Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS153923.roa
File:                     AS153923.roa (raw, json)
Hash identifier:          KCTDrh132v4nMymeEPPz1nHUqCGDMU/ESn16m3o7HXs=
Subject key identifier:   DF:C9:C1:1C:8C:10:E8:AE:74:DC:94:D5:B5:5C:92:1C:1A:32:29:FA
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7F2E6EE4BAD634E010EE0456601971EDB47770EC
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS153923.roa
Signing time:             Tue 24 Jun 2025 09:41:56 +0000
ROA not before:           Tue 24 Jun 2025 09:36:56 +0000
ROA not after:            Tue 23 Jun 2026 09:41:56 +0000
asID:                     153923
IP address blocks:        143.20.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:2e:6e:e4:ba:d6:34:e0:10:ee:04:56:60:19:71:ed:b4:77:70:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun 24 09:36:56 2025 GMT
            Not After : Jun 23 09:41:56 2026 GMT
        Subject: CN=DFC9C11C8C10E8AE74DC94D5B55C921C1A3229FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e9:8f:2f:04:23:47:3b:06:fe:b6:93:dc:a7:
                    2f:58:26:bc:9c:44:b0:79:29:6a:f0:5d:e8:2c:14:
                    15:e3:ac:b0:66:67:52:95:7b:67:96:3c:b6:82:a7:
                    d1:f8:7d:65:7e:69:39:0d:63:67:81:22:e1:4f:11:
                    ec:2c:3f:f2:6a:d2:f0:cf:77:6e:ea:99:01:84:4f:
                    eb:48:2d:64:68:b8:0c:e4:12:53:ad:7e:ae:12:4c:
                    10:0f:70:56:6c:b2:c6:56:84:4a:e3:ec:12:e8:2e:
                    ac:7e:e4:ca:bb:df:a6:c3:f7:48:d8:71:79:83:5c:
                    bb:53:c2:92:90:08:cf:3a:c4:a4:d4:78:85:26:05:
                    46:4f:0e:97:f3:5c:02:0f:7d:54:2b:9f:62:cb:bc:
                    c4:db:8a:bc:be:8d:17:1d:59:d4:06:55:35:7e:dc:
                    d3:84:23:50:da:9e:d8:11:0c:bb:ef:2b:5e:6b:9f:
                    65:3e:c6:94:ff:52:f1:f0:6d:f4:23:36:25:1b:8a:
                    ad:00:2d:e5:29:4c:ad:78:dc:c4:83:aa:ed:09:ab:
                    51:a0:e1:d6:eb:5b:61:8e:17:c3:4b:6a:a4:61:48:
                    e3:ed:29:a9:a6:6c:f2:a3:5a:e8:9a:d1:e1:7d:6a:
                    4c:1d:0a:ac:5f:f6:36:2d:e4:1a:4b:87:34:cb:68:
                    b2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C9:C1:1C:8C:10:E8:AE:74:DC:94:D5:B5:5C:92:1C:1A:32:29:FA
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS153923.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:c9:84:dc:76:b0:33:6b:98:cd:04:e2:70:a2:c6:97:c5:8d:
         10:a7:0f:e7:49:15:a4:0f:4f:b6:be:03:be:6e:2a:70:d5:00:
         6c:e5:cd:96:a4:b5:cc:0f:ca:44:77:56:4d:b8:89:0b:25:30:
         be:4f:ea:c7:34:d9:e9:4d:bb:f1:a3:52:28:25:ed:8d:33:ce:
         ca:2c:41:b5:89:79:16:8e:e6:14:c3:a3:1a:62:a7:fe:16:58:
         4b:00:92:ea:4b:9b:54:f8:55:f1:ab:43:3d:47:a7:18:fb:3f:
         26:ca:13:9d:46:58:be:0e:b0:0a:cd:1e:22:bb:7a:c7:d9:fb:
         ab:58:ca:59:4d:30:79:7e:ef:23:06:d8:1f:49:69:1f:e7:8d:
         ec:eb:d3:23:f7:d3:cb:01:7d:60:ef:c2:af:ee:80:e3:f9:58:
         25:72:54:69:53:12:7c:5a:c1:5a:f2:3e:b5:c3:8b:e9:c5:73:
         d6:0a:36:87:10:ee:34:a0:16:63:bc:9d:67:f9:b3:9a:a3:7d:
         81:c2:7e:2f:9f:0d:fb:a1:49:52:92:96:39:67:d0:e1:dc:29:
         3f:e1:7e:4f:a1:c8:6f:b0:dd:60:26:72:e3:40:78:80:2c:f1:
         f2:9b:f2:01:68:43:45:24:63:a8:df:b5:0b:e1:35:d5:e2:d4:
         f0:c1:d5:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfy5u5LrWNOAQ7gRWYBlx7bR3cOwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjQwOTM2NTZaFw0yNjA2MjMwOTQxNTZaMDMxMTAvBgNV
BAMTKERGQzlDMTFDOEMxMEU4QUU3NERDOTRENUI1NUM5MjFDMUEzMjI5RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy6Y8vBCNHOwb+tpPcpy9YJryc
RLB5KWrwXegsFBXjrLBmZ1KVe2eWPLaCp9H4fWV+aTkNY2eBIuFPEewsP/Jq0vDP
d27qmQGET+tILWRouAzkElOtfq4STBAPcFZsssZWhErj7BLoLqx+5Mq736bD90jY
cXmDXLtTwpKQCM86xKTUeIUmBUZPDpfzXAIPfVQrn2LLvMTbiry+jRcdWdQGVTV+
3NOEI1DantgRDLvvK15rn2U+xpT/UvHwbfQjNiUbiq0ALeUpTK143MSDqu0Jq1Gg
4dbrW2GOF8NLaqRhSOPtKammbPKjWuia0eF9akwdCqxf9jYt5BpLhzTLaLJbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU38nBHIwQ6K503JTVtVySHBoyKfowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUzOTIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQX
MA0GCSqGSIb3DQEBCwUAA4IBAQBgyYTcdrAza5jNBOJwosaXxY0Qpw/nSRWkD0+2
vgO+bipw1QBs5c2WpLXMD8pEd1ZNuIkLJTC+T+rHNNnpTbvxo1IoJe2NM87KLEG1
iXkWjuYUw6MaYqf+FlhLAJLqS5tU+FXxq0M9R6cY+z8myhOdRli+DrAKzR4iu3rH
2furWMpZTTB5fu8jBtgfSWkf543s69Mj99PLAX1g78Kv7oDj+VglclRpUxJ8WsFa
8j61w4vpxXPWCjaHEO40oBZjvJ1n+bOao32Bwn4vnw37oUlSkpY5Z9Dh3Ck/4X5P
ochvsN1gJnLjQHiALPHym/IBaENFJGOo37UL4TXV4tTwwdXv
-----END CERTIFICATE-----