Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3133362e302f32322d3234203d3e20383334.roa
File:                     3134332e32302e3133362e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          2WvUwOQLqrLGws5K62cVxpFPGCnr/K6xmeIQfqrCBTs=
Subject key identifier:   78:B1:69:3A:08:1A:5A:75:C9:56:4A:6A:AF:70:E2:F0:B4:7C:5F:AB
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3BF566773FED4FF48DEBCE295529BB9982B79602
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3133362e302f32322d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:31:19 +0000
ROA not before:           Mon 02 Jun 2025 16:26:19 +0000
ROA not after:            Mon 01 Jun 2026 16:31:19 +0000
asID:                     834
IP address blocks:        143.20.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:f5:66:77:3f:ed:4f:f4:8d:eb:ce:29:55:29:bb:99:82:b7:96:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:26:19 2025 GMT
            Not After : Jun  1 16:31:19 2026 GMT
        Subject: CN=78B1693A081A5A75C9564A6AAF70E2F0B47C5FAB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:0e:40:03:31:85:c9:10:50:12:cf:2f:33:cb:
                    85:86:62:ae:02:74:6f:66:4c:0e:45:3a:2d:b6:14:
                    d2:39:47:6d:44:c3:f8:47:44:89:1c:3e:43:e0:c2:
                    2f:58:38:b6:72:35:5b:af:67:86:e3:90:0f:58:6a:
                    32:43:5f:4a:ea:d4:41:28:99:6f:4d:96:41:ff:cc:
                    cd:45:52:cf:ad:20:95:b8:63:e9:50:6b:ae:c4:81:
                    13:c9:82:41:a4:ec:17:5e:9e:29:fe:a4:1b:47:d3:
                    f0:57:8e:af:e7:31:74:d5:5a:8d:19:8a:e9:10:b7:
                    05:99:12:48:6f:21:73:0f:c6:83:bb:3c:3d:50:36:
                    98:e9:26:9b:21:64:2d:a6:bb:f5:a2:35:15:ca:63:
                    7d:bc:ca:e5:fe:c6:75:5d:5d:1d:b2:07:53:43:a1:
                    5b:41:80:a1:d3:c1:44:57:e0:6a:08:a2:4f:05:4b:
                    99:02:32:ca:1b:7e:3e:cc:98:88:91:60:f3:ec:d1:
                    b0:a5:2e:63:b7:19:e7:9c:dd:6d:4f:ee:f0:68:d7:
                    25:0b:20:da:9c:09:6e:39:ca:13:88:32:81:06:fe:
                    8d:cc:5a:8a:b9:2e:d1:c7:cc:f5:d3:fc:3c:e8:65:
                    0f:cb:b2:ad:9a:38:dd:54:2c:d1:73:37:f7:d5:6c:
                    f7:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:B1:69:3A:08:1A:5A:75:C9:56:4A:6A:AF:70:E2:F0:B4:7C:5F:AB
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3133362e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:ed:f3:31:6d:bd:b9:cf:8b:4b:2f:7a:ba:d7:9f:3c:f0:73:
         93:36:1f:e4:2d:f5:c6:a1:82:74:59:cc:d2:c4:10:8a:e0:94:
         51:06:24:c7:92:a9:4b:88:7a:c6:4e:71:9f:80:6a:1c:03:d0:
         59:eb:d2:0c:1c:00:7d:29:cc:2a:ef:cc:4c:10:b1:e2:9f:de:
         a3:09:26:52:60:1f:3a:77:69:29:ec:04:94:a0:65:d0:75:71:
         f8:ab:0d:29:89:86:57:d4:54:59:d9:51:cc:d6:bf:2b:e3:dd:
         49:fe:4a:9e:1b:6a:a5:ce:55:74:79:39:ef:6c:53:81:ea:3f:
         32:d2:c2:6f:6d:f9:b1:d5:cf:81:75:62:f0:ad:cb:3a:c3:d4:
         01:16:e3:a5:fe:26:60:d5:81:22:37:5e:cb:4f:32:cb:c7:da:
         4e:44:78:bb:fd:7f:4f:2b:87:bd:03:bc:ca:7e:2f:a5:d5:3c:
         76:05:d7:d0:d6:08:12:cf:3a:ef:31:20:4e:aa:4e:35:34:b7:
         86:de:5d:de:1f:69:c8:51:3e:a8:12:59:c5:37:a9:7e:47:8e:
         7a:0c:f5:78:1a:0e:85:28:9b:ff:a0:8f:3c:29:50:23:e6:0d:
         f8:a7:85:d9:81:39:94:b0:e1:72:3e:5f:4c:29:66:e4:30:00:
         c1:e2:cc:d0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUO/Vmdz/tT/SN684pVSm7mYK3lgIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjI2MTlaFw0yNjA2MDExNjMxMTlaMDMxMTAvBgNV
BAMTKDc4QjE2OTNBMDgxQTVBNzVDOTU2NEE2QUFGNzBFMkYwQjQ3QzVGQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUDkADMYXJEFASzy8zy4WGYq4C
dG9mTA5FOi22FNI5R21Ew/hHRIkcPkPgwi9YOLZyNVuvZ4bjkA9YajJDX0rq1EEo
mW9NlkH/zM1FUs+tIJW4Y+lQa67EgRPJgkGk7Bdenin+pBtH0/BXjq/nMXTVWo0Z
iukQtwWZEkhvIXMPxoO7PD1QNpjpJpshZC2mu/WiNRXKY328yuX+xnVdXR2yB1ND
oVtBgKHTwURX4GoIok8FS5kCMsobfj7MmIiRYPPs0bClLmO3Geec3W1P7vBo1yUL
INqcCW45yhOIMoEG/o3MWoq5LtHHzPXT/DzoZQ/Lsq2aON1ULNFzN/fVbPd7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUeLFpOggaWnXJVkpqr3Di8LR8X6swHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTMz
MzYyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKPFIgw
DQYJKoZIhvcNAQELBQADggEBABnt8zFtvbnPi0sverrXnzzwc5M2H+Qt9cahgnRZ
zNLEEIrglFEGJMeSqUuIesZOcZ+AahwD0Fnr0gwcAH0pzCrvzEwQseKf3qMJJlJg
Hzp3aSnsBJSgZdB1cfirDSmJhlfUVFnZUczWvyvj3Un+Sp4baqXOVXR5Oe9sU4Hq
PzLSwm9t+bHVz4F1YvCtyzrD1AEW46X+JmDVgSI3XstPMsvH2k5EeLv9f08rh70D
vMp+L6XVPHYF19DWCBLPOu8xIE6qTjU0t4beXd4fachRPqgSWcU3qX5HjnoM9Xga
DoUom/+gjzwpUCPmDfinhdmBOZSw4XI+X0wpZuQwAMHizNA=
-----END CERTIFICATE-----