Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS136501.roa
File:                     AS136501.roa (raw, json)
Hash identifier:          GD3cXe7zrKqRKoaHtJfAHtSGkU+DQRaswh9gaDIZtvM=
Subject key identifier:   1F:2D:72:86:DD:A8:73:AD:60:9F:01:BF:F4:CB:95:32:66:DC:DA:8B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6A276F1BBE5835A973EE89EC6B28017FD7190399
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS136501.roa
Signing time:             Tue 24 Jun 2025 00:02:01 +0000
ROA not before:           Mon 23 Jun 2025 23:57:01 +0000
ROA not after:            Tue 23 Jun 2026 00:02:01 +0000
asID:                     136501
IP address blocks:        143.20.72.0/22 maxlen: 24
                          143.20.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:27:6f:1b:be:58:35:a9:73:ee:89:ec:6b:28:01:7f:d7:19:03:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 23 23:57:01 2025 GMT
            Not After : Jun 23 00:02:01 2026 GMT
        Subject: CN=1F2D7286DDA873AD609F01BFF4CB953266DCDA8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:04:a7:8a:41:6f:a9:d0:77:38:ee:ec:39:ae:
                    84:4e:38:b8:79:99:3d:8f:1c:9c:e6:56:75:b8:d9:
                    b9:7f:e6:e7:d4:a9:6a:e1:78:9d:eb:01:29:02:b4:
                    32:a6:d5:50:68:e1:6f:ae:ff:f1:0e:db:df:6b:0e:
                    f5:66:20:b7:07:bc:b8:60:79:31:0e:80:eb:67:d9:
                    21:11:43:d4:23:ef:1a:ef:05:ca:22:3a:0f:d6:8e:
                    3c:9e:5f:3e:46:20:ea:a0:b8:69:6a:59:e1:48:74:
                    49:49:fc:3a:83:78:63:68:9a:59:7b:f2:d7:da:37:
                    ae:be:8c:f3:5e:19:cb:44:1e:be:8e:1c:59:a1:3e:
                    51:93:09:9f:5e:da:40:20:75:e8:e6:c1:a2:16:ad:
                    f0:88:1c:a5:80:89:92:7c:37:4e:68:96:67:f3:e4:
                    2f:4c:15:26:08:b1:2e:8c:f0:9b:ab:13:05:7f:35:
                    6e:7b:3b:75:c0:8d:b3:89:dd:30:fd:d6:8e:d9:44:
                    d3:71:61:cf:43:1f:d6:e2:88:bd:23:0a:2d:55:4f:
                    c0:06:f7:c6:c2:ed:19:58:96:4c:a8:f3:ae:fd:0a:
                    4f:d2:e0:d1:fc:34:ca:73:e9:40:6c:71:a8:97:26:
                    6a:2f:27:54:94:54:ab:4b:2e:27:23:7e:6f:09:4e:
                    52:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:2D:72:86:DD:A8:73:AD:60:9F:01:BF:F4:CB:95:32:66:DC:DA:8B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS136501.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.72.0/22
                  143.20.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a9:99:b1:af:0d:c6:82:f7:58:b0:56:3d:d7:8d:b9:60:6b:
         fe:bf:0e:3e:61:88:b3:31:50:78:c7:e9:48:a8:80:ed:68:1d:
         ec:76:14:d6:bd:0b:f4:e9:f5:14:7b:fa:0f:77:8d:fe:2b:cf:
         8d:1c:f0:00:fd:2b:bd:a2:74:5b:f2:81:fb:7d:9e:77:05:b1:
         87:00:7e:d0:af:b7:2f:be:50:83:e3:48:76:b2:e5:2f:b5:40:
         3f:34:dd:f0:cb:a4:54:60:d7:87:b4:b7:5e:93:fb:2d:5c:c6:
         1c:0a:e5:98:95:cb:4e:c4:37:b8:82:cd:5f:34:d5:cc:ea:7a:
         5c:c4:fc:bc:48:0d:c2:83:8e:08:c8:b8:f9:9d:81:58:b1:3d:
         51:e9:14:a3:fe:8c:94:b4:4d:5a:3f:c7:ff:50:f5:42:10:09:
         45:2e:ae:44:c0:e5:7d:ec:62:c0:5f:97:ce:f6:51:81:c9:87:
         c6:ec:9d:21:65:16:56:f0:a1:62:e0:30:92:a1:cb:01:c8:3b:
         a5:ae:05:ad:d5:0c:30:27:4f:af:28:98:45:ea:6b:ba:6b:98:
         f6:0f:80:32:35:d8:c3:62:41:08:d9:8b:8e:20:e1:81:5f:e5:
         b2:ed:4e:4b:f7:48:ab:21:82:7f:c1:b2:13:cf:fb:dd:14:a4:
         26:3a:89:4b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUaidvG75YNalz7onsaygBf9cZA5kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjMyMzU3MDFaFw0yNjA2MjMwMDAyMDFaMDMxMTAvBgNV
BAMTKDFGMkQ3Mjg2RERBODczQUQ2MDlGMDFCRkY0Q0I5NTMyNjZEQ0RBOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2BKeKQW+p0Hc47uw5roROOLh5
mT2PHJzmVnW42bl/5ufUqWrheJ3rASkCtDKm1VBo4W+u//EO299rDvVmILcHvLhg
eTEOgOtn2SERQ9Qj7xrvBcoiOg/WjjyeXz5GIOqguGlqWeFIdElJ/DqDeGNomll7
8tfaN66+jPNeGctEHr6OHFmhPlGTCZ9e2kAgdejmwaIWrfCIHKWAiZJ8N05olmfz
5C9MFSYIsS6M8JurEwV/NW57O3XAjbOJ3TD91o7ZRNNxYc9DH9biiL0jCi1VT8AG
98bC7RlYlkyo8679Ck/S4NH8NMpz6UBscaiXJmovJ1SUVKtLLicjfm8JTlLBAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUHy1yht2oc61gnwG/9MuVMmbc2oswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM2NTAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCjxRI
AwQAjxSPMA0GCSqGSIb3DQEBCwUAA4IBAQAAqZmxrw3GgvdYsFY91425YGv+vw4+
YYizMVB4x+lIqIDtaB3sdhTWvQv06fUUe/oPd43+K8+NHPAA/Su9onRb8oH7fZ53
BbGHAH7Qr7cvvlCD40h2suUvtUA/NN3wy6RUYNeHtLdek/stXMYcCuWYlctOxDe4
gs1fNNXM6npcxPy8SA3Cg44IyLj5nYFYsT1R6RSj/oyUtE1aP8f/UPVCEAlFLq5E
wOV97GLAX5fO9lGByYfG7J0hZRZW8KFi4DCSocsByDulrgWt1QwwJ0+vKJhF6mu6
a5j2D4AyNdjDYkEI2YuOIOGBX+Wy7U5L90irIYJ/wbITz/vdFKQmOolL
-----END CERTIFICATE-----