Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151338.roa
File:                     AS151338.roa (raw, json)
Hash identifier:          loALYyM7qPPuII2Xycdri+ZZ5z4F1eodCq//XW84Doc=
Subject key identifier:   34:05:07:68:CD:94:A0:F5:FA:4F:8D:0E:6A:F3:B7:FC:0D:7F:9E:D1
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       27DC3B3C03C1F7A3953E5AECC36C54487AB53FF1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151338.roa
Signing time:             Tue 24 Jun 2025 00:02:01 +0000
ROA not before:           Mon 23 Jun 2025 23:57:01 +0000
ROA not after:            Tue 23 Jun 2026 00:02:01 +0000
asID:                     151338
IP address blocks:        143.20.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:dc:3b:3c:03:c1:f7:a3:95:3e:5a:ec:c3:6c:54:48:7a:b5:3f:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 23 23:57:01 2025 GMT
            Not After : Jun 23 00:02:01 2026 GMT
        Subject: CN=34050768CD94A0F5FA4F8D0E6AF3B7FC0D7F9ED1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fc:55:a1:65:96:b2:4e:75:01:da:59:28:ee:
                    d0:17:ad:29:73:76:bf:e3:1c:0d:f5:7b:8c:f3:97:
                    43:1f:7a:49:dd:75:2c:2d:68:63:31:00:13:6b:1d:
                    3a:b6:23:bc:20:f7:e9:bb:2f:29:6c:86:f9:96:13:
                    ad:4a:2c:cd:5f:6e:dc:58:25:7a:16:2a:58:86:78:
                    4e:79:1c:33:11:67:10:ea:6e:91:22:c4:56:27:31:
                    1d:40:9a:f8:62:7c:2a:92:0d:d9:7d:50:fd:8c:1d:
                    46:0b:9e:45:eb:2e:e7:bb:9f:d2:18:8e:87:40:dc:
                    8e:a7:3e:a7:37:4f:0a:8e:61:88:3b:73:66:63:0c:
                    b6:be:0b:63:9b:5e:1f:18:42:32:13:1f:f2:74:7b:
                    a3:1a:e4:c6:8e:cb:17:71:05:85:6c:b0:7c:87:7d:
                    ff:dd:c1:ec:3e:9e:c6:42:97:2e:68:dc:45:89:9c:
                    bd:06:86:cc:32:e5:a3:3e:f7:e4:7f:64:ef:6d:33:
                    64:1f:fc:8c:15:cb:6d:76:55:c0:3c:09:c3:2a:08:
                    7e:d2:d7:46:2c:a1:53:73:46:f7:92:56:e1:fe:17:
                    2c:82:a6:cc:a5:ad:a7:b3:6f:62:ca:68:9f:e4:40:
                    5a:c9:27:c9:db:3d:0c:6d:a8:5b:89:62:af:60:fd:
                    d1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:05:07:68:CD:94:A0:F5:FA:4F:8D:0E:6A:F3:B7:FC:0D:7F:9E:D1
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:9e:64:1f:a8:62:84:b6:ba:63:6c:ea:86:0f:82:62:83:22:
         c5:c5:59:9a:11:b4:23:39:0e:1b:8a:ef:4c:fa:59:64:49:52:
         fd:ff:ff:8e:aa:9c:06:72:be:43:a9:84:eb:2e:c9:5d:1d:27:
         0e:ec:aa:c4:7e:32:0d:66:a7:29:ef:27:4b:b6:06:65:9e:27:
         d4:a8:a0:8c:c2:87:90:86:e0:3f:da:43:60:3a:1d:dd:bd:c2:
         4b:05:9c:d4:71:2f:0b:49:25:51:61:15:90:c1:95:92:c6:fa:
         32:e6:60:38:65:78:12:75:f4:9d:2c:cb:63:ff:51:85:42:74:
         77:8f:3e:40:fc:f2:34:b0:5f:49:b0:bf:57:20:4a:b8:bd:c8:
         9a:2a:a3:58:21:7a:11:b8:79:ae:7b:e9:96:28:4f:0a:da:e8:
         64:68:5d:7a:ff:3c:fb:2b:30:a0:63:6c:d9:3b:29:46:ce:49:
         11:40:11:fb:e1:f6:65:a4:45:30:28:94:10:97:0e:5b:f9:b7:
         32:2e:35:af:d7:9c:17:db:ff:19:2a:5c:f6:98:92:c6:bf:1d:
         b5:b4:20:bb:e3:a0:67:07:07:b4:64:97:0c:17:33:30:89:f1:
         f7:f7:f0:69:c6:10:35:dd:96:1d:44:46:08:3b:aa:3f:0a:12:
         b8:6c:0d:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJ9w7PAPB96OVPlrsw2xUSHq1P/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjMyMzU3MDFaFw0yNjA2MjMwMDAyMDFaMDMxMTAvBgNV
BAMTKDM0MDUwNzY4Q0Q5NEEwRjVGQTRGOEQwRTZBRjNCN0ZDMEQ3RjlFRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4/FWhZZayTnUB2lko7tAXrSlz
dr/jHA31e4zzl0MfeknddSwtaGMxABNrHTq2I7wg9+m7LylshvmWE61KLM1fbtxY
JXoWKliGeE55HDMRZxDqbpEixFYnMR1AmvhifCqSDdl9UP2MHUYLnkXrLue7n9IY
jodA3I6nPqc3TwqOYYg7c2ZjDLa+C2ObXh8YQjITH/J0e6Ma5MaOyxdxBYVssHyH
ff/dwew+nsZCly5o3EWJnL0Ghswy5aM+9+R/ZO9tM2Qf/IwVy212VcA8CcMqCH7S
10YsoVNzRveSVuH+FyyCpsylraezb2LKaJ/kQFrJJ8nbPQxtqFuJYq9g/dHzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNAUHaM2UoPX6T40OavO3/A1/ntEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUxMzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSP
MA0GCSqGSIb3DQEBCwUAA4IBAQA4nmQfqGKEtrpjbOqGD4JigyLFxVmaEbQjOQ4b
iu9M+llkSVL9//+OqpwGcr5DqYTrLsldHScO7KrEfjINZqcp7ydLtgZlnifUqKCM
woeQhuA/2kNgOh3dvcJLBZzUcS8LSSVRYRWQwZWSxvoy5mA4ZXgSdfSdLMtj/1GF
QnR3jz5A/PI0sF9JsL9XIEq4vciaKqNYIXoRuHmue+mWKE8K2uhkaF16/zz7KzCg
Y2zZOylGzkkRQBH74fZlpEUwKJQQlw5b+bcyLjWv15wX2/8ZKlz2mJLGvx21tCC7
46BnBwe0ZJcMFzMwifH39/BpxhA13ZYdREYIO6o/ChK4bA2Z
-----END CERTIFICATE-----