Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151373.roa
File:                     AS151373.roa (raw, json)
Hash identifier:          2eQICw4xsXoBKmbl6FrpwUTwIdvqOjM7d5R3/Tdz5RA=
Subject key identifier:   83:E8:B5:40:46:77:C9:C6:2B:80:73:80:B7:0A:E0:A2:86:75:B5:8E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       79868DA508031B17FE70BFB3427C8BD3088FFCDA
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151373.roa
Signing time:             Mon 16 Jun 2025 11:03:49 +0000
ROA not before:           Mon 16 Jun 2025 10:58:49 +0000
ROA not after:            Mon 15 Jun 2026 11:03:49 +0000
asID:                     151373
IP address blocks:        143.20.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:86:8d:a5:08:03:1b:17:fe:70:bf:b3:42:7c:8b:d3:08:8f:fc:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 16 10:58:49 2025 GMT
            Not After : Jun 15 11:03:49 2026 GMT
        Subject: CN=83E8B5404677C9C62B807380B70AE0A28675B58E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:47:38:73:12:fc:46:cf:db:76:15:e2:39:95:
                    01:9b:4d:34:40:60:bb:62:f2:1c:2a:da:a7:c0:0c:
                    54:76:ff:14:59:79:3f:db:27:15:12:3a:59:64:e7:
                    37:a2:de:b0:e8:d2:20:24:e4:a2:b1:c2:fb:5e:63:
                    6c:52:8f:d5:c1:68:7c:aa:18:dc:fe:38:a8:b8:57:
                    56:82:b3:54:69:7e:0d:9e:0d:ac:4c:6a:9d:7e:7c:
                    73:15:02:f1:b6:d2:32:d8:4d:d9:57:a1:4d:d1:71:
                    c8:4e:6c:ad:4c:0b:f0:76:06:d6:55:ec:93:1c:52:
                    76:9a:26:2c:f6:6f:cf:a3:62:46:94:7f:63:cb:75:
                    ec:04:b9:2e:d6:e9:a2:33:73:b6:05:53:3d:f1:cf:
                    b5:e6:83:74:aa:b4:62:3d:f3:0a:ef:88:19:c6:0e:
                    5e:52:d8:10:ba:86:3b:64:f9:1c:d8:3f:67:15:c5:
                    92:5f:12:5b:42:dd:23:f9:ce:06:e5:44:75:c9:8a:
                    04:24:63:cc:77:cc:4b:8a:53:af:0c:f4:cd:5c:60:
                    68:39:2d:83:7d:96:9d:e6:fb:93:25:1e:76:99:a4:
                    cd:14:05:6c:7e:ae:b6:25:07:d9:d9:5d:f3:df:d4:
                    cd:b6:5c:04:a3:d9:6f:9a:a1:9c:ff:b0:37:78:a7:
                    1f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:E8:B5:40:46:77:C9:C6:2B:80:73:80:B7:0A:E0:A2:86:75:B5:8E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151373.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:20:37:20:e1:bf:b6:5a:6f:28:a1:f6:52:8e:78:d3:27:33:
         c6:b2:3d:4c:8d:75:b4:12:d5:6f:cf:9e:24:64:60:16:ab:28:
         fe:8c:16:4a:a3:22:27:fa:18:70:87:b2:d3:7d:fb:c3:36:15:
         e6:2d:37:2e:23:5f:61:0b:97:47:aa:81:7a:e8:df:91:32:c6:
         8b:07:08:c5:61:08:bf:ac:50:46:28:d6:c5:1f:e6:e8:20:0f:
         db:f3:95:8d:6b:7f:4d:6f:11:ab:c6:9a:e9:97:fd:6f:17:43:
         f6:91:9f:f5:d6:78:85:eb:a9:ea:13:c3:f9:90:31:72:38:87:
         ef:5f:fb:13:9d:72:92:1c:bd:9d:56:e9:7d:a6:75:c3:84:36:
         1d:38:1d:2f:9d:4b:a1:fc:72:84:e3:6e:20:5a:d9:2b:63:2e:
         b2:78:7c:67:cd:15:69:15:8b:1b:85:d6:cb:e8:6e:eb:89:3f:
         c6:1a:83:fa:29:5a:bd:5b:0c:1d:f4:69:fe:c9:e8:f6:f1:33:
         fa:52:88:4d:b7:91:b8:c6:85:fb:8e:30:1b:fc:00:cc:36:33:
         40:e1:cf:af:38:d9:00:6b:7a:90:11:28:1e:4d:09:dc:05:30:
         c5:29:7e:03:07:07:05:17:0d:61:bf:2c:51:57:16:ef:1c:99:
         92:af:d7:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeYaNpQgDGxf+cL+zQnyL0wiP/NowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTYxMDU4NDlaFw0yNjA2MTUxMTAzNDlaMDMxMTAvBgNV
BAMTKDgzRThCNTQwNDY3N0M5QzYyQjgwNzM4MEI3MEFFMEEyODY3NUI1OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnRzhzEvxGz9t2FeI5lQGbTTRA
YLti8hwq2qfADFR2/xRZeT/bJxUSOllk5zei3rDo0iAk5KKxwvteY2xSj9XBaHyq
GNz+OKi4V1aCs1Rpfg2eDaxMap1+fHMVAvG20jLYTdlXoU3RcchObK1MC/B2BtZV
7JMcUnaaJiz2b8+jYkaUf2PLdewEuS7W6aIzc7YFUz3xz7Xmg3SqtGI98wrviBnG
Dl5S2BC6hjtk+RzYP2cVxZJfEltC3SP5zgblRHXJigQkY8x3zEuKU68M9M1cYGg5
LYN9lp3m+5MlHnaZpM0UBWx+rrYlB9nZXfPf1M22XASj2W+aoZz/sDd4px/LAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUg+i1QEZ3ycYrgHOAtwrgooZ1tY4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUxMzczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQv
MA0GCSqGSIb3DQEBCwUAA4IBAQDaIDcg4b+2Wm8oofZSjnjTJzPGsj1MjXW0EtVv
z54kZGAWqyj+jBZKoyIn+hhwh7LTffvDNhXmLTcuI19hC5dHqoF66N+RMsaLBwjF
YQi/rFBGKNbFH+boIA/b85WNa39NbxGrxprpl/1vF0P2kZ/11niF66nqE8P5kDFy
OIfvX/sTnXKSHL2dVul9pnXDhDYdOB0vnUuh/HKE424gWtkrYy6yeHxnzRVpFYsb
hdbL6G7riT/GGoP6KVq9Wwwd9Gn+yej28TP6UohNt5G4xoX7jjAb/ADMNjNA4c+v
ONkAa3qQESgeTQncBTDFKX4DBwcFFw1hvyxRVxbvHJmSr9dK
-----END CERTIFICATE-----