG2gL10O6xBUq9MMl
jsHG8jkcJRSGP8tKjMdHT/m2acaQ0TQo5ud32N/NW5BRi4Bm
-----END CERTIFICATE-----