Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
File:                     AS137235.roa (raw, json)
Hash identifier:          yqMJvgF0ntEGW2jJzHEJnALxxkux7+7/3m7aYt8v8nQ=
Subject key identifier:   2D:19:49:53:3B:57:78:BE:C4:F7:33:F4:59:A2:77:21:4E:DC:58:DD
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       63A9BC695CE3F3E7A847A322D8D5973D61E6F966
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa
Signing time:             Thu 25 Sep 2025 00:03:42 +0000
ROA not before:           Wed 24 Sep 2025 23:58:42 +0000
ROA not after:            Thu 24 Sep 2026 00:03:42 +0000
asID:                     137235
IP address blocks:        143.20.89.0/24 maxlen: 24
                          143.20.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:a9:bc:69:5c:e3:f3:e7:a8:47:a3:22:d8:d5:97:3d:61:e6:f9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 24 23:58:42 2025 GMT
            Not After : Sep 24 00:03:42 2026 GMT
        Subject: CN=2D1949533B5778BEC4F733F459A277214EDC58DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:eb:6b:00:e4:fe:50:1c:a1:e8:5f:7c:d5:1c:
                    93:f3:ab:21:17:ad:7b:5a:44:d6:34:0f:66:13:61:
                    c5:e7:92:e8:14:e7:95:b5:2a:dd:4f:a9:4f:a2:10:
                    71:59:64:3d:b1:d4:73:e1:c6:e8:49:41:4a:47:b5:
                    7c:17:a2:50:79:02:71:b2:48:ac:7d:ef:5f:a9:ae:
                    1e:86:f3:b7:e2:9b:23:b2:3c:f5:5f:11:00:9f:54:
                    17:d1:7c:74:7a:83:bb:60:c7:35:94:24:9f:cd:5c:
                    c5:de:29:a0:ad:6b:c3:34:26:c6:5a:f1:aa:f9:3c:
                    06:6c:40:08:de:34:f6:1b:9e:9f:64:7e:38:cf:97:
                    2d:ec:de:29:b1:c2:2d:f6:0e:2b:81:23:cb:b6:ef:
                    4b:45:4e:2a:f1:76:a2:ac:24:1a:f0:60:0d:22:74:
                    a1:6c:d5:40:9f:c1:76:1a:c6:46:0c:1d:fc:88:21:
                    80:e2:61:19:a5:ee:4b:29:19:c2:04:e3:6c:5a:66:
                    c0:58:53:4e:e0:b9:d3:75:85:c8:4d:ed:97:9e:77:
                    24:e1:83:38:45:db:61:27:b3:ec:94:92:1b:8b:d2:
                    1e:1b:36:ec:27:ca:8e:b3:c9:fd:77:d5:3b:7a:71:
                    20:2a:8b:5d:68:35:d8:83:34:db:2c:d6:93:84:d3:
                    d5:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:19:49:53:3B:57:78:BE:C4:F7:33:F4:59:A2:77:21:4E:DC:58:DD
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.89.0/24
                  143.20.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:c4:4c:60:34:86:77:8e:0a:52:39:c2:fd:38:40:cc:1d:fe:
         38:42:80:36:93:61:4c:77:f2:4d:5a:4f:bd:63:e1:e3:89:3c:
         12:c6:a6:36:8e:08:b6:ac:f1:77:82:80:ef:b9:00:ca:a6:7e:
         7b:e4:09:6a:c4:2a:00:21:13:5e:7a:d8:5c:e3:f2:67:0f:f4:
         11:29:2f:aa:9b:e6:91:7e:8e:f7:4b:fe:df:b5:6b:0d:3f:d7:
         6e:cf:42:67:6f:4f:30:7c:ef:6d:39:4f:ab:d3:d1:5c:af:30:
         59:79:17:5b:89:d5:e4:78:17:60:34:ac:9d:90:07:1a:37:44:
         81:7f:f6:08:e9:a5:83:5c:09:7c:11:ce:bd:ec:88:33:15:45:
         e6:5d:6e:d6:7e:53:33:b5:71:31:81:f2:86:63:3e:e4:7b:53:
         10:9e:b8:39:52:4f:cb:92:b9:53:c1:1c:13:be:c2:89:6b:0b:
         12:6b:e9:70:29:26:6d:43:5d:b2:db:82:e4:cd:28:95:c9:b7:
         c8:70:12:12:18:aa:b1:78:09:5e:b0:fb:ed:0e:00:74:ab:a5:
         0b:8c:df:a4:1c:b5:cf:a9:d2:f4:44:5d:cd:48:60:66:b6:58:
         bb:06:ae:eb:96:04:8b:d4:08:93:c5:c9:37:6f:fc:13:bc:27:
         37:fe:12:ee
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUY6m8aVzj8+eoR6Mi2NWXPWHm+WYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjQyMzU4NDJaFw0yNjA5MjQwMDAzNDJaMDMxMTAvBgNV
BAMTKDJEMTk0OTUzM0I1Nzc4QkVDNEY3MzNGNDU5QTI3NzIxNEVEQzU4REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE62sA5P5QHKHoX3zVHJPzqyEX
rXtaRNY0D2YTYcXnkugU55W1Kt1PqU+iEHFZZD2x1HPhxuhJQUpHtXwXolB5AnGy
SKx971+prh6G87fimyOyPPVfEQCfVBfRfHR6g7tgxzWUJJ/NXMXeKaCta8M0JsZa
8ar5PAZsQAjeNPYbnp9kfjjPly3s3imxwi32DiuBI8u270tFTirxdqKsJBrwYA0i
dKFs1UCfwXYaxkYMHfyIIYDiYRml7kspGcIE42xaZsBYU07gudN1hchN7ZeedyTh
gzhF22Ens+yUkhuL0h4bNuwnyo6zyf131Tt6cSAqi11oNdiDNNss1pOE09WTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQULRlJUztXeL7E9zP0WaJ3IU7cWN0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM3MjM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRZ
AwQAjxRiMA0GCSqGSIb3DQEBCwUAA4IBAQBwxExgNIZ3jgpSOcL9OEDMHf44QoA2
k2FMd/JNWk+9Y+HjiTwSxqY2jgi2rPF3goDvuQDKpn575AlqxCoAIRNeethc4/Jn
D/QRKS+qm+aRfo73S/7ftWsNP9duz0Jnb08wfO9tOU+r09FcrzBZeRdbidXkeBdg
NKydkAcaN0SBf/YI6aWDXAl8Ec697IgzFUXmXW7WflMztXExgfKGYz7ke1MQnrg5
Uk/LkrlTwRwTvsKJawsSa+lwKSZtQ12y24LkzSiVybfIcBISGKqxeAlesPvtDgB0
q6ULjN+kHLXPqdL0RF3NSGBmtli7Bq7rlgSL1AiTxck3b/wTvCc3/hLu
-----END CERTIFICATE-----