Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS138195.roa
File:                     AS138195.roa (raw, json)
Hash identifier:          2fAY97iFS1nu/hVBCd8JLoHSa8MN4ZChIodC+Mq3PIU=
Subject key identifier:   E6:42:2E:10:A8:2F:F1:02:CF:23:C4:19:F8:DB:44:2A:48:96:B7:6B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       05C487832064C52BDF04E1545046C013E0383538
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS138195.roa
Signing time:             Tue 12 May 2026 07:47:11 +0000
ROA not before:           Tue 12 May 2026 07:42:11 +0000
ROA not after:            Tue 11 May 2027 07:47:11 +0000
asID:                     138195
IP address blocks:        143.20.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:28:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:c4:87:83:20:64:c5:2b:df:04:e1:54:50:46:c0:13:e0:38:35:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 12 07:42:11 2026 GMT
            Not After : May 11 07:47:11 2027 GMT
        Subject: CN=E6422E10A82FF102CF23C419F8DB442A4896B76B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0e:96:f6:04:25:69:b4:59:ec:8f:10:73:c5:
                    75:3b:4e:99:a4:0f:9c:e1:e1:df:3d:e1:23:57:bb:
                    5b:79:e0:84:64:a7:8c:19:11:72:ef:c6:ff:b2:2c:
                    74:0a:70:2c:e4:16:30:3e:be:b3:84:aa:d0:fc:df:
                    60:4d:ee:7e:81:fc:8a:62:51:37:09:b9:92:34:18:
                    0b:9b:5f:39:c9:26:46:a7:d9:0e:11:c2:32:de:a5:
                    1d:6e:ee:99:e6:e0:8e:8b:79:57:ca:90:a2:ba:0f:
                    5d:a6:05:4d:13:af:2b:2a:f6:91:7a:21:65:95:78:
                    fb:13:54:9b:13:96:86:0b:3c:b7:de:ad:8c:45:c5:
                    10:e1:2f:28:93:2b:55:e4:29:98:2c:01:20:43:09:
                    9f:09:ab:c5:d4:fb:5f:99:a2:26:1c:80:2f:4b:d7:
                    fa:0d:61:70:12:4b:db:a6:a6:13:a4:f8:20:2a:6d:
                    6c:5c:a3:90:c4:8e:be:ec:6d:af:21:e0:25:ca:89:
                    b1:d7:fd:ce:cc:00:52:a3:7b:bd:26:a1:87:c4:78:
                    f4:10:d7:a9:5c:53:7a:58:d0:8b:14:cb:d9:42:fe:
                    fd:c6:21:ca:12:02:87:3c:fe:9d:68:89:2f:db:7a:
                    b0:0d:26:01:7f:b8:f7:87:23:f7:7f:44:0e:c8:da:
                    15:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:42:2E:10:A8:2F:F1:02:CF:23:C4:19:F8:DB:44:2A:48:96:B7:6B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS138195.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:b9:36:2a:a5:70:f2:30:7c:22:bf:29:8b:48:24:56:e7:a8:
         3a:02:67:71:17:7a:d6:18:25:d0:7a:95:0f:e3:31:8b:ab:25:
         22:ba:18:73:85:56:f6:27:51:1d:3d:4b:cb:c0:3a:e4:b9:c8:
         f4:c8:07:f6:0d:4f:02:46:8e:d7:12:da:1c:a5:b5:3b:2b:1f:
         97:d7:84:2c:19:db:17:ec:83:96:b5:03:27:1a:8d:36:da:d7:
         4b:e0:74:40:11:d6:34:3b:d3:98:ee:62:33:3c:ae:7e:31:34:
         cd:59:a4:d2:78:9f:be:c3:d1:20:9d:ff:ad:a5:10:51:ec:05:
         04:8d:9e:c2:2f:fd:d5:b1:d4:c6:3c:a2:97:63:d5:21:3f:76:
         fd:89:5e:d6:31:e8:25:68:79:6e:72:0b:2a:dd:5b:a0:fc:43:
         e0:b6:d0:52:7f:df:13:29:f7:b0:09:4d:70:8f:82:3a:60:03:
         4b:0d:17:73:dd:b5:a1:91:ab:94:96:75:94:ce:74:1e:9d:2f:
         1d:33:7c:ce:e3:eb:22:f0:7f:3b:81:ad:8a:cd:10:0f:6c:0b:
         41:37:fb:b9:9b:13:6d:a8:9e:af:d5:49:5a:30:e1:07:9a:ae:
         26:aa:18:54:6a:7d:63:be:a1:00:a0:52:a4:4b:e7:39:fb:62:
         92:8f:2c:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBcSHgyBkxSvfBOFUUEbAE+A4NTgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MTIwNzQyMTFaFw0yNzA1MTEwNzQ3MTFaMDMxMTAvBgNV
BAMTKEU2NDIyRTEwQTgyRkYxMDJDRjIzQzQxOUY4REI0NDJBNDg5NkI3NkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuDpb2BCVptFnsjxBzxXU7Tpmk
D5zh4d894SNXu1t54IRkp4wZEXLvxv+yLHQKcCzkFjA+vrOEqtD832BN7n6B/Ipi
UTcJuZI0GAubXznJJkan2Q4RwjLepR1u7pnm4I6LeVfKkKK6D12mBU0Trysq9pF6
IWWVePsTVJsTloYLPLferYxFxRDhLyiTK1XkKZgsASBDCZ8Jq8XU+1+ZoiYcgC9L
1/oNYXASS9umphOk+CAqbWxco5DEjr7sba8h4CXKibHX/c7MAFKje70moYfEePQQ
16lcU3pY0IsUy9lC/v3GIcoSAoc8/p1oiS/berANJgF/uPeHI/d/RA7I2hU5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5kIuEKgv8QLPI8QZ+NtEKkiWt2swHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTM4MTk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQe
MA0GCSqGSIb3DQEBCwUAA4IBAQAbuTYqpXDyMHwivymLSCRW56g6AmdxF3rWGCXQ
epUP4zGLqyUiuhhzhVb2J1EdPUvLwDrkucj0yAf2DU8CRo7XEtocpbU7Kx+X14Qs
GdsX7IOWtQMnGo022tdL4HRAEdY0O9OY7mIzPK5+MTTNWaTSeJ++w9Egnf+tpRBR
7AUEjZ7CL/3VsdTGPKKXY9UhP3b9iV7WMeglaHlucgsq3Vug/EPgttBSf98TKfew
CU1wj4I6YANLDRdz3bWhkauUlnWUznQenS8dM3zO4+si8H87ga2KzRAPbAtBN/u5
mxNtqJ6v1UlaMOEHmq4mqhhUan1jvqEAoFKkS+c5+2KSjyzo
-----END CERTIFICATE-----