Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137897.roa
File:                     AS137897.roa (raw, json)
Hash identifier:          HS1OTCk2FMLn/MFwVvT58bqUyall/AgtRZhVyd9NSWA=
Subject key identifier:   95:9E:66:72:FC:72:8B:F8:84:70:F7:96:78:60:AD:E3:CF:09:1A:5F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       75969EFBCAB0D7ECF655C9DA4ACF20AD0320DE44
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137897.roa
Signing time:             Thu 19 Jun 2025 18:28:40 +0000
ROA not before:           Thu 19 Jun 2025 18:23:40 +0000
ROA not after:            Thu 18 Jun 2026 18:28:40 +0000
asID:                     137897
IP address blocks:        143.20.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:96:9e:fb:ca:b0:d7:ec:f6:55:c9:da:4a:cf:20:ad:03:20:de:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 19 18:23:40 2025 GMT
            Not After : Jun 18 18:28:40 2026 GMT
        Subject: CN=959E6672FC728BF88470F7967860ADE3CF091A5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:47:2b:ba:f5:ec:ed:6b:a9:ca:81:c8:8e:6d:
                    33:91:34:61:18:8c:4a:79:d0:fa:1c:5c:d1:74:b8:
                    23:35:bd:3a:d4:18:2a:1f:28:3e:9b:b5:d2:54:02:
                    0e:de:c7:8c:5e:80:59:58:71:ad:5d:4a:9e:20:23:
                    1f:86:2a:6d:78:7e:fe:77:15:d8:32:15:72:91:8b:
                    ad:3e:25:66:51:10:36:c9:bf:93:a3:b7:85:31:ba:
                    40:6c:3a:90:30:7e:36:cf:b0:77:22:06:76:3f:bb:
                    63:89:55:6e:3b:28:d0:93:3d:7e:5c:82:0a:39:93:
                    45:fb:8f:28:5e:d2:05:13:83:08:fc:32:40:0b:e7:
                    cc:56:9b:69:ed:6b:65:97:f1:54:bf:81:2c:2d:cf:
                    a1:70:f0:bc:93:9d:be:3f:79:75:8e:26:97:4f:b2:
                    97:49:1e:10:43:22:2b:9c:74:de:dd:66:f8:e1:81:
                    4d:ff:84:35:71:27:f9:1c:2f:76:74:5b:c9:df:25:
                    2f:31:ff:22:8b:7b:42:84:bb:62:cb:dc:59:9c:dd:
                    5a:2a:62:06:f3:b6:0e:89:07:48:e6:35:fc:4a:b5:
                    b8:1a:98:1c:ee:a9:fb:27:6d:f2:b7:15:bd:07:cb:
                    49:e8:38:1b:80:72:cc:ef:2b:90:78:f2:c1:fd:3d:
                    43:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:9E:66:72:FC:72:8B:F8:84:70:F7:96:78:60:AD:E3:CF:09:1A:5F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS137897.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:06:5e:7b:c7:41:68:5f:99:34:05:74:e2:e2:5e:57:a2:a3:
         b6:c1:47:88:82:f7:b1:dc:60:ac:db:5e:6a:c8:5c:bb:b6:b4:
         16:af:d7:bb:7b:f2:05:a0:49:7a:a3:14:82:8a:b5:67:6d:fc:
         90:8d:d4:75:9f:79:e1:25:d2:e4:c0:a8:09:8f:42:f3:10:10:
         f8:68:9f:e8:a1:fc:af:9f:59:d6:af:82:df:cf:58:55:a0:f5:
         bf:55:d4:62:f7:2d:4c:aa:db:cc:d1:39:41:16:1d:3c:da:f3:
         b1:3d:14:fc:06:e5:43:99:4b:ec:ec:26:14:3c:eb:4a:3f:cc:
         a0:27:8f:38:b5:ae:de:2d:db:69:a5:d7:17:4d:f8:70:1e:9e:
         ee:37:f1:80:e7:c6:03:94:24:36:0b:6e:b7:1d:e0:04:4c:2e:
         d4:9e:06:33:55:47:e7:fd:6b:10:eb:65:38:b2:84:d7:da:7c:
         fe:29:23:67:32:b0:8e:04:c1:47:55:1e:3e:37:78:48:33:85:
         fd:5d:4e:52:de:17:96:52:ff:37:a8:7e:06:72:9a:65:dc:7b:
         a8:6e:5f:4b:3e:93:cf:7c:b8:62:b2:60:60:9f:b8:c1:ab:b9:
         00:ef:75:83:2b:a3:22:cc:5a:37:45:37:2d:d3:36:1b:6f:83:
         51:a6:93:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdZae+8qw1+z2VcnaSs8grQMg3kQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTkxODIzNDBaFw0yNjA2MTgxODI4NDBaMDMxMTAvBgNV
BAMTKDk1OUU2NjcyRkM3MjhCRjg4NDcwRjc5Njc4NjBBREUzQ0YwOTFBNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8Ryu69ezta6nKgciObTORNGEY
jEp50PocXNF0uCM1vTrUGCofKD6btdJUAg7ex4xegFlYca1dSp4gIx+GKm14fv53
FdgyFXKRi60+JWZREDbJv5Ojt4UxukBsOpAwfjbPsHciBnY/u2OJVW47KNCTPX5c
ggo5k0X7jyhe0gUTgwj8MkAL58xWm2nta2WX8VS/gSwtz6Fw8LyTnb4/eXWOJpdP
spdJHhBDIiucdN7dZvjhgU3/hDVxJ/kcL3Z0W8nfJS8x/yKLe0KEu2LL3Fmc3Voq
Ygbztg6JB0jmNfxKtbgamBzuqfsnbfK3Fb0Hy0noOBuAcszvK5B48sH9PUNVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlZ5mcvxyi/iEcPeWeGCt488JGl8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM3ODk3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjxRI
MA0GCSqGSIb3DQEBCwUAA4IBAQAzBl57x0FoX5k0BXTi4l5XoqO2wUeIgvex3GCs
215qyFy7trQWr9e7e/IFoEl6oxSCirVnbfyQjdR1n3nhJdLkwKgJj0LzEBD4aJ/o
ofyvn1nWr4Lfz1hVoPW/VdRi9y1MqtvM0TlBFh082vOxPRT8BuVDmUvs7CYUPOtK
P8ygJ484ta7eLdtppdcXTfhwHp7uN/GA58YDlCQ2C263HeAETC7UngYzVUfn/WsQ
62U4soTX2nz+KSNnMrCOBMFHVR4+N3hIM4X9XU5S3heWUv83qH4Gcppl3Huobl9L
PpPPfLhismBgn7jBq7kA73WDK6MizFo3RTct0zYbb4NRppOs
-----END CERTIFICATE-----