Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          fGM+FGmMUhYIWL1WeL3N3USPeu6lHRd3Jqd9/L5vVls=
Subject key identifier:   51:ED:F6:8D:70:FF:3A:31:32:E8:BE:63:CF:C8:37:54:0D:F9:18:FB
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       607464F4287E155F498876190A863E7BF99353A8
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137517.roa
Signing time:             Wed 11 Jun 2025 13:34:32 +0000
ROA not before:           Wed 11 Jun 2025 13:29:32 +0000
ROA not after:            Wed 10 Jun 2026 13:34:32 +0000
asID:                     137517
IP address blocks:        143.20.85.0/24 maxlen: 24
                          143.20.95.0/24 maxlen: 24
                          143.20.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:74:64:f4:28:7e:15:5f:49:88:76:19:0a:86:3e:7b:f9:93:53:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 11 13:29:32 2025 GMT
            Not After : Jun 10 13:34:32 2026 GMT
        Subject: CN=51EDF68D70FF3A3132E8BE63CFC837540DF918FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4e:e2:88:ca:68:1c:d9:92:58:f0:de:b5:38:
                    04:e1:f0:81:4f:cc:3e:3d:fc:c5:37:00:a2:4b:4e:
                    fb:ec:09:75:93:d9:65:fb:b8:30:32:95:27:4b:26:
                    ec:a5:54:44:a1:b5:f3:23:45:55:e4:e1:90:19:65:
                    0c:c7:d7:b6:1d:ac:05:3b:fb:d8:cd:54:25:45:86:
                    f5:23:61:c6:47:27:70:95:57:c2:0b:28:ff:b6:a3:
                    b2:cb:7b:87:64:56:de:4d:c9:a6:36:34:87:70:26:
                    f5:70:14:d6:dd:1f:d1:44:93:74:bb:06:5e:28:3f:
                    12:01:13:24:33:f5:56:47:75:33:35:2a:4c:d7:2c:
                    a7:1a:3b:37:2e:8e:e4:b0:cc:4a:71:13:25:e4:79:
                    5f:ec:76:9a:e0:ae:01:d0:f6:12:c1:99:29:a3:e1:
                    90:56:f8:b8:e7:02:5f:8f:4a:55:64:97:6a:f5:df:
                    3e:4c:4b:ca:c0:11:ae:e1:88:ed:8e:80:b3:05:4b:
                    7c:cc:1b:67:c5:27:6c:f3:f5:55:be:16:95:9c:07:
                    f1:14:e7:05:67:42:3e:48:c6:73:1a:1a:f3:fe:de:
                    b4:f8:27:66:be:67:87:87:33:d5:73:94:f2:df:9f:
                    08:41:2b:0c:95:a5:0f:9a:13:40:5c:2c:3c:0a:37:
                    6d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:ED:F6:8D:70:FF:3A:31:32:E8:BE:63:CF:C8:37:54:0D:F9:18:FB
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.85.0/24
                  143.20.95.0/24
                  143.20.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:cc:ed:7a:1e:37:1d:f3:0d:2d:c9:4b:11:c8:c5:6b:f0:a8:
         f2:36:2a:aa:7b:ea:23:2e:5f:be:2d:c8:17:a1:6a:ad:19:3b:
         28:d9:2b:44:f7:71:de:ec:5f:36:b8:84:b8:93:68:0a:65:db:
         c9:55:b3:a4:ba:5e:71:c1:45:90:c8:a9:89:b4:47:6d:54:14:
         42:c9:33:b9:c8:8c:41:90:75:a5:90:16:52:09:5a:59:9f:c2:
         d6:ae:b4:ea:3a:2c:77:51:6e:5a:e0:60:bc:8b:6e:f9:7a:0f:
         68:cd:72:0e:ab:fb:92:b8:4e:7e:5c:78:d6:0a:27:97:a7:86:
         a5:45:88:c3:dd:ec:2c:b9:81:44:a6:09:22:d9:7c:83:de:b4:
         e4:52:e6:f4:ad:75:54:fe:7c:c2:e2:96:83:c3:ed:8e:88:69:
         fd:24:2b:ce:01:04:0a:51:48:99:b2:de:69:8a:f4:14:5e:0d:
         c0:35:50:9a:b5:61:da:84:74:f7:e5:8b:cf:2a:66:b0:be:11:
         08:df:d0:3b:0f:59:80:69:09:c8:72:0d:de:43:80:64:b3:6c:
         06:85:95:6a:ef:7c:04:ba:0c:48:ad:f2:a3:19:a8:cf:e9:b3:
         f9:04:09:40:0b:eb:4d:c4:a5:17:f5:62:6b:66:bf:60:3c:68:
         73:e5:dc:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUYHRk9Ch+FV9JiHYZCoY+e/mTU6gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTExMzI5MzJaFw0yNjA2MTAxMzM0MzJaMDMxMTAvBgNV
BAMTKDUxRURGNjhENzBGRjNBMzEzMkU4QkU2M0NGQzgzNzU0MERGOTE4RkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrTuKIymgc2ZJY8N61OATh8IFP
zD49/MU3AKJLTvvsCXWT2WX7uDAylSdLJuylVEShtfMjRVXk4ZAZZQzH17YdrAU7
+9jNVCVFhvUjYcZHJ3CVV8ILKP+2o7LLe4dkVt5NyaY2NIdwJvVwFNbdH9FEk3S7
Bl4oPxIBEyQz9VZHdTM1KkzXLKcaOzcujuSwzEpxEyXkeV/sdprgrgHQ9hLBmSmj
4ZBW+LjnAl+PSlVkl2r13z5MS8rAEa7hiO2OgLMFS3zMG2fFJ2zz9VW+FpWcB/EU
5wVnQj5IxnMaGvP+3rT4J2a+Z4eHM9VzlPLfnwhBKwyVpQ+aE0BcLDwKN21fAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUUe32jXD/OjEy6L5jz8g3VA35GPswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjxRV
AwQAjxRfAwQAjxRrMA0GCSqGSIb3DQEBCwUAA4IBAQBIzO16Hjcd8w0tyUsRyMVr
8KjyNiqqe+ojLl++LcgXoWqtGTso2StE93He7F82uIS4k2gKZdvJVbOkul5xwUWQ
yKmJtEdtVBRCyTO5yIxBkHWlkBZSCVpZn8LWrrTqOix3UW5a4GC8i275eg9ozXIO
q/uSuE5+XHjWCieXp4alRYjD3ewsuYFEpgki2XyD3rTkUub0rXVU/nzC4paDw+2O
iGn9JCvOAQQKUUiZst5pivQUXg3ANVCatWHahHT35YvPKmawvhEI39A7D1mAaQnI
cg3eQ4Bks2wGhZVq73wEugxIrfKjGajP6bP5BAlAC+tNxKUX9WJrZr9gPGhz5dz6
-----END CERTIFICATE-----