Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3134322e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e3134322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          1e6l1LdX4VP/mklPMMVZyEWoZFYsytZEroCPDdfQkVE=
Subject key identifier:   01:A3:FB:6E:64:7F:2D:55:E7:22:B0:4E:6A:4B:86:50:CB:32:99:5E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4299B6156819B7B58AB8B96106A6DD501EE6165D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3134322e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:46:35 +0000
ROA not before:           Mon 02 Jun 2025 16:41:35 +0000
ROA not after:            Mon 01 Jun 2026 16:46:35 +0000
asID:                     834
IP address blocks:        143.20.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:99:b6:15:68:19:b7:b5:8a:b8:b9:61:06:a6:dd:50:1e:e6:16:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:41:35 2025 GMT
            Not After : Jun  1 16:46:35 2026 GMT
        Subject: CN=01A3FB6E647F2D55E722B04E6A4B8650CB32995E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fa:d3:fb:e8:fd:3d:43:64:8a:f6:85:63:94:
                    31:44:d6:b1:bb:81:ed:9e:d2:0b:f1:e1:38:52:7f:
                    9d:4b:b1:98:79:50:e9:ad:e6:d3:32:cc:8e:61:0c:
                    21:67:9e:73:f2:86:f6:59:4d:31:e4:28:2a:58:d5:
                    31:78:d2:03:28:13:b9:00:aa:1f:b9:ff:0e:7f:b2:
                    1d:64:ea:26:d2:87:ca:37:a3:30:21:f1:10:70:77:
                    1f:ae:37:d3:75:a9:a1:47:56:ed:08:e6:65:0f:ff:
                    f7:b2:00:91:9d:b6:27:25:3b:67:7c:78:66:22:c4:
                    81:4a:09:6d:43:63:40:07:46:a5:a2:99:af:84:1b:
                    36:23:34:e7:61:ee:de:77:eb:a5:c4:bb:48:6e:e1:
                    45:c3:bd:c2:68:a1:af:47:28:48:a2:3f:f9:fc:e1:
                    1d:4c:30:9e:8e:33:42:ef:55:d6:98:cc:79:ed:32:
                    2b:86:9c:5a:1d:5d:5f:81:63:1e:ab:ff:6b:7b:54:
                    d8:62:59:68:6e:d7:8f:8e:cc:65:cc:9d:3f:e1:fa:
                    83:4e:ba:9e:9d:25:12:98:2d:e2:9b:6b:44:f4:c1:
                    90:88:96:a8:12:cd:b6:ab:43:70:8b:52:84:b1:1e:
                    e9:4c:5b:6b:6b:3d:d5:da:fc:cb:e5:d9:c7:47:25:
                    f8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A3:FB:6E:64:7F:2D:55:E7:22:B0:4E:6A:4B:86:50:CB:32:99:5E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3134322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:57:8c:9e:8a:d6:de:3c:f6:64:81:c5:b0:ec:17:89:92:9e:
         62:95:5a:a2:e7:75:3c:65:df:bd:2f:d0:bd:89:a6:bd:d5:70:
         b2:d1:22:a5:20:e3:af:a6:b3:25:8b:83:46:0a:ec:1c:fb:a7:
         91:f5:09:56:e3:0f:13:21:e9:e4:bd:64:ed:39:5a:46:c7:5a:
         02:2c:f9:de:33:84:71:c5:51:fd:a2:d2:c7:c7:05:55:1a:ab:
         96:b4:5b:47:96:49:82:af:71:41:20:aa:2f:6b:52:e9:dc:44:
         b5:e9:43:a1:32:a1:f3:38:bf:0e:af:01:b4:e3:46:b9:79:11:
         ca:a4:7a:52:82:bd:6d:3a:64:a8:49:70:11:77:36:87:bf:ed:
         06:a2:04:55:25:bc:9b:77:a4:c2:53:37:2b:af:f8:38:bd:2f:
         82:2d:60:0d:61:8c:e5:26:88:4c:10:fe:f4:40:ad:cc:68:30:
         64:33:72:9c:14:2e:55:7e:16:11:a4:67:ea:9d:7a:73:39:2e:
         53:d9:e2:5f:10:0a:57:a5:7e:81:ba:47:d1:6d:fc:d3:c0:bb:
         d9:5f:4d:b2:18:9b:49:94:df:16:99:72:51:ee:0a:6b:d1:c3:
         be:29:a9:46:b4:6a:43:46:ac:1a:fe:46:1d:0f:94:6a:7b:37:
         f7:17:63:f5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQpm2FWgZt7WKuLlhBqbdUB7mFl0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjQxMzVaFw0yNjA2MDExNjQ2MzVaMDMxMTAvBgNV
BAMTKDAxQTNGQjZFNjQ3RjJENTVFNzIyQjA0RTZBNEI4NjUwQ0IzMjk5NUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl+tP76P09Q2SK9oVjlDFE1rG7
ge2e0gvx4ThSf51LsZh5UOmt5tMyzI5hDCFnnnPyhvZZTTHkKCpY1TF40gMoE7kA
qh+5/w5/sh1k6ibSh8o3ozAh8RBwdx+uN9N1qaFHVu0I5mUP//eyAJGdticlO2d8
eGYixIFKCW1DY0AHRqWima+EGzYjNOdh7t5366XEu0hu4UXDvcJooa9HKEiiP/n8
4R1MMJ6OM0LvVdaYzHntMiuGnFodXV+BYx6r/2t7VNhiWWhu14+OzGXMnT/h+oNO
up6dJRKYLeKba0T0wZCIlqgSzbarQ3CLUoSxHulMW2trPdXa/Mvl2cdHJfj5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUAaP7bmR/LVXnIrBOakuGUMsymV4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTM0
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFI4w
DQYJKoZIhvcNAQELBQADggEBAAZXjJ6K1t489mSBxbDsF4mSnmKVWqLndTxl370v
0L2Jpr3VcLLRIqUg46+msyWLg0YK7Bz7p5H1CVbjDxMh6eS9ZO05WkbHWgIs+d4z
hHHFUf2i0sfHBVUaq5a0W0eWSYKvcUEgqi9rUuncRLXpQ6EyofM4vw6vAbTjRrl5
EcqkelKCvW06ZKhJcBF3Noe/7QaiBFUlvJt3pMJTNyuv+Di9L4ItYA1hjOUmiEwQ
/vRArcxoMGQzcpwULlV+FhGkZ+qdenM5LlPZ4l8QClelfoG6R9Ft/NPAu9lfTbIY
m0mU3xaZclHuCmvRw74pqUa0akNGrBr+Rh0PlGp7N/cXY/U=
-----END CERTIFICATE-----