Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS140498.roa
File:                     AS140498.roa (raw, json)
Hash identifier:          u98RCmzec83+Y0JYyOUF26zn5uGr3HUnU/G1rh166no=
Subject key identifier:   04:EC:29:11:24:12:31:3D:B8:B5:F1:2A:AC:09:0C:48:AD:D9:8C:87
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5A4F5DF418154F5DB7F503A03085A800DA66EAEF
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS140498.roa
Signing time:             Sat 21 Jun 2025 17:30:46 +0000
ROA not before:           Sat 21 Jun 2025 17:25:46 +0000
ROA not after:            Sat 20 Jun 2026 17:30:46 +0000
asID:                     140498
IP address blocks:        143.20.66.0/24 maxlen: 24
                          143.20.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:4f:5d:f4:18:15:4f:5d:b7:f5:03:a0:30:85:a8:00:da:66:ea:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 21 17:25:46 2025 GMT
            Not After : Jun 20 17:30:46 2026 GMT
        Subject: CN=04EC29112412313DB8B5F12AAC090C48ADD98C87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6f:61:7b:51:c9:75:aa:6b:35:e9:72:b5:16:
                    42:94:3b:63:72:13:50:02:6d:e0:89:63:8c:2d:a8:
                    dd:cf:0c:9c:e7:3f:2d:87:c1:3f:2c:d7:e6:97:b0:
                    96:03:53:70:bb:6d:71:54:15:11:f1:6b:8b:ef:ae:
                    51:88:e2:bd:5a:99:e1:b0:c2:cb:be:23:43:20:cf:
                    d0:88:cc:a6:a9:e5:c4:a9:81:f5:fd:f2:e3:dd:f5:
                    87:d7:7c:9d:11:e6:18:17:bd:47:33:56:33:8c:71:
                    45:dd:40:d5:94:32:90:d3:62:2d:ea:a3:d5:90:87:
                    05:1f:92:7b:86:37:16:8f:99:1e:58:56:36:c9:02:
                    b1:e8:02:36:ae:f5:c0:28:dd:72:9e:f6:55:c2:51:
                    c7:56:98:f6:12:42:c6:54:9b:4d:58:6b:0e:89:23:
                    3c:63:1e:43:c3:63:33:32:c4:dd:69:ab:3d:8b:5f:
                    24:03:40:c1:04:5d:cf:e0:ea:69:3b:c7:4a:c5:95:
                    35:f0:92:08:2e:ac:51:3a:ed:b0:ce:7f:ab:d3:be:
                    e8:47:b3:6f:ce:90:9a:30:c6:50:52:d5:51:81:0c:
                    cd:c0:34:f2:a9:52:4b:5d:ef:d2:27:1e:d0:85:7f:
                    aa:ee:9a:66:c8:dd:d6:9b:25:c5:2a:e1:39:02:7b:
                    a5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:EC:29:11:24:12:31:3D:B8:B5:F1:2A:AC:09:0C:48:AD:D9:8C:87
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS140498.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.66.0/24
                  143.20.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:58:31:52:b3:20:50:b0:f2:88:65:e4:e9:9f:3d:9d:3a:23:
         d4:21:84:41:97:60:69:3b:f5:82:30:e2:b7:5e:64:fe:6f:2c:
         43:a3:2e:02:73:c7:89:8d:5a:9d:e8:d1:85:57:45:d4:c3:86:
         c8:73:45:1f:f4:ed:e7:9a:8c:d1:08:17:37:1a:1d:05:12:d7:
         38:b2:a8:32:90:20:24:55:44:ac:24:61:fa:1c:a8:ae:43:f5:
         b3:33:44:e3:ad:97:e1:3b:47:47:52:50:ab:d7:0d:ea:95:5a:
         1c:ee:1d:8d:37:16:3d:b6:d9:28:a4:a1:c3:27:61:9d:ef:ee:
         64:c5:9f:4b:de:76:1a:7f:df:2e:b7:d7:ed:bf:40:81:02:e1:
         da:06:cc:cb:df:91:98:81:20:d8:e6:c5:d9:b9:97:34:14:90:
         e7:74:d6:75:ab:b9:e3:a4:e7:a5:b3:99:2f:af:f2:f3:67:ff:
         ae:2f:f4:21:25:9d:d3:7a:67:8b:87:15:f0:0b:36:50:74:d4:
         47:65:0c:16:ed:b5:db:fe:91:b1:34:c3:9c:a6:77:df:32:86:
         3b:5b:bb:66:ca:dc:6a:e7:ba:27:9b:40:9d:d0:ac:63:1b:70:
         cc:8c:bd:2e:c9:ba:0e:64:48:36:c0:fb:5e:a8:f0:75:c6:62:
         b3:33:ac:52
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUWk9d9BgVT1239QOgMIWoANpm6u8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjExNzI1NDZaFw0yNjA2MjAxNzMwNDZaMDMxMTAvBgNV
BAMTKDA0RUMyOTExMjQxMjMxM0RCOEI1RjEyQUFDMDkwQzQ4QUREOThDODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEb2F7Ucl1qms16XK1FkKUO2Ny
E1ACbeCJY4wtqN3PDJznPy2HwT8s1+aXsJYDU3C7bXFUFRHxa4vvrlGI4r1ameGw
wsu+I0Mgz9CIzKap5cSpgfX98uPd9YfXfJ0R5hgXvUczVjOMcUXdQNWUMpDTYi3q
o9WQhwUfknuGNxaPmR5YVjbJArHoAjau9cAo3XKe9lXCUcdWmPYSQsZUm01Yaw6J
IzxjHkPDYzMyxN1pqz2LXyQDQMEEXc/g6mk7x0rFlTXwkggurFE67bDOf6vTvuhH
s2/OkJowxlBS1VGBDM3ANPKpUktd79InHtCFf6rummbI3dabJcUq4TkCe6WjAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUBOwpESQSMT24tfEqrAkMSK3ZjIcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTQwNDk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxRC
AwQAjxRNMA0GCSqGSIb3DQEBCwUAA4IBAQB7WDFSsyBQsPKIZeTpnz2dOiPUIYRB
l2BpO/WCMOK3XmT+byxDoy4Cc8eJjVqd6NGFV0XUw4bIc0Uf9O3nmozRCBc3Gh0F
Etc4sqgykCAkVUSsJGH6HKiuQ/WzM0TjrZfhO0dHUlCr1w3qlVoc7h2NNxY9ttko
pKHDJ2Gd7+5kxZ9L3nYaf98ut9ftv0CBAuHaBszL35GYgSDY5sXZuZc0FJDndNZ1
q7njpOels5kvr/LzZ/+uL/QhJZ3TemeLhxXwCzZQdNRHZQwW7bXb/pGxNMOcpnff
MoY7W7tmytxq57onm0Cd0KxjG3DMjL0uyboOZEg2wPteqPB1xmKzM6xS
-----END CERTIFICATE-----