Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS150338.roa
File:                     AS150338.roa (raw, json)
Hash identifier:          BjTS8aedgHwSDePBQEQ0RP9oBQ6NeW31zx74vTZqO7E=
Subject key identifier:   AF:12:C3:79:3C:A1:7B:72:4E:24:B9:B7:9D:72:75:6D:3E:EC:4D:A1
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7402A1306B979D12605DC5DE91E17F4669B1D68B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS150338.roa
Signing time:             Sat 04 Oct 2025 15:32:16 +0000
ROA not before:           Sat 04 Oct 2025 15:27:16 +0000
ROA not after:            Sat 03 Oct 2026 15:32:16 +0000
asID:                     150338
IP address blocks:        143.20.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:02:a1:30:6b:97:9d:12:60:5d:c5:de:91:e1:7f:46:69:b1:d6:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct  4 15:27:16 2025 GMT
            Not After : Oct  3 15:32:16 2026 GMT
        Subject: CN=AF12C3793CA17B724E24B9B79D72756D3EEC4DA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:9f:6f:66:56:79:85:49:72:75:92:ce:cf:48:
                    70:e5:d8:2d:a5:b0:86:77:46:48:6c:a8:95:cc:75:
                    f1:80:62:7a:96:c4:25:bc:e7:f0:e2:09:e5:f2:78:
                    e9:88:84:b0:62:d8:f9:55:e3:35:e8:b3:fc:bf:07:
                    bd:f0:81:3c:b5:ca:81:8d:d1:e1:fd:c0:60:5f:76:
                    80:57:b5:a8:a1:70:ed:55:64:ed:ce:4b:e8:16:98:
                    b0:67:09:58:cf:74:23:46:1d:7c:57:eb:59:76:20:
                    f2:e8:7a:b2:d4:23:c1:6c:48:ad:21:5a:57:65:e6:
                    b8:66:f3:44:71:80:e0:58:81:d9:8f:80:31:c6:fe:
                    01:6d:1b:1f:e7:f4:ac:bf:4c:ce:b5:e3:49:0e:35:
                    8c:61:35:5a:12:fa:74:3e:dd:3e:4e:67:81:61:1c:
                    69:03:5c:f4:31:0f:04:2c:e9:59:50:8a:ea:d9:50:
                    b0:9a:34:29:37:d3:d0:f5:91:bc:b5:be:ec:4e:52:
                    d9:52:33:a2:74:ae:0b:c6:2f:71:83:86:10:f9:4a:
                    e5:32:d7:e5:11:de:ab:3a:75:23:cb:3e:99:1f:06:
                    1b:a4:b4:01:61:68:46:9e:0c:6a:ea:49:7e:1a:9d:
                    be:6c:6a:04:41:25:fe:8b:c6:58:a2:9f:3c:95:95:
                    f3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:12:C3:79:3C:A1:7B:72:4E:24:B9:B7:9D:72:75:6D:3E:EC:4D:A1
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS150338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:b0:3a:df:ad:a1:ca:63:ca:da:af:6a:2d:38:c4:ee:87:a4:
         d4:9e:69:66:14:08:d8:92:fd:7f:00:63:2a:d4:f5:37:93:ec:
         54:da:09:4e:44:d8:c5:8a:8f:0e:16:5a:ac:40:c9:78:f2:6c:
         2e:03:91:b8:82:7a:1b:3d:5e:94:5c:70:f2:56:54:f4:46:1b:
         af:c3:81:e7:e9:3a:ba:83:4a:ec:1a:be:18:ae:c7:92:42:0a:
         60:40:68:54:1e:54:b1:0d:5c:49:6e:a2:e7:95:66:40:61:0d:
         00:8d:e9:f7:83:e8:da:9b:d6:09:7f:a4:ab:34:bb:d6:ce:82:
         63:9b:19:1a:4c:0a:ed:3b:05:89:86:50:80:9f:93:cd:06:8a:
         9a:78:24:cc:31:4d:94:8b:69:c4:84:b3:4d:d1:5c:dd:a2:d0:
         5e:17:1f:f7:b7:4c:7b:6e:77:d0:4b:ef:d1:1d:01:50:ad:eb:
         81:be:ea:b2:b1:e2:d6:bc:a9:38:72:4e:f8:64:4a:9d:ea:a0:
         86:ef:59:f1:8b:3d:96:bb:fa:a3:01:1b:71:85:27:25:6a:fb:
         99:c0:26:6b:27:c7:61:1d:aa:f3:3c:92:c2:7e:d6:59:74:e5:
         a1:79:b2:54:10:ce:cc:2d:aa:a0:bd:1a:9b:82:e8:e2:d1:9d:
         c0:f1:10:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdAKhMGuXnRJgXcXekeF/Rmmx1oswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMDQxNTI3MTZaFw0yNjEwMDMxNTMyMTZaMDMxMTAvBgNV
BAMTKEFGMTJDMzc5M0NBMTdCNzI0RTI0QjlCNzlENzI3NTZEM0VFQzREQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsn29mVnmFSXJ1ks7PSHDl2C2l
sIZ3RkhsqJXMdfGAYnqWxCW85/DiCeXyeOmIhLBi2PlV4zXos/y/B73wgTy1yoGN
0eH9wGBfdoBXtaihcO1VZO3OS+gWmLBnCVjPdCNGHXxX61l2IPLoerLUI8FsSK0h
Wldl5rhm80RxgOBYgdmPgDHG/gFtGx/n9Ky/TM6140kONYxhNVoS+nQ+3T5OZ4Fh
HGkDXPQxDwQs6VlQiurZULCaNCk309D1kby1vuxOUtlSM6J0rgvGL3GDhhD5SuUy
1+UR3qs6dSPLPpkfBhuktAFhaEaeDGrqSX4anb5sagRBJf6LxliinzyVlfNrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUrxLDeTyhe3JOJLm3nXJ1bT7sTaEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUwMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQr
MA0GCSqGSIb3DQEBCwUAA4IBAQC3sDrfraHKY8rar2otOMTuh6TUnmlmFAjYkv1/
AGMq1PU3k+xU2glORNjFio8OFlqsQMl48mwuA5G4gnobPV6UXHDyVlT0Rhuvw4Hn
6Tq6g0rsGr4YrseSQgpgQGhUHlSxDVxJbqLnlWZAYQ0Ajen3g+jam9YJf6SrNLvW
zoJjmxkaTArtOwWJhlCAn5PNBoqaeCTMMU2Ui2nEhLNN0VzdotBeFx/3t0x7bnfQ
S+/RHQFQreuBvuqyseLWvKk4ck74ZEqd6qCG71nxiz2Wu/qjARtxhSclavuZwCZr
J8dhHarzPJLCftZZdOWhebJUEM7MLaqgvRqbguji0Z3A8RCB
-----END CERTIFICATE-----