Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152918.roa
File:                     AS152918.roa (raw, json)
Hash identifier:          xqkdiT2ZJv4ceWuU4I8Xx309KjmD0y7GhTINpSnSyLg=
Subject key identifier:   7C:55:90:E2:8E:97:FD:D4:F7:0B:E2:08:F5:AA:1C:E6:8A:84:FC:14
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5678C92B52B848DC306CA202F2A744E7693FAEF3
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152918.roa
Signing time:             Wed 13 Aug 2025 01:43:13 +0000
ROA not before:           Wed 13 Aug 2025 01:38:13 +0000
ROA not after:            Wed 12 Aug 2026 01:43:13 +0000
asID:                     152918
IP address blocks:        143.20.228.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 01:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:78:c9:2b:52:b8:48:dc:30:6c:a2:02:f2:a7:44:e7:69:3f:ae:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug 13 01:38:13 2025 GMT
            Not After : Aug 12 01:43:13 2026 GMT
        Subject: CN=7C5590E28E97FDD4F70BE208F5AA1CE68A84FC14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2d:da:e2:8a:e7:c4:ef:56:d4:b9:85:38:6d:
                    12:04:f9:6a:46:c9:f0:f0:3b:fa:bd:e2:91:ec:d6:
                    d9:c0:82:9e:04:54:40:69:b0:4e:a8:4e:10:94:4e:
                    a0:1e:8c:82:89:70:7d:45:7a:54:d0:7c:6a:05:2e:
                    ee:4d:cc:1a:95:2a:c0:eb:8d:6a:97:e6:94:ef:30:
                    93:8b:41:c5:de:1e:6b:ea:3b:e7:95:7b:fe:36:3d:
                    52:81:30:9e:20:df:f0:6d:6a:d9:6e:27:55:00:72:
                    a5:10:30:4b:2d:52:e8:eb:5d:d5:c1:c0:79:99:34:
                    aa:7d:c3:12:5a:e5:2d:c7:e7:a3:71:20:bd:f3:be:
                    aa:68:26:25:b8:4a:88:bf:71:15:66:c9:8d:0f:0e:
                    10:e3:5d:22:7a:28:dd:8d:84:de:17:d9:62:65:29:
                    be:69:a9:61:84:da:6c:0e:7e:8e:9c:8c:b4:d1:9e:
                    0f:02:72:d5:be:31:04:fa:9b:b6:f3:ee:11:f4:33:
                    63:b7:95:fd:58:05:d3:9e:66:36:7e:84:c3:02:7e:
                    e8:19:b6:53:10:77:83:bb:0b:91:f4:dc:60:4b:a4:
                    f0:bf:15:83:b3:7e:4b:a5:3f:c8:e9:65:7a:6d:31:
                    ec:70:1c:8b:10:a1:14:56:23:38:19:ae:5a:a9:37:
                    0a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:55:90:E2:8E:97:FD:D4:F7:0B:E2:08:F5:AA:1C:E6:8A:84:FC:14
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS152918.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:03:f3:60:ba:6c:75:49:ed:15:2f:3a:17:f0:fb:24:90:ae:
         d1:c4:b3:a1:69:81:8f:b2:12:f5:cc:0b:af:b2:f1:54:f7:1e:
         40:db:a1:43:df:45:bd:d8:7e:01:7c:fb:34:51:a2:46:c7:1c:
         9c:34:00:f0:b5:17:5c:14:da:10:e9:66:39:03:bb:6f:34:d0:
         a3:63:d1:a9:76:2e:ac:54:c9:6c:16:25:4e:5b:50:ab:7a:d0:
         78:0b:af:c7:61:71:aa:c8:dc:81:84:27:c4:b0:1c:7e:36:d9:
         1c:55:2d:f4:bc:6d:99:ad:8d:99:57:fe:2a:03:06:94:f8:45:
         70:76:6f:de:76:09:b9:c5:4c:12:b3:e3:ca:86:8e:88:1c:c9:
         6a:62:cc:ad:0a:48:ce:ba:80:e9:16:b2:55:f0:c1:32:63:4e:
         7b:03:ec:47:b8:e8:71:e3:b6:73:ec:72:b0:ee:76:3f:d6:4e:
         13:98:32:6c:91:62:d3:15:3c:79:7b:d8:8d:b6:86:97:67:1a:
         e3:c1:7f:e8:d8:7e:a3:8e:1e:15:11:56:e4:82:de:4b:11:1c:
         09:ad:a1:a2:89:5f:ee:16:3b:27:53:2a:53:7c:d5:e1:90:e0:
         e2:3a:a9:96:28:47:d6:bf:97:ae:96:29:d2:99:f5:ce:98:e5:
         e3:31:0d:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVnjJK1K4SNwwbKIC8qdE52k/rvMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MTMwMTM4MTNaFw0yNjA4MTIwMTQzMTNaMDMxMTAvBgNV
BAMTKDdDNTU5MEUyOEU5N0ZERDRGNzBCRTIwOEY1QUExQ0U2OEE4NEZDMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxLdriiufE71bUuYU4bRIE+WpG
yfDwO/q94pHs1tnAgp4EVEBpsE6oThCUTqAejIKJcH1FelTQfGoFLu5NzBqVKsDr
jWqX5pTvMJOLQcXeHmvqO+eVe/42PVKBMJ4g3/BtatluJ1UAcqUQMEstUujrXdXB
wHmZNKp9wxJa5S3H56NxIL3zvqpoJiW4Soi/cRVmyY0PDhDjXSJ6KN2NhN4X2WJl
Kb5pqWGE2mwOfo6cjLTRng8CctW+MQT6m7bz7hH0M2O3lf1YBdOeZjZ+hMMCfugZ
tlMQd4O7C5H03GBLpPC/FYOzfkulP8jpZXptMexwHIsQoRRWIzgZrlqpNwpxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfFWQ4o6X/dT3C+II9aoc5oqE/BQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUyOTE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjxTk
MA0GCSqGSIb3DQEBCwUAA4IBAQCZA/Ngumx1Se0VLzoX8PskkK7RxLOhaYGPshL1
zAuvsvFU9x5A26FD30W92H4BfPs0UaJGxxycNADwtRdcFNoQ6WY5A7tvNNCjY9Gp
di6sVMlsFiVOW1CretB4C6/HYXGqyNyBhCfEsBx+NtkcVS30vG2ZrY2ZV/4qAwaU
+EVwdm/edgm5xUwSs+PKho6IHMlqYsytCkjOuoDpFrJV8MEyY057A+xHuOhx47Zz
7HKw7nY/1k4TmDJskWLTFTx5e9iNtoaXZxrjwX/o2H6jjh4VEVbkgt5LERwJraGi
iV/uFjsnUypTfNXhkODiOqmWKEfWv5eulinSmfXOmOXjMQ2u
-----END CERTIFICATE-----