Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131372e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e3131372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Bwx/GM4JJYrsTCg16rtNreRI/3baffAkLU/8rWh5vyE=
Subject key identifier:   5B:DC:62:4A:D4:A8:CD:51:7F:F1:93:C7:EF:5F:58:44:71:F0:FB:50
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7865FD94FD709BE8A8156F1D7E837B897A884085
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131372e302f32342d3234203d3e20383334.roa
Signing time:             Sun 01 Jun 2025 13:17:00 +0000
ROA not before:           Sun 01 Jun 2025 13:12:00 +0000
ROA not after:            Sun 31 May 2026 13:17:00 +0000
asID:                     834
IP address blocks:        143.20.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:65:fd:94:fd:70:9b:e8:a8:15:6f:1d:7e:83:7b:89:7a:88:40:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  1 13:12:00 2025 GMT
            Not After : May 31 13:17:00 2026 GMT
        Subject: CN=5BDC624AD4A8CD517FF193C7EF5F584471F0FB50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:27:2f:ea:66:ef:59:b6:20:7e:fb:c0:e3:8d:
                    0c:07:cd:c0:a1:d0:6f:53:11:17:26:04:cf:52:0c:
                    18:4c:5e:52:d1:8f:e1:ee:4b:f3:0b:9d:18:05:4e:
                    d3:80:ed:8a:79:d0:63:e3:db:19:ec:ef:36:33:d3:
                    41:96:b4:48:fb:82:db:d9:ff:98:c6:42:05:69:0e:
                    3c:51:a8:cb:04:fa:2b:ff:56:b2:79:74:70:c9:26:
                    c7:f1:96:56:14:50:71:c0:88:c6:b2:91:62:8a:9c:
                    44:40:85:51:4b:44:87:22:c2:b5:5e:73:9e:0f:28:
                    0f:85:39:1d:f0:65:6a:33:b1:1c:1b:4c:c7:27:57:
                    3b:08:af:b4:43:e5:e0:18:38:c7:1e:a7:4d:50:e0:
                    49:40:db:01:e6:4a:ee:39:30:b6:19:a4:60:82:cc:
                    e5:d3:ee:f6:75:af:e5:22:30:73:26:6d:95:1a:56:
                    97:d1:48:e2:42:5c:ed:6d:3f:f7:4b:b8:77:c5:80:
                    4e:14:7f:00:cc:13:53:27:ce:5f:c8:e6:12:07:13:
                    a0:e1:8c:26:dd:c1:65:1d:bc:52:78:15:02:3e:95:
                    28:d2:81:00:7f:90:e8:a2:8d:90:09:ac:92:11:af:
                    f9:7a:94:ee:d2:f2:d7:53:09:7c:d5:72:c2:cb:51:
                    82:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:DC:62:4A:D4:A8:CD:51:7F:F1:93:C7:EF:5F:58:44:71:F0:FB:50
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:b6:e4:61:cf:6d:60:9f:8f:65:3a:b6:00:90:a9:02:fb:85:
         e0:62:60:bc:d7:dc:08:41:86:29:29:64:65:9d:14:36:d7:9e:
         9d:34:72:c6:51:b3:a3:b9:5e:02:5f:4d:50:05:b2:fc:c5:8b:
         c7:ed:51:26:cb:9d:74:0c:4e:34:46:11:e3:6d:9d:26:6d:14:
         b9:21:e1:f5:c3:e7:a6:b0:ab:6a:aa:04:61:b0:92:26:f1:4d:
         b1:5e:86:58:3a:41:2a:c8:28:f5:09:61:76:e3:6c:f3:1e:42:
         2f:b6:a3:96:e0:3a:ed:37:09:24:0c:cb:c3:64:57:63:db:3b:
         f4:e5:50:dc:e0:5c:4b:dd:1f:fd:bc:b7:8b:93:b0:eb:52:7e:
         f8:0d:01:85:93:3c:f8:01:e2:89:a4:0d:a3:3a:d0:5c:dc:f8:
         92:cd:e6:a5:cc:25:d8:2c:2e:ec:bb:33:63:bd:e8:5f:08:76:
         42:b6:f9:ab:c8:2c:56:e7:0a:dc:ce:e5:2e:01:70:0a:0f:fc:
         c6:e2:2c:ef:b9:af:7d:86:53:7a:c1:d8:4e:52:fb:78:d1:4d:
         8e:8f:2b:43:7b:06:c9:8f:ee:15:5c:33:97:2e:4f:11:16:82:
         a2:5d:c6:a9:11:11:5d:2c:78:1a:f0:78:6f:16:e4:97:65:91:
         77:9f:f0:c6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUeGX9lP1wm+ioFW8dfoN7iXqIQIUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDExMzEyMDBaFw0yNjA1MzExMzE3MDBaMDMxMTAvBgNV
BAMTKDVCREM2MjRBRDRBOENENTE3RkYxOTNDN0VGNUY1ODQ0NzFGMEZCNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsJy/qZu9ZtiB++8DjjQwHzcCh
0G9TERcmBM9SDBhMXlLRj+HuS/MLnRgFTtOA7Yp50GPj2xns7zYz00GWtEj7gtvZ
/5jGQgVpDjxRqMsE+iv/VrJ5dHDJJsfxllYUUHHAiMaykWKKnERAhVFLRIciwrVe
c54PKA+FOR3wZWozsRwbTMcnVzsIr7RD5eAYOMcep01Q4ElA2wHmSu45MLYZpGCC
zOXT7vZ1r+UiMHMmbZUaVpfRSOJCXO1tP/dLuHfFgE4UfwDME1Mnzl/I5hIHE6Dh
jCbdwWUdvFJ4FQI+lSjSgQB/kOiijZAJrJIRr/l6lO7S8tdTCXzVcsLLUYIvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUW9xiStSozVF/8ZPH719YRHHw+1AwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTMx
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFHUw
DQYJKoZIhvcNAQELBQADggEBAHC25GHPbWCfj2U6tgCQqQL7heBiYLzX3AhBhikp
ZGWdFDbXnp00csZRs6O5XgJfTVAFsvzFi8ftUSbLnXQMTjRGEeNtnSZtFLkh4fXD
56awq2qqBGGwkibxTbFehlg6QSrIKPUJYXbjbPMeQi+2o5bgOu03CSQMy8NkV2Pb
O/TlUNzgXEvdH/28t4uTsOtSfvgNAYWTPPgB4omkDaM60Fzc+JLN5qXMJdgsLuy7
M2O96F8IdkK2+avILFbnCtzO5S4BcAoP/MbiLO+5r32GU3rB2E5S+3jRTY6PK0N7
BsmP7hVcM5cuTxEWgqJdxqkREV0seBrweG8W5JdlkXef8MY=
-----END CERTIFICATE-----