Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS149448.roa
File:                     AS149448.roa (raw, json)
Hash identifier:          l8fRncD9ru77klOqNI8jcCSTBapyOCRujTmDztDF/dI=
Subject key identifier:   84:BB:EB:3D:8B:DE:61:27:6D:F5:C1:1F:38:B7:68:6D:38:80:E8:CD
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2398537ED212D0E9B8E1A5B660DE24854841FA14
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS149448.roa
Signing time:             Tue 30 Sep 2025 00:45:53 +0000
ROA not before:           Tue 30 Sep 2025 00:40:53 +0000
ROA not after:            Tue 29 Sep 2026 00:45:53 +0000
asID:                     149448
IP address blocks:        143.20.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:98:53:7e:d2:12:d0:e9:b8:e1:a5:b6:60:de:24:85:48:41:fa:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Sep 30 00:40:53 2025 GMT
            Not After : Sep 29 00:45:53 2026 GMT
        Subject: CN=84BBEB3D8BDE61276DF5C11F38B7686D3880E8CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:61:38:bc:89:08:13:19:2e:00:7b:69:84:
                    03:d8:2c:68:f8:66:ca:42:a4:53:54:05:cd:d9:f9:
                    8f:66:77:93:75:88:56:c2:67:5f:bb:66:0c:8f:f2:
                    bf:f8:5d:ac:10:89:8f:b6:4c:6d:51:ed:34:aa:6a:
                    7c:cc:fa:e4:53:80:02:d4:2f:94:ac:5b:bb:2f:13:
                    48:43:13:5f:62:84:af:11:53:f3:e9:b2:07:30:20:
                    a9:05:0a:e7:da:20:08:61:d1:18:25:f5:80:26:86:
                    8c:d7:38:e5:83:07:de:03:67:b9:00:ef:1b:05:eb:
                    fb:a9:96:d8:25:60:42:ca:ec:67:7c:87:c4:20:99:
                    92:cc:86:73:cb:e8:57:43:a8:59:b9:69:b3:c5:da:
                    3b:c4:07:a3:19:f3:7b:f9:6e:f2:9a:cb:5e:d0:b7:
                    2d:e4:f1:d8:13:a9:da:f9:97:06:97:67:c4:04:70:
                    8b:6d:64:a5:77:f6:e4:e1:ad:0a:fc:28:ed:db:68:
                    f3:f7:35:2c:84:c7:0c:ad:d2:c7:5d:cd:66:0c:ef:
                    5b:11:9f:18:25:a3:bb:2b:3d:5c:23:ce:1b:e9:c1:
                    3c:1a:21:92:d8:de:71:97:72:ed:a3:ff:13:1b:78:
                    62:cb:8d:24:ca:45:3f:34:c2:e7:6e:d7:c9:e4:9e:
                    90:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:BB:EB:3D:8B:DE:61:27:6D:F5:C1:1F:38:B7:68:6D:38:80:E8:CD
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS149448.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f3:3b:fa:c3:4a:ee:ed:4c:bb:f0:a8:43:74:b1:6f:49:84:
         8d:31:6b:66:7e:76:5e:0c:f8:63:58:36:63:28:d5:95:7a:01:
         c4:91:e8:5b:c1:87:e8:fe:d1:67:5f:46:0b:c0:18:9c:92:81:
         36:69:8d:5d:9c:34:9a:78:d7:e5:10:c4:68:8a:a0:f6:82:d6:
         7d:c8:3d:8e:f6:fb:e5:80:69:05:8c:e6:74:fe:2a:93:c3:ec:
         20:15:ba:4b:fa:44:17:88:4c:32:ee:ee:1f:c3:e0:26:36:eb:
         10:48:45:81:57:7e:1e:d0:52:07:eb:14:f3:f6:a0:7a:92:7b:
         5f:67:66:8a:18:df:95:2c:65:ba:bb:12:e6:ea:c7:b6:29:c9:
         24:25:7b:c4:10:eb:ad:e6:fa:b0:cb:92:d8:41:47:20:58:a9:
         a0:d1:7c:05:7b:40:2b:b3:ff:9a:70:a4:fb:1d:7c:9a:b7:92:
         88:50:ad:72:71:0f:ee:77:ad:68:08:48:4f:ac:e9:55:3a:a5:
         72:58:9d:c7:1f:1a:9a:14:8d:ff:4a:83:95:25:1a:96:4b:8d:
         ea:14:87:af:b6:86:08:68:37:e1:ac:16:c2:d0:76:9f:2b:65:
         34:d8:6e:e2:d6:57:a7:23:6b:40:84:05:b1:65:25:44:bb:d9:
         a6:31:b6:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUI5hTftIS0Om44aW2YN4khUhB+hQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MzAwMDQwNTNaFw0yNjA5MjkwMDQ1NTNaMDMxMTAvBgNV
BAMTKDg0QkJFQjNEOEJERTYxMjc2REY1QzExRjM4Qjc2ODZEMzg4MEU4Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2N2E4vIkIExkuAHtphAPYLGj4
ZspCpFNUBc3Z+Y9md5N1iFbCZ1+7ZgyP8r/4XawQiY+2TG1R7TSqanzM+uRTgALU
L5SsW7svE0hDE19ihK8RU/PpsgcwIKkFCufaIAhh0Rgl9YAmhozXOOWDB94DZ7kA
7xsF6/upltglYELK7Gd8h8QgmZLMhnPL6FdDqFm5abPF2jvEB6MZ83v5bvKay17Q
ty3k8dgTqdr5lwaXZ8QEcIttZKV39uThrQr8KO3baPP3NSyExwyt0sddzWYM71sR
nxglo7srPVwjzhvpwTwaIZLY3nGXcu2j/xMbeGLLjSTKRT80wudu18nknpDBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhLvrPYveYSdt9cEfOLdobTiA6M0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTQ5NDQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSC
MA0GCSqGSIb3DQEBCwUAA4IBAQBq8zv6w0ru7Uy78KhDdLFvSYSNMWtmfnZeDPhj
WDZjKNWVegHEkehbwYfo/tFnX0YLwBickoE2aY1dnDSaeNflEMRoiqD2gtZ9yD2O
9vvlgGkFjOZ0/iqTw+wgFbpL+kQXiEwy7u4fw+AmNusQSEWBV34e0FIH6xTz9qB6
kntfZ2aKGN+VLGW6uxLm6se2KckkJXvEEOut5vqwy5LYQUcgWKmg0XwFe0Ars/+a
cKT7HXyat5KIUK1ycQ/ud61oCEhPrOlVOqVyWJ3HHxqaFI3/SoOVJRqWS43qFIev
toYIaDfhrBbC0HafK2U02G7i1lenI2tAhAWxZSVEu9mmMbac
-----END CERTIFICATE-----