Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e312e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          HWDWYS7Nb/0yIiKPfRzuAQVyp2Lcvw20urWnvDZ8sWA=
Subject key identifier:   18:BC:AC:2F:C6:1A:8B:30:77:E3:B3:AC:E0:AE:FF:96:57:64:CB:30
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       429A2FDD82CBECA26E62BD5599248291AAB6C3F1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e312e302f32342d3234203d3e20383334.roa
Signing time:             Wed 21 May 2025 12:53:22 +0000
ROA not before:           Wed 21 May 2025 12:48:22 +0000
ROA not after:            Wed 20 May 2026 12:53:22 +0000
asID:                     834
IP address blocks:        143.20.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:9a:2f:dd:82:cb:ec:a2:6e:62:bd:55:99:24:82:91:aa:b6:c3:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 21 12:48:22 2025 GMT
            Not After : May 20 12:53:22 2026 GMT
        Subject: CN=18BCAC2FC61A8B3077E3B3ACE0AEFF965764CB30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5d:71:9f:d3:72:00:8d:bc:f3:ec:e8:56:d9:
                    09:f2:1e:4e:2b:cd:cd:b1:39:39:47:c6:f2:1b:86:
                    fe:bd:d4:83:13:33:4c:10:cc:84:5c:78:55:f5:22:
                    7b:17:e9:a9:dd:4e:03:1f:1e:0b:c2:08:b3:01:01:
                    34:48:93:32:ac:07:50:0d:d6:58:58:7d:56:3b:26:
                    44:0e:da:cf:68:9b:25:62:6d:4f:49:a0:12:39:31:
                    87:4c:7f:01:4f:c0:a0:c3:04:d7:0e:2c:26:93:ba:
                    d0:a9:70:34:45:9d:af:76:c5:ac:f0:13:e1:b7:a0:
                    1c:c8:2b:ad:3f:42:f9:84:ea:7c:c2:51:7e:10:16:
                    af:61:a4:ce:06:1e:fb:b4:5e:5e:08:ed:c7:5d:17:
                    03:47:08:a6:ab:90:4b:0a:c2:1d:87:61:2d:35:5a:
                    c4:a0:1d:1d:41:16:d6:9a:a1:09:ab:02:59:a6:72:
                    fe:9b:71:89:5f:be:7e:81:d8:b0:55:dd:34:24:22:
                    63:4e:ad:0d:88:87:c6:9a:ea:93:2b:6f:ea:de:69:
                    8d:80:63:c2:da:8b:63:28:7e:e1:08:52:53:c7:8f:
                    c3:d3:76:ae:d1:77:5a:bd:24:6b:d6:2c:f1:b9:87:
                    f4:b0:2c:a0:6f:dc:ad:84:97:2f:98:fe:c9:3c:8c:
                    8b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:BC:AC:2F:C6:1A:8B:30:77:E3:B3:AC:E0:AE:FF:96:57:64:CB:30
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:3e:75:74:aa:4c:8e:05:1b:e5:33:a9:56:cc:14:03:a4:dd:
         ae:1d:8e:d2:47:25:44:59:08:f9:7f:18:a4:57:b4:e5:75:40:
         68:44:04:24:fa:c4:c1:9b:e8:f5:ff:5d:68:9d:25:9c:29:42:
         f5:b2:b9:b8:a1:2f:88:25:63:52:90:0b:e7:a3:80:33:e1:54:
         5a:de:e0:73:26:f7:12:b6:62:3e:15:dc:44:8a:49:0b:8a:6d:
         9d:04:86:65:e7:fd:53:b3:c4:1c:bf:2f:bf:c0:ec:2b:f2:c1:
         54:76:bb:c0:7d:0d:99:27:87:cd:82:f5:13:29:62:33:7b:7a:
         93:57:66:ab:d3:36:7a:fd:be:f3:cd:7b:bb:49:b0:48:d0:3a:
         d3:c6:b1:d2:98:04:de:ef:e8:e7:2c:76:fc:44:24:0d:0a:9a:
         af:75:82:34:3c:68:04:5e:30:9a:fa:ed:fa:b7:1b:13:47:a0:
         25:6e:1c:22:11:75:2c:d8:59:a4:f1:1f:dc:74:16:3a:20:8a:
         48:99:97:83:d9:15:ed:a4:00:de:8a:90:9f:f0:63:8d:30:b7:
         9d:f8:47:9d:d7:02:a4:e0:2d:64:49:fa:b7:82:90:0e:3f:f6:
         29:41:85:35:f2:87:64:70:0d:c2:13:f1:a2:ee:b8:ab:a6:65:
         59:67:fa:36
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUQpov3YLL7KJuYr1VmSSCkaq2w/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MjExMjQ4MjJaFw0yNjA1MjAxMjUzMjJaMDMxMTAvBgNV
BAMTKDE4QkNBQzJGQzYxQThCMzA3N0UzQjNBQ0UwQUVGRjk2NTc2NENCMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoXXGf03IAjbzz7OhW2QnyHk4r
zc2xOTlHxvIbhv691IMTM0wQzIRceFX1InsX6andTgMfHgvCCLMBATRIkzKsB1AN
1lhYfVY7JkQO2s9omyVibU9JoBI5MYdMfwFPwKDDBNcOLCaTutCpcDRFna92xazw
E+G3oBzIK60/QvmE6nzCUX4QFq9hpM4GHvu0Xl4I7cddFwNHCKarkEsKwh2HYS01
WsSgHR1BFtaaoQmrAlmmcv6bcYlfvn6B2LBV3TQkImNOrQ2Ih8aa6pMrb+reaY2A
Y8Lai2MofuEIUlPHj8PTdq7Rd1q9JGvWLPG5h/SwLKBv3K2Ely+Y/sk8jItRAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUGLysL8YaizB347Os4K7/lldkyzAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UATANBgkq
hkiG9w0BAQsFAAOCAQEAKT51dKpMjgUb5TOpVswUA6Tdrh2O0kclRFkI+X8YpFe0
5XVAaEQEJPrEwZvo9f9daJ0lnClC9bK5uKEviCVjUpAL56OAM+FUWt7gcyb3ErZi
PhXcRIpJC4ptnQSGZef9U7PEHL8vv8DsK/LBVHa7wH0NmSeHzYL1EyliM3t6k1dm
q9M2ev2+8817u0mwSNA608ax0pgE3u/o5yx2/EQkDQqar3WCNDxoBF4wmvrt+rcb
E0egJW4cIhF1LNhZpPEf3HQWOiCKSJmXg9kV7aQA3oqQn/BjjTC3nfhHndcCpOAt
ZEn6t4KQDj/2KUGFNfKHZHANwhPxou64q6ZlWWf6Ng==
-----END CERTIFICATE-----