Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152611.roa
File:                     AS152611.roa (raw, json)
Hash identifier:          sSOaIhP+ZPLpfBh/tmQuH/k+mPKpUrGJJgjtsp5kU60=
Subject key identifier:   9B:EA:AB:6E:E4:69:F0:62:57:83:35:6D:F4:E6:E8:DE:EA:F2:63:B7
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2306B74D1AE7A1796F87F39F66F78DC70121F7A5
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152611.roa
Signing time:             Sat 21 Jun 2025 09:42:27 +0000
ROA not before:           Sat 21 Jun 2025 09:37:27 +0000
ROA not after:            Sat 20 Jun 2026 09:42:27 +0000
asID:                     152611
IP address blocks:        143.20.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:06:b7:4d:1a:e7:a1:79:6f:87:f3:9f:66:f7:8d:c7:01:21:f7:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 21 09:37:27 2025 GMT
            Not After : Jun 20 09:42:27 2026 GMT
        Subject: CN=9BEAAB6EE469F0625783356DF4E6E8DEEAF263B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a2:7a:00:e6:6c:6e:78:48:2a:9a:da:db:38:
                    a6:35:ab:38:d4:7b:63:cf:46:11:e8:1c:29:9c:14:
                    a6:8f:2d:4d:44:c0:0e:95:6e:0e:5b:d7:aa:b5:67:
                    e9:08:43:44:10:87:b9:c6:f0:46:e0:56:8f:41:5c:
                    96:15:50:68:ec:8e:7a:53:ed:28:95:85:af:73:4c:
                    b8:84:c9:49:24:aa:88:73:13:0b:7d:a1:34:4c:da:
                    94:67:47:42:29:2d:aa:c0:1b:3c:83:c3:e0:1d:89:
                    70:69:45:05:94:6f:2d:c9:11:d5:9d:ac:08:bb:24:
                    ab:3e:58:16:38:bc:4c:b1:ee:f9:e0:26:90:4a:c6:
                    a6:19:77:d6:db:8e:be:a2:db:af:c6:06:fa:7e:56:
                    ef:16:0c:55:a7:18:83:4a:2c:27:3a:a6:4b:c4:cf:
                    cc:05:49:d1:85:18:86:41:f9:91:4e:24:8e:f0:0e:
                    1b:03:be:34:4b:3d:a4:6b:f8:bc:8f:6c:54:ae:b6:
                    38:16:21:8e:ff:97:86:71:c4:31:52:89:4f:78:3a:
                    97:d8:85:22:94:b0:38:e1:aa:94:1f:14:a5:a2:b5:
                    1d:1b:ab:62:97:a7:0d:0d:33:e4:26:6c:74:97:0b:
                    a7:8c:35:6e:be:37:44:ab:0f:78:96:05:86:24:b6:
                    a3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:EA:AB:6E:E4:69:F0:62:57:83:35:6D:F4:E6:E8:DE:EA:F2:63:B7
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152611.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:96:b7:85:8a:f9:f7:f9:51:2b:cd:51:22:02:8d:82:57:b6:
         a4:31:5c:03:59:5c:f1:4a:d7:98:d0:9d:5b:ce:35:55:67:15:
         a0:64:04:14:61:25:07:3c:15:78:78:a8:fd:4f:cb:38:d2:8a:
         e0:c6:69:ea:64:c9:ac:dd:e3:0e:61:f6:6e:42:20:8a:e7:44:
         39:4c:2b:aa:08:8b:3e:1b:ef:0b:93:98:21:6c:bb:b8:e2:f3:
         e9:a4:4d:77:9a:cf:83:3a:72:a8:8a:c5:ff:63:f5:af:c9:80:
         71:6f:14:dd:13:f8:bf:e5:b9:e1:4a:ad:00:55:32:c4:f4:90:
         01:7a:37:92:03:ea:69:9c:08:28:f4:90:7a:b1:e8:5e:40:77:
         cc:be:b7:ff:be:78:2d:c6:1c:ae:4d:2e:eb:e3:7d:f7:64:88:
         a1:1b:6e:60:50:21:b8:8c:47:b6:b6:b7:42:ae:07:56:69:b4:
         07:6c:96:e7:7a:8b:e1:a4:cb:4a:f3:45:c3:0f:8a:52:94:30:
         34:cd:4c:a3:bb:94:67:6e:0d:00:7b:88:2e:ef:7d:05:6f:e1:
         7b:83:ef:c2:36:5d:38:75:54:3a:b7:10:88:7f:c1:ff:05:03:
         8f:c7:d2:dc:2b:5d:6b:c9:bf:bf:0b:aa:ae:ad:66:1f:17:b2:
         88:e2:70:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIwa3TRrnoXlvh/OfZveNxwEh96UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjEwOTM3MjdaFw0yNjA2MjAwOTQyMjdaMDMxMTAvBgNV
BAMTKDlCRUFBQjZFRTQ2OUYwNjI1NzgzMzU2REY0RTZFOERFRUFGMjYzQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMonoA5mxueEgqmtrbOKY1qzjU
e2PPRhHoHCmcFKaPLU1EwA6Vbg5b16q1Z+kIQ0QQh7nG8EbgVo9BXJYVUGjsjnpT
7SiVha9zTLiEyUkkqohzEwt9oTRM2pRnR0IpLarAGzyDw+AdiXBpRQWUby3JEdWd
rAi7JKs+WBY4vEyx7vngJpBKxqYZd9bbjr6i26/GBvp+Vu8WDFWnGINKLCc6pkvE
z8wFSdGFGIZB+ZFOJI7wDhsDvjRLPaRr+LyPbFSutjgWIY7/l4ZxxDFSiU94OpfY
hSKUsDjhqpQfFKWitR0bq2KXpw0NM+QmbHSXC6eMNW6+N0SrD3iWBYYktqPPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUm+qrbuRp8GJXgzVt9Obo3uryY7cwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUyNjExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRB
MA0GCSqGSIb3DQEBCwUAA4IBAQAClreFivn3+VErzVEiAo2CV7akMVwDWVzxSteY
0J1bzjVVZxWgZAQUYSUHPBV4eKj9T8s40orgxmnqZMms3eMOYfZuQiCK50Q5TCuq
CIs+G+8Lk5ghbLu44vPppE13ms+DOnKoisX/Y/WvyYBxbxTdE/i/5bnhSq0AVTLE
9JABejeSA+ppnAgo9JB6seheQHfMvrf/vngtxhyuTS7r4333ZIihG25gUCG4jEe2
trdCrgdWabQHbJbneovhpMtK80XDD4pSlDA0zUyju5Rnbg0Ae4gu730Fb+F7g+/C
Nl04dVQ6txCIf8H/BQOPx9LcK11ryb+/C6qurWYfF7KI4nBV
-----END CERTIFICATE-----