Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131352e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e3131352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          nZDUC/2SnwUV5sKxbmwOU7bC0gxz65Skh/s0F79+qkI=
Subject key identifier:   E7:94:9E:BD:69:25:54:A6:9C:EB:91:C2:1C:52:1F:63:1C:E3:AE:33
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       408F358EF7558A3AA1216AFE30F6F33C05D1E0DA
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131352e302f32342d3234203d3e20383334.roa
Signing time:             Tue 03 Jun 2025 18:43:16 +0000
ROA not before:           Tue 03 Jun 2025 18:38:16 +0000
ROA not after:            Tue 02 Jun 2026 18:43:16 +0000
asID:                     834
IP address blocks:        143.20.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:8f:35:8e:f7:55:8a:3a:a1:21:6a:fe:30:f6:f3:3c:05:d1:e0:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  3 18:38:16 2025 GMT
            Not After : Jun  2 18:43:16 2026 GMT
        Subject: CN=E7949EBD692554A69CEB91C21C521F631CE3AE33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b3:3a:6b:42:99:d7:1c:e4:e6:70:58:a8:d2:
                    31:56:fa:42:ec:66:7d:6a:97:8b:9d:a3:8b:b4:f9:
                    4c:9c:1f:11:e3:a2:0e:ba:9d:7c:2c:96:a9:1e:e5:
                    b1:9f:87:3b:7e:48:5d:17:89:bf:10:53:40:18:59:
                    5a:19:3b:fc:ec:a9:4e:21:af:da:80:4e:55:f7:a8:
                    97:c0:f8:25:fe:c4:a7:d2:c5:ad:77:8a:92:42:9d:
                    79:88:12:3a:df:b7:ef:41:c6:d2:ee:02:94:5b:11:
                    3d:ce:33:9d:98:4e:12:55:ea:29:cf:0e:96:ec:a6:
                    e8:b4:75:68:3f:a2:67:bc:af:85:71:10:fe:ba:57:
                    02:5f:3e:18:9e:1d:00:2a:10:18:00:e4:88:55:b7:
                    68:3f:3f:ee:f5:71:81:25:3f:7c:c1:d4:90:ba:28:
                    a0:2e:9c:38:e5:7d:0d:49:7e:fc:ed:05:dc:21:4e:
                    4c:a2:68:5c:e4:0e:60:02:90:90:87:6c:48:23:f3:
                    82:6f:51:d7:10:69:fa:3c:e3:79:a9:41:80:73:74:
                    4c:f5:2a:4c:ee:bc:c1:57:2e:62:72:e1:ff:82:d2:
                    47:80:4c:f6:0d:a2:bc:92:fe:cd:4c:e1:61:58:58:
                    7f:e3:9d:91:32:df:8b:3b:84:da:e1:9b:4c:72:89:
                    d2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:94:9E:BD:69:25:54:A6:9C:EB:91:C2:1C:52:1F:63:1C:E3:AE:33
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:d5:3e:a5:68:96:d5:e9:fe:95:eb:5b:3f:cd:b6:66:70:1a:
         62:a7:4c:51:ca:de:09:d7:2c:4f:86:e9:e3:30:a5:4b:c7:15:
         69:24:fe:59:2c:e2:d1:41:b0:a2:88:2b:16:3b:b4:5f:ab:67:
         0a:31:9e:9c:63:c5:c4:61:95:81:2c:92:bf:d6:8c:e9:ac:84:
         e4:b9:46:fe:54:14:6d:46:f4:f6:e2:88:f5:39:cb:58:dd:53:
         4b:d6:46:0a:7a:46:3f:27:08:8d:14:96:db:f7:f4:9f:60:a7:
         56:f3:0e:b2:6b:84:8b:24:10:37:f1:a4:71:ca:16:ed:57:ae:
         73:42:dc:d8:87:53:b6:4d:c3:ee:df:19:5d:bc:20:c5:5a:dc:
         9a:b2:73:c0:9b:00:88:d8:ba:48:13:57:54:e6:8e:2e:e2:87:
         e6:61:09:e6:25:f8:bd:1b:30:83:b1:e4:82:ea:53:bc:5b:dc:
         e6:bb:d8:77:ec:db:89:01:79:69:7b:8b:1b:7c:ec:65:6e:1d:
         73:08:89:92:4e:f6:ca:3f:d1:17:39:41:02:56:09:8d:88:03:
         50:f3:74:ef:73:c2:4e:eb:32:78:1e:b2:1e:f4:9a:c8:61:e6:
         9a:27:6d:e9:85:e5:b1:45:94:87:64:07:8d:af:0d:63:2b:61:
         ee:68:16:cc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQI81jvdVijqhIWr+MPbzPAXR4NowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDMxODM4MTZaFw0yNjA2MDIxODQzMTZaMDMxMTAvBgNV
BAMTKEU3OTQ5RUJENjkyNTU0QTY5Q0VCOTFDMjFDNTIxRjYzMUNFM0FFMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5szprQpnXHOTmcFio0jFW+kLs
Zn1ql4udo4u0+UycHxHjog66nXwslqke5bGfhzt+SF0Xib8QU0AYWVoZO/zsqU4h
r9qATlX3qJfA+CX+xKfSxa13ipJCnXmIEjrft+9BxtLuApRbET3OM52YThJV6inP
Dpbspui0dWg/ome8r4VxEP66VwJfPhieHQAqEBgA5IhVt2g/P+71cYElP3zB1JC6
KKAunDjlfQ1JfvztBdwhTkyiaFzkDmACkJCHbEgj84JvUdcQafo843mpQYBzdEz1
KkzuvMFXLmJy4f+C0keATPYNoryS/s1M4WFYWH/jnZEy34s7hNrhm0xyidJhAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU55SevWklVKac65HCHFIfYxzjrjMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTMx
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFHMw
DQYJKoZIhvcNAQELBQADggEBAK3VPqVoltXp/pXrWz/NtmZwGmKnTFHK3gnXLE+G
6eMwpUvHFWkk/lks4tFBsKKIKxY7tF+rZwoxnpxjxcRhlYEskr/WjOmshOS5Rv5U
FG1G9PbiiPU5y1jdU0vWRgp6Rj8nCI0Ultv39J9gp1bzDrJrhIskEDfxpHHKFu1X
rnNC3NiHU7ZNw+7fGV28IMVa3Jqyc8CbAIjYukgTV1Tmji7ih+ZhCeYl+L0bMIOx
5ILqU7xb3Oa72Hfs24kBeWl7ixt87GVuHXMIiZJO9so/0Rc5QQJWCY2IA1DzdO9z
wk7rMngesh70mshh5ponbemF5bFFlIdkB42vDWMrYe5oFsw=
-----END CERTIFICATE-----