Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131382e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e3131382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          RRBRpHJvCYSO52KLKNYASOUi1wxjsHTIllqf8NPb/L8=
Subject key identifier:   79:9B:32:DE:3E:DF:36:FF:22:B4:D9:41:DD:05:FC:8D:7E:01:F3:2D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       16BCF3188FCC79E80D95970AA55EE673342B555B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131382e302f32342d3234203d3e20383334.roa
Signing time:             Sat 17 May 2025 03:58:17 +0000
ROA not before:           Sat 17 May 2025 03:53:17 +0000
ROA not after:            Sat 16 May 2026 03:58:17 +0000
asID:                     834
IP address blocks:        143.20.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:bc:f3:18:8f:cc:79:e8:0d:95:97:0a:a5:5e:e6:73:34:2b:55:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 17 03:53:17 2025 GMT
            Not After : May 16 03:58:17 2026 GMT
        Subject: CN=799B32DE3EDF36FF22B4D941DD05FC8D7E01F32D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:92:3c:ea:67:26:68:ce:3e:fb:95:43:d5:fc:
                    45:7a:9d:d9:23:2e:ad:e2:72:a1:fc:56:3a:87:c5:
                    e6:2b:82:a2:ab:9b:34:3a:bb:e8:13:b7:07:3d:af:
                    81:60:26:2a:25:8c:d6:bd:6d:1e:e1:e0:6b:69:43:
                    10:42:de:11:4e:2e:e0:89:5b:69:63:ae:53:3d:17:
                    8a:5b:da:92:f7:41:ef:1f:34:d3:a7:e6:aa:54:dd:
                    bd:b0:76:a3:dd:43:63:50:06:e8:08:84:96:d2:69:
                    0d:d5:0e:e5:64:7c:1e:f5:80:39:23:34:a8:29:08:
                    a4:a4:ec:a1:f8:d2:13:91:07:96:d5:21:4c:4f:e5:
                    43:4f:29:ac:ee:b6:c6:5f:54:e5:91:a2:32:1e:d1:
                    13:bb:88:19:84:88:46:47:e7:3b:3a:ad:48:cc:da:
                    2a:f4:02:ed:6f:c2:ff:e5:fa:a9:f9:d6:fc:1a:92:
                    a9:fe:ba:e6:c8:f4:fc:e3:43:28:17:de:39:fc:89:
                    a9:9f:58:f1:cf:06:2d:de:3e:72:24:4c:59:cd:3d:
                    8a:6f:b0:b8:e6:bb:59:ba:af:f5:66:ac:a1:a9:17:
                    f5:08:1e:85:86:86:a2:b0:a2:76:36:a4:9f:e5:60:
                    d3:71:f9:74:14:57:59:ae:ef:83:35:cc:98:20:be:
                    e2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:9B:32:DE:3E:DF:36:FF:22:B4:D9:41:DD:05:FC:8D:7E:01:F3:2D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:cd:69:ff:3a:26:e4:4d:fb:e4:9d:75:72:b4:eb:1d:ce:17:
         62:bf:fd:91:72:2c:51:c3:04:9b:e3:a8:e3:47:f4:bc:af:4a:
         95:bd:b5:ff:13:12:c1:7c:62:b5:7b:31:06:06:61:2e:31:c0:
         7b:cf:2a:c4:d7:f4:be:de:2e:ca:5b:30:72:10:e9:11:9a:5d:
         09:c6:70:98:db:bd:6b:06:55:81:86:f1:f8:2a:2a:ce:fb:a3:
         b3:bc:af:67:7e:c8:44:9c:1e:a9:c8:89:dd:de:c4:41:b8:38:
         03:c4:5c:1f:8e:b3:e2:f6:2f:41:b8:39:ff:69:e4:35:d2:0e:
         e2:e8:ab:cb:2d:78:ca:6a:ee:df:da:bf:d4:36:69:b8:3e:7e:
         85:95:8f:df:e6:a1:39:51:2f:43:84:f4:e6:4a:86:91:8f:b7:
         a8:7f:5f:d3:08:3a:84:f3:69:24:c0:b3:63:9f:d1:52:2b:3c:
         ef:ae:ac:e4:cd:eb:2d:8a:3d:32:38:1f:66:62:10:27:95:e3:
         a5:0e:40:45:bb:42:4d:8d:73:67:e0:14:29:41:b0:ec:7a:74:
         16:4a:b0:fb:56:d5:e7:5a:a9:6c:70:47:df:2f:c1:f6:40:b6:
         24:52:89:f4:9c:b8:e7:cd:1f:af:27:d8:10:1d:f7:2d:c6:f6:
         73:31:1d:2b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFrzzGI/MeegNlZcKpV7mczQrVVswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MTcwMzUzMTdaFw0yNjA1MTYwMzU4MTdaMDMxMTAvBgNV
BAMTKDc5OUIzMkRFM0VERjM2RkYyMkI0RDk0MUREMDVGQzhEN0UwMUYzMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWkjzqZyZozj77lUPV/EV6ndkj
Lq3icqH8VjqHxeYrgqKrmzQ6u+gTtwc9r4FgJioljNa9bR7h4GtpQxBC3hFOLuCJ
W2ljrlM9F4pb2pL3Qe8fNNOn5qpU3b2wdqPdQ2NQBugIhJbSaQ3VDuVkfB71gDkj
NKgpCKSk7KH40hORB5bVIUxP5UNPKazutsZfVOWRojIe0RO7iBmEiEZH5zs6rUjM
2ir0Au1vwv/l+qn51vwakqn+uubI9PzjQygX3jn8iamfWPHPBi3ePnIkTFnNPYpv
sLjmu1m6r/VmrKGpF/UIHoWGhqKwonY2pJ/lYNNx+XQUV1mu74M1zJggvuJ1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUeZsy3j7fNv8itNlB3QX8jX4B8y0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTMx
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFHYw
DQYJKoZIhvcNAQELBQADggEBAJjNaf86JuRN++SddXK06x3OF2K//ZFyLFHDBJvj
qONH9LyvSpW9tf8TEsF8YrV7MQYGYS4xwHvPKsTX9L7eLspbMHIQ6RGaXQnGcJjb
vWsGVYGG8fgqKs77o7O8r2d+yEScHqnIid3exEG4OAPEXB+Os+L2L0G4Of9p5DXS
DuLoq8steMpq7t/av9Q2abg+foWVj9/moTlRL0OE9OZKhpGPt6h/X9MIOoTzaSTA
s2Of0VIrPO+urOTN6y2KPTI4H2ZiECeV46UOQEW7Qk2Nc2fgFClBsOx6dBZKsPtW
1edaqWxwR98vwfZAtiRSifScuOfNH68n2BAd9y3G9nMxHSs=
-----END CERTIFICATE-----