Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          1xkGnSOBMCMyuWahVTpV4kFHg0zWbYjGPuaFoc6CavY=
Subject key identifier:   65:AF:B4:B4:38:A9:AB:3C:C7:22:82:8F:DA:F7:15:7F:EC:DC:E3:44
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       51AE67239B43531D98D18A3FC851D658AFD41549
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137517.roa
Signing time:             Wed 15 Oct 2025 00:06:44 +0000
ROA not before:           Wed 15 Oct 2025 00:01:44 +0000
ROA not after:            Wed 14 Oct 2026 00:06:44 +0000
asID:                     137517
IP address blocks:        143.20.85.0/24 maxlen: 24
                          143.20.95.0/24 maxlen: 24
                          143.20.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ae:67:23:9b:43:53:1d:98:d1:8a:3f:c8:51:d6:58:af:d4:15:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 15 00:01:44 2025 GMT
            Not After : Oct 14 00:06:44 2026 GMT
        Subject: CN=65AFB4B438A9AB3CC722828FDAF7157FECDCE344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5e:62:0f:30:aa:32:fc:55:0a:e5:19:7b:12:
                    5f:a5:19:e4:57:dc:95:ed:eb:a6:54:0c:04:3e:9a:
                    a6:d1:b5:86:8c:b6:c1:2a:ee:7f:d3:68:51:88:84:
                    18:0c:2b:d2:43:cd:79:38:c7:4d:47:d5:6c:05:24:
                    7e:15:a3:33:1c:6e:b1:9c:fe:27:db:54:dc:dc:07:
                    05:18:0d:c0:bf:28:dc:5b:ee:e5:6e:20:35:fe:4e:
                    68:8f:82:0d:14:50:ba:0c:63:a9:d4:47:60:d1:79:
                    8d:11:c9:a5:4e:bd:99:f6:36:0f:72:f1:bb:f0:9b:
                    4e:42:bf:e0:2d:57:0f:d9:ec:6b:c6:e7:75:a1:47:
                    bc:40:a7:c6:77:4d:0c:51:f1:fb:95:d1:ee:0e:57:
                    93:6c:63:e8:53:37:70:34:b8:56:7f:ca:e4:f4:53:
                    c8:73:98:48:8e:0a:64:fb:4d:6d:eb:80:4f:e5:98:
                    b8:a0:1f:86:c5:ef:db:bc:21:cb:3b:87:97:da:0e:
                    a9:c5:5c:c6:e7:18:63:c5:1c:63:f4:e9:ca:c6:b0:
                    93:e2:1a:1d:ee:b7:09:44:82:3e:21:15:d7:8d:5b:
                    81:cb:02:8a:d2:de:76:3d:c0:2d:4f:63:e6:20:4e:
                    76:fd:87:c0:6d:70:b2:8b:82:c9:58:20:5c:3c:a5:
                    92:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:AF:B4:B4:38:A9:AB:3C:C7:22:82:8F:DA:F7:15:7F:EC:DC:E3:44
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.85.0/24
                  143.20.95.0/24
                  143.20.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:be:9a:1e:c8:5e:03:02:5e:2b:e7:f7:fd:9a:73:4e:e0:f7:
         0b:a2:41:95:3a:2b:86:40:72:35:56:8d:99:34:33:cd:99:55:
         fe:c9:82:b0:b2:a4:bf:0b:84:f5:f6:e6:e4:66:73:01:c5:93:
         85:ae:cf:84:82:90:fd:5c:bf:20:be:98:20:80:3e:d6:48:0c:
         95:2e:7e:66:53:55:8f:5e:bb:1b:30:f1:00:4d:37:f9:9a:21:
         ab:47:ca:c6:0c:d1:fa:d4:9a:14:51:51:24:c6:44:17:a5:3d:
         a0:fa:20:e3:e3:00:3c:db:2f:5b:41:3d:e8:00:c6:58:91:42:
         84:0a:13:46:dc:ee:3d:c4:c4:40:11:37:26:54:f3:e9:c0:31:
         8b:94:c1:2d:40:db:f6:b7:3b:36:01:02:70:45:dd:0c:64:ff:
         75:94:0f:53:40:b0:2a:4b:ce:26:93:54:3b:e8:21:64:18:b9:
         54:87:3e:1b:d6:28:c4:43:06:8e:55:42:36:26:87:f7:43:68:
         1e:f2:40:bd:44:9c:04:40:13:bb:2b:4a:5b:7a:b8:df:01:69:
         82:1c:46:c4:54:d3:ab:a4:78:db:04:5f:c0:78:62:99:39:0c:
         0c:d2:ae:c9:f8:fc:a2:14:20:1e:a8:0e:a7:b0:14:83:02:20:
         0a:92:ea:6f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUUa5nI5tDUx2Y0Yo/yFHWWK/UFUkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMTUwMDAxNDRaFw0yNjEwMTQwMDA2NDRaMDMxMTAvBgNV
BAMTKDY1QUZCNEI0MzhBOUFCM0NDNzIyODI4RkRBRjcxNTdGRUNEQ0UzNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwXmIPMKoy/FUK5Rl7El+lGeRX
3JXt66ZUDAQ+mqbRtYaMtsEq7n/TaFGIhBgMK9JDzXk4x01H1WwFJH4VozMcbrGc
/ifbVNzcBwUYDcC/KNxb7uVuIDX+TmiPgg0UULoMY6nUR2DReY0RyaVOvZn2Ng9y
8bvwm05Cv+AtVw/Z7GvG53WhR7xAp8Z3TQxR8fuV0e4OV5NsY+hTN3A0uFZ/yuT0
U8hzmEiOCmT7TW3rgE/lmLigH4bF79u8Ics7h5faDqnFXMbnGGPFHGP06crGsJPi
Gh3utwlEgj4hFdeNW4HLAorS3nY9wC1PY+YgTnb9h8BtcLKLgslYIFw8pZJpAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUZa+0tDipqzzHIoKP2vcVf+zc40QwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxRV
AwQAjxRfAwQAjxRrMA0GCSqGSIb3DQEBCwUAA4IBAQCuvpoeyF4DAl4r5/f9mnNO
4PcLokGVOiuGQHI1Vo2ZNDPNmVX+yYKwsqS/C4T19ubkZnMBxZOFrs+EgpD9XL8g
vpgggD7WSAyVLn5mU1WPXrsbMPEATTf5miGrR8rGDNH61JoUUVEkxkQXpT2g+iDj
4wA82y9bQT3oAMZYkUKEChNG3O49xMRAETcmVPPpwDGLlMEtQNv2tzs2AQJwRd0M
ZP91lA9TQLAqS84mk1Q76CFkGLlUhz4b1ijEQwaOVUI2Jof3Q2ge8kC9RJwEQBO7
K0pberjfAWmCHEbEVNOrpHjbBF/AeGKZOQwM0q7J+PyiFCAeqA6nsBSDAiAKkupv
-----END CERTIFICATE-----