Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3130322e302f32332d3234203d3e20383334.roa
File:                     3134332e32302e3130322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          WL5wLNaXUChvb7SSA+Hroy4eUFbykoxzBnDCprchwJk=
Subject key identifier:   7F:BB:5B:19:3F:AE:69:A0:16:9D:F2:60:64:67:36:7A:B9:62:ED:6A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1D8EC581A205AEF008920E801E7170DEA27CB628
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3130322e302f32332d3234203d3e20383334.roa
Signing time:             Thu 29 May 2025 11:54:42 +0000
ROA not before:           Thu 29 May 2025 11:49:42 +0000
ROA not after:            Thu 28 May 2026 11:54:42 +0000
asID:                     834
IP address blocks:        143.20.102.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:8e:c5:81:a2:05:ae:f0:08:92:0e:80:1e:71:70:de:a2:7c:b6:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 29 11:49:42 2025 GMT
            Not After : May 28 11:54:42 2026 GMT
        Subject: CN=7FBB5B193FAE69A0169DF2606467367AB962ED6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c1:b0:a4:f5:23:36:cd:6e:0a:29:dd:c6:93:
                    3b:b1:5e:b4:74:d0:b2:50:ac:63:8a:d0:02:0d:9c:
                    c2:01:0b:94:81:db:56:65:42:41:f9:72:be:75:5d:
                    c1:54:fc:5d:8a:e2:d3:87:f2:92:a9:07:94:ad:a9:
                    c6:be:bf:a3:c7:9a:a2:15:76:21:5d:e1:e1:a1:32:
                    bc:f6:34:29:a9:5e:64:3f:26:12:88:43:c9:71:a3:
                    30:6f:02:9f:d6:9a:d1:4b:71:46:57:af:bb:13:46:
                    a4:86:1d:64:37:63:1d:9f:b5:9a:9d:aa:43:ae:13:
                    78:a5:4b:84:32:1b:da:e8:37:de:c9:5b:58:24:16:
                    6e:b2:41:4e:1a:d1:0f:d2:18:33:ba:ea:9c:9e:bc:
                    da:97:65:96:97:ee:99:9a:6d:b5:57:b6:20:d1:92:
                    6c:86:03:75:28:f7:c7:9e:f4:e5:51:f7:0f:14:17:
                    ef:a0:44:dc:59:9c:ff:5a:90:2d:98:f4:b5:a7:29:
                    fa:45:8e:c3:9a:b0:47:b3:ac:a0:db:af:43:d5:8e:
                    18:32:d7:87:07:54:83:3d:10:45:11:e7:42:d3:9f:
                    18:09:1a:5e:8b:28:29:e1:ab:43:be:c1:da:5e:02:
                    54:9f:38:9b:b3:31:c6:e7:d4:1f:b0:ab:c7:d9:37:
                    01:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:BB:5B:19:3F:AE:69:A0:16:9D:F2:60:64:67:36:7A:B9:62:ED:6A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3130322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cb:a0:d9:0a:3a:da:d9:64:5a:b5:de:6b:31:e9:cf:56:08:93:
         ba:d2:77:3a:69:e5:f4:5b:1a:2c:5f:b9:27:2c:70:2f:d4:9e:
         22:42:82:b6:da:f0:0c:a1:ec:1e:27:4e:9b:0a:12:f1:3f:f3:
         1b:b8:40:18:f7:03:f2:d9:36:6b:60:2e:1b:1c:60:e0:1e:24:
         d0:b6:aa:e0:84:26:e5:67:14:61:7d:f1:6d:69:f0:83:f8:9d:
         5f:3a:15:7b:ce:b9:52:ae:fd:fd:15:4d:3a:fa:68:75:aa:de:
         0a:94:88:fc:b0:d1:06:bb:cd:7e:21:3f:56:1f:f6:03:a4:bc:
         47:2d:b6:19:03:15:bd:a6:74:1a:b2:99:1f:ed:11:d3:bb:41:
         60:a8:4a:75:5b:db:d8:50:aa:75:a7:44:89:98:f3:fc:3e:0f:
         9b:5a:47:40:9e:dd:d9:de:ef:f0:c1:09:2f:63:f7:44:e4:25:
         9c:a0:27:f6:a2:78:33:e5:d1:1c:cb:82:bd:d4:aa:6d:12:09:
         5e:50:22:59:39:0b:c5:e2:29:fa:84:12:f7:18:40:c2:53:19:
         2d:e9:48:24:1e:96:a7:b6:24:65:62:e7:f1:5c:84:e6:07:8d:
         69:10:9b:fc:d1:a6:c2:57:84:e3:49:6e:63:0b:7f:39:c5:ab:
         a2:03:25:b1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHY7FgaIFrvAIkg6AHnFw3qJ8tigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MjkxMTQ5NDJaFw0yNjA1MjgxMTU0NDJaMDMxMTAvBgNV
BAMTKDdGQkI1QjE5M0ZBRTY5QTAxNjlERjI2MDY0NjczNjdBQjk2MkVENkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXwbCk9SM2zW4KKd3GkzuxXrR0
0LJQrGOK0AINnMIBC5SB21ZlQkH5cr51XcFU/F2K4tOH8pKpB5Stqca+v6PHmqIV
diFd4eGhMrz2NCmpXmQ/JhKIQ8lxozBvAp/WmtFLcUZXr7sTRqSGHWQ3Yx2ftZqd
qkOuE3ilS4QyG9roN97JW1gkFm6yQU4a0Q/SGDO66pyevNqXZZaX7pmabbVXtiDR
kmyGA3Uo98ee9OVR9w8UF++gRNxZnP9akC2Y9LWnKfpFjsOasEezrKDbr0PVjhgy
14cHVIM9EEUR50LTnxgJGl6LKCnhq0O+wdpeAlSfOJuzMcbn1B+wq8fZNwGxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUf7tbGT+uaaAWnfJgZGc2erli7WowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTMw
MzIyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGPFGYw
DQYJKoZIhvcNAQELBQADggEBAMug2Qo62tlkWrXeazHpz1YIk7rSdzpp5fRbGixf
uScscC/UniJCgrba8Ayh7B4nTpsKEvE/8xu4QBj3A/LZNmtgLhscYOAeJNC2quCE
JuVnFGF98W1p8IP4nV86FXvOuVKu/f0VTTr6aHWq3gqUiPyw0Qa7zX4hP1Yf9gOk
vEctthkDFb2mdBqymR/tEdO7QWCoSnVb29hQqnWnRImY8/w+D5taR0Ce3dne7/DB
CS9j90TkJZygJ/aieDPl0RzLgr3Uqm0SCV5QIlk5C8XiKfqEEvcYQMJTGS3pSCQe
lqe2JGVi5/FchOYHjWkQm/zRpsJXhONJbmMLfznFq6IDJbE=
-----END CERTIFICATE-----