Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3132382e302f32312d3234203d3e20383334.roa
File:                     3134332e32302e3132382e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          SlMmNS8sFe533JcXcQCkLQj7MBVcemxgK0bTQM51ulc=
Subject key identifier:   AE:8F:12:49:C8:33:A1:E7:61:91:29:3F:B0:B2:65:71:BA:2D:19:65
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       02992505CB4B7FCC90628F69D3AB0133613E8685
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3132382e302f32312d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:28:14 +0000
ROA not before:           Mon 02 Jun 2025 16:23:14 +0000
ROA not after:            Mon 01 Jun 2026 16:28:14 +0000
asID:                     834
IP address blocks:        143.20.128.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:99:25:05:cb:4b:7f:cc:90:62:8f:69:d3:ab:01:33:61:3e:86:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:23:14 2025 GMT
            Not After : Jun  1 16:28:14 2026 GMT
        Subject: CN=AE8F1249C833A1E76191293FB0B26571BA2D1965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c6:19:f7:ce:4f:0c:3a:96:64:c8:62:1f:81:
                    95:07:10:11:53:fb:02:9a:df:68:88:0a:08:78:3e:
                    a3:6f:ec:bb:e8:55:65:65:61:df:49:0e:50:ef:1e:
                    33:7d:2a:4e:1e:2c:0b:bc:c2:cc:37:4d:23:88:b7:
                    62:68:00:cc:4d:02:a7:9c:8e:ed:43:d6:4d:7e:de:
                    4c:96:d4:9d:d7:85:60:e9:3d:6c:4e:e4:b9:34:c5:
                    b3:c4:78:de:0f:fe:36:b0:cf:eb:6f:1c:1e:b4:4a:
                    b1:17:e0:5b:e2:2e:11:bc:de:ba:49:37:97:f4:af:
                    ca:bb:3c:72:6a:90:69:fe:eb:33:ec:91:69:7c:22:
                    d0:60:25:76:24:1f:bd:74:99:96:9f:b4:a7:1f:91:
                    7c:c5:2c:83:80:a1:5a:b8:29:6a:55:ad:17:ab:15:
                    4d:e2:3d:5c:e0:e2:ac:23:95:76:fe:f0:58:31:9b:
                    c0:a3:27:0f:3b:0a:0a:1e:e8:f8:ed:17:94:6c:6e:
                    79:ad:6a:f8:c7:e8:a8:c6:48:75:4d:cf:f1:92:97:
                    e8:b5:17:58:96:7e:c2:f5:aa:75:3f:aa:e7:93:87:
                    bc:c8:44:04:9c:b6:82:a6:61:f5:89:a2:5e:54:3e:
                    62:e8:b3:dd:71:da:f1:89:80:36:df:db:93:61:81:
                    0f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:8F:12:49:C8:33:A1:E7:61:91:29:3F:B0:B2:65:71:BA:2D:19:65
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3132382e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:75:af:a4:f6:db:99:21:20:ba:b7:b6:e0:2f:ea:4a:3a:eb:
         ca:f3:5b:71:dc:28:e9:9a:9d:51:06:c1:ea:c8:af:51:5c:56:
         95:8a:f5:59:2b:81:20:a1:f6:c2:74:d2:c8:d9:27:3b:3c:a3:
         0c:59:04:08:88:b3:75:8d:a3:6c:5a:d9:cd:a4:0a:c8:2b:65:
         fa:c8:f8:2c:f7:32:e7:6b:f6:db:ee:cf:c7:bb:1b:97:4e:b4:
         fe:ba:b5:75:24:d1:f3:41:d7:48:7e:1d:e6:19:0b:fe:15:5e:
         d6:07:5c:69:30:d6:c6:c4:ff:a3:56:8e:5b:0d:35:4f:9c:fb:
         e2:e0:85:fd:1f:a8:22:d5:02:ad:f3:e5:51:75:98:d1:83:a8:
         60:51:f2:21:33:fc:9d:b7:b7:b8:c0:01:09:74:6b:63:85:57:
         f2:15:17:f0:0b:e6:8d:c2:e0:44:78:10:fe:03:30:b7:e0:61:
         fd:27:a0:e6:90:16:b1:6a:43:59:62:aa:81:e7:58:2b:d8:90:
         46:9b:a7:a9:75:b2:61:b8:5b:2f:a5:51:94:9d:30:ff:58:12:
         27:6f:49:1d:ff:a7:65:16:58:fa:22:fa:56:f8:9a:6e:c4:72:
         28:de:6a:6c:6e:19:a2:e8:f7:4a:e0:92:44:2c:bc:5c:d8:6c:
         31:79:ff:91
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUApklBctLf8yQYo9p06sBM2E+hoUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjIzMTRaFw0yNjA2MDExNjI4MTRaMDMxMTAvBgNV
BAMTKEFFOEYxMjQ5QzgzM0ExRTc2MTkxMjkzRkIwQjI2NTcxQkEyRDE5NjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSxhn3zk8MOpZkyGIfgZUHEBFT
+wKa32iICgh4PqNv7LvoVWVlYd9JDlDvHjN9Kk4eLAu8wsw3TSOIt2JoAMxNAqec
ju1D1k1+3kyW1J3XhWDpPWxO5Lk0xbPEeN4P/jawz+tvHB60SrEX4FviLhG83rpJ
N5f0r8q7PHJqkGn+6zPskWl8ItBgJXYkH710mZaftKcfkXzFLIOAoVq4KWpVrRer
FU3iPVzg4qwjlXb+8Fgxm8CjJw87Cgoe6PjtF5RsbnmtavjH6KjGSHVNz/GSl+i1
F1iWfsL1qnU/queTh7zIRASctoKmYfWJol5UPmLos91x2vGJgDbf25NhgQ8TAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUro8SScgzoedhkSk/sLJlcbotGWUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTMy
MzgyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOPFIAw
DQYJKoZIhvcNAQELBQADggEBAD11r6T225khILq3tuAv6ko668rzW3HcKOmanVEG
werIr1FcVpWK9VkrgSCh9sJ00sjZJzs8owxZBAiIs3WNo2xa2c2kCsgrZfrI+Cz3
Mudr9tvuz8e7G5dOtP66tXUk0fNB10h+HeYZC/4VXtYHXGkw1sbE/6NWjlsNNU+c
++Lghf0fqCLVAq3z5VF1mNGDqGBR8iEz/J23t7jAAQl0a2OFV/IVF/AL5o3C4ER4
EP4DMLfgYf0noOaQFrFqQ1liqoHnWCvYkEabp6l1smG4Wy+lUZSdMP9YEidvSR3/
p2UWWPoi+lb4mm7EcijeamxuGaLo90rgkkQsvFzYbDF5/5E=
-----END CERTIFICATE-----