Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151389.roa
File:                     AS151389.roa (raw, json)
Hash identifier:          +jmF0MvpLce1SXQru3FWTvTZeQAwCub7rE92PQy3JY8=
Subject key identifier:   C7:E1:AD:67:23:1C:03:6F:B2:0E:2F:35:AD:80:D5:A1:22:82:FA:DF
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3656D0DAE346AF9A6C16ABBA66446BDAEC0B77C8
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151389.roa
Signing time:             Fri 08 May 2026 06:06:25 +0000
ROA not before:           Fri 08 May 2026 06:01:25 +0000
ROA not after:            Fri 07 May 2027 06:06:25 +0000
asID:                     151389
IP address blocks:        143.20.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:56:d0:da:e3:46:af:9a:6c:16:ab:ba:66:44:6b:da:ec:0b:77:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  8 06:01:25 2026 GMT
            Not After : May  7 06:06:25 2027 GMT
        Subject: CN=C7E1AD67231C036FB20E2F35AD80D5A12282FADF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:bd:02:62:30:25:66:07:bc:6e:8e:54:1e:e6:
                    6e:10:0e:ac:9b:16:02:50:50:d6:8f:5c:78:62:fb:
                    ce:7c:d3:7c:34:cc:c8:c5:02:47:32:6a:34:74:34:
                    a1:64:12:a6:1a:6b:7e:57:92:ce:aa:9a:be:bc:2a:
                    53:3d:a8:8e:38:2c:89:cd:13:d1:05:7b:c6:52:6c:
                    14:5a:ee:6b:25:99:ee:c4:7d:49:32:27:73:a4:97:
                    cb:4d:81:7b:e1:7a:dd:b0:2b:f8:a4:d8:db:c7:83:
                    59:d8:d2:3f:f3:b7:f9:32:ed:ff:bc:7a:c8:d1:29:
                    27:e6:4e:f8:68:7e:2b:24:72:04:2b:74:27:0a:02:
                    72:02:8a:bc:61:34:05:6c:b3:85:26:60:64:16:eb:
                    81:e8:19:cf:0b:fa:47:01:26:ea:7e:e1:99:73:b9:
                    9b:f1:b0:0d:a2:bf:ab:a1:77:cd:96:e7:3c:99:97:
                    7c:24:68:d3:3b:02:c4:0d:55:9a:2a:e6:a3:aa:7b:
                    22:0d:eb:2c:76:27:ca:68:0b:18:d5:53:a9:fe:ca:
                    30:72:f8:9a:64:36:00:d3:2d:9b:72:3c:73:5f:b0:
                    26:26:ad:f3:37:3c:f3:b0:1e:df:17:ea:30:f7:ce:
                    64:91:bd:3a:82:16:b4:f3:b4:f9:33:f8:5a:18:07:
                    b2:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:E1:AD:67:23:1C:03:6F:B2:0E:2F:35:AD:80:D5:A1:22:82:FA:DF
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS151389.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a8:25:57:2d:ea:a1:09:34:dc:9c:74:fc:c9:ab:77:ca:81:
         68:b8:d9:fd:76:9f:f6:bc:98:0f:1e:2d:e6:49:cd:77:4f:28:
         09:22:78:28:a1:54:36:32:75:96:75:6f:e5:dd:9a:c9:02:30:
         1c:68:8d:53:a7:6f:24:ec:56:fa:c3:1f:05:e9:eb:ac:07:c7:
         2e:a1:13:d9:56:18:f9:98:1c:70:bf:73:58:f4:11:c0:1b:b1:
         e4:d2:2d:73:3c:a6:99:9e:c0:7f:5c:bb:9c:a4:e5:55:a0:28:
         7b:49:34:eb:df:a2:d4:df:14:82:45:e9:48:3e:57:6a:50:ca:
         5f:b2:15:74:1a:a8:79:3f:23:02:92:f0:60:00:60:83:3c:d8:
         26:0d:85:77:48:43:dd:73:a6:92:f0:80:d9:9b:f8:8e:fe:f9:
         b7:7b:4f:05:85:04:67:ec:0d:f1:31:fe:76:f0:bb:b1:44:6d:
         46:39:01:fc:b7:69:07:01:43:ae:ec:af:e0:b0:86:04:66:93:
         a1:12:33:d2:3f:bb:07:82:bb:c2:0b:da:0e:fc:0c:d1:62:1d:
         e3:19:63:eb:01:0a:7a:14:c7:0d:eb:97:97:e6:13:c5:55:2c:
         ce:86:f5:e8:c7:db:6f:47:e2:b7:95:e3:3c:0d:18:63:8d:c9:
         24:a8:18:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNlbQ2uNGr5psFqu6ZkRr2uwLd8gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MDgwNjAxMjVaFw0yNzA1MDcwNjA2MjVaMDMxMTAvBgNV
BAMTKEM3RTFBRDY3MjMxQzAzNkZCMjBFMkYzNUFEODBENUExMjI4MkZBREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vQJiMCVmB7xujlQe5m4QDqyb
FgJQUNaPXHhi+85803w0zMjFAkcyajR0NKFkEqYaa35Xks6qmr68KlM9qI44LInN
E9EFe8ZSbBRa7mslme7EfUkyJ3Okl8tNgXvhet2wK/ik2NvHg1nY0j/zt/ky7f+8
esjRKSfmTvhofiskcgQrdCcKAnICirxhNAVss4UmYGQW64HoGc8L+kcBJup+4Zlz
uZvxsA2iv6uhd82W5zyZl3wkaNM7AsQNVZoq5qOqeyIN6yx2J8poCxjVU6n+yjBy
+JpkNgDTLZtyPHNfsCYmrfM3PPOwHt8X6jD3zmSRvTqCFrTztPkz+FoYB7LPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUx+GtZyMcA2+yDi81rYDVoSKC+t8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUxMzg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSd
MA0GCSqGSIb3DQEBCwUAA4IBAQCUqCVXLeqhCTTcnHT8yat3yoFouNn9dp/2vJgP
Hi3mSc13TygJIngooVQ2MnWWdW/l3ZrJAjAcaI1Tp28k7Fb6wx8F6eusB8cuoRPZ
Vhj5mBxwv3NY9BHAG7Hk0i1zPKaZnsB/XLucpOVVoCh7STTr36LU3xSCRelIPldq
UMpfshV0Gqh5PyMCkvBgAGCDPNgmDYV3SEPdc6aS8IDZm/iO/vm3e08FhQRn7A3x
Mf528LuxRG1GOQH8t2kHAUOu7K/gsIYEZpOhEjPSP7sHgrvCC9oO/AzRYh3jGWPr
AQp6FMcN65eX5hPFVSzOhvXox9tvR+K3leM8DRhjjckkqBiO
-----END CERTIFICATE-----