Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3136302e302f32302d3234203d3e20383334.roa
File:                     3134332e32302e3136302e302f32302d3234203d3e20383334.roa (raw, json)
Hash identifier:          1Folk6bHm6FwJw2uo5Q+Ep6sxSjtanAFBkEYzb5c4ms=
Subject key identifier:   AA:DC:D5:42:66:2E:E4:E6:B6:59:29:F2:E5:83:64:BC:D1:A2:07:4E
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3D0D7C4FF776DEB52447FB9425241EE38690DFBA
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3136302e302f32302d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 12:42:50 +0000
ROA not before:           Mon 02 Jun 2025 12:37:50 +0000
ROA not after:            Mon 01 Jun 2026 12:42:50 +0000
asID:                     834
IP address blocks:        143.20.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:0d:7c:4f:f7:76:de:b5:24:47:fb:94:25:24:1e:e3:86:90:df:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 12:37:50 2025 GMT
            Not After : Jun  1 12:42:50 2026 GMT
        Subject: CN=AADCD542662EE4E6B65929F2E58364BCD1A2074E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d0:0d:d4:ac:ce:21:c5:ce:d2:c5:e4:75:7b:
                    d4:56:c4:61:df:cd:cc:ff:91:c7:10:b8:9d:32:cf:
                    b3:6f:dc:10:a0:2c:5b:b7:35:4c:d9:ca:ac:45:c9:
                    71:ae:ba:03:2c:dd:28:9a:23:63:7b:c3:7d:1f:5f:
                    34:c1:22:5d:51:a1:c3:da:52:63:1c:ab:d6:f9:1f:
                    6a:9b:0a:36:b4:f0:82:fc:f0:25:84:08:7d:5c:c9:
                    18:0f:30:81:d7:d8:22:08:32:25:5e:c7:ab:13:e1:
                    a0:59:3b:bf:52:1c:54:16:77:cf:5c:6e:c9:c5:0a:
                    31:21:83:60:7b:32:15:a0:5c:7f:5e:52:b5:75:fd:
                    3f:da:64:89:a8:94:15:87:72:29:63:5b:7d:84:00:
                    4c:7f:00:61:2b:7c:6d:91:e8:69:39:3c:da:b2:dc:
                    15:7c:0c:c6:38:f6:93:52:c0:10:72:e7:b7:2b:36:
                    20:9a:ea:fb:d2:16:7f:1a:ba:2f:1e:98:4b:82:8e:
                    f3:b3:d5:2a:8b:9c:69:48:ba:58:b3:39:bf:ed:73:
                    39:e1:ab:03:16:30:2e:83:33:b3:be:4a:7b:db:8a:
                    7d:f8:a4:c0:8f:d1:16:95:d9:cb:cf:b4:db:2a:9c:
                    8b:53:ee:02:67:48:4d:78:24:a9:cf:3c:77:cd:50:
                    98:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:DC:D5:42:66:2E:E4:E6:B6:59:29:F2:E5:83:64:BC:D1:A2:07:4E
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3136302e302f32302d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3a:4d:3d:c0:a1:14:2f:73:8f:06:45:1b:98:90:de:1b:bc:22:
         98:5a:fd:b6:1e:e1:3f:fe:24:09:a1:a6:eb:50:09:99:ff:01:
         24:86:75:a4:40:5e:21:ae:c6:9b:49:66:62:65:6b:27:2f:c7:
         30:e3:48:1c:e0:9d:4d:f9:e5:6e:e8:49:ea:77:4e:21:ce:7c:
         70:0c:4d:d5:ec:bd:7f:7a:22:bc:b7:bc:56:6f:38:d0:39:0d:
         62:93:4e:ce:0f:24:11:00:00:33:a1:b8:0f:45:c9:0a:99:fb:
         a6:aa:64:8d:9e:cd:5a:04:4e:f0:b2:fa:43:5a:11:50:d2:c9:
         9f:10:f3:6b:d1:b5:c8:70:a6:33:1f:25:ff:85:68:a7:15:20:
         7f:84:b4:3c:2e:ab:b5:80:d6:c3:81:3f:9c:b9:7e:00:c8:57:
         71:46:9f:c1:de:d8:ca:c0:a7:db:28:20:d5:a5:61:6e:c5:c5:
         f5:ce:bf:09:4d:cd:20:4b:37:74:c0:54:9e:9d:fb:5e:c4:17:
         4b:36:a2:3d:69:af:a6:b2:6c:68:55:96:86:e8:05:2e:db:d8:
         31:b8:6e:cf:b9:82:9f:15:a1:1f:de:46:73:dc:6c:a3:15:56:
         8a:c3:d5:55:d2:a3:2e:43:df:d0:27:50:e7:92:32:cf:ed:15:
         14:fd:9a:7a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPQ18T/d23rUkR/uUJSQe44aQ37owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxMjM3NTBaFw0yNjA2MDExMjQyNTBaMDMxMTAvBgNV
BAMTKEFBRENENTQyNjYyRUU0RTZCNjU5MjlGMkU1ODM2NEJDRDFBMjA3NEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy0A3UrM4hxc7SxeR1e9RWxGHf
zcz/kccQuJ0yz7Nv3BCgLFu3NUzZyqxFyXGuugMs3SiaI2N7w30fXzTBIl1RocPa
UmMcq9b5H2qbCja08IL88CWECH1cyRgPMIHX2CIIMiVex6sT4aBZO79SHFQWd89c
bsnFCjEhg2B7MhWgXH9eUrV1/T/aZImolBWHciljW32EAEx/AGErfG2R6Gk5PNqy
3BV8DMY49pNSwBBy57crNiCa6vvSFn8aui8emEuCjvOz1SqLnGlIulizOb/tcznh
qwMWMC6DM7O+Snvbin34pMCP0RaV2cvPtNsqnItT7gJnSE14JKnPPHfNUJinAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUqtzVQmYu5Oa2WSny5YNkvNGiB04wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTM2
MzAyZTMwMmYzMjMwMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBASPFKAw
DQYJKoZIhvcNAQELBQADggEBADpNPcChFC9zjwZFG5iQ3hu8Ipha/bYe4T/+JAmh
putQCZn/ASSGdaRAXiGuxptJZmJlaycvxzDjSBzgnU355W7oSep3TiHOfHAMTdXs
vX96Iry3vFZvONA5DWKTTs4PJBEAADOhuA9FyQqZ+6aqZI2ezVoETvCy+kNaEVDS
yZ8Q82vRtchwpjMfJf+FaKcVIH+EtDwuq7WA1sOBP5y5fgDIV3FGn8He2MrAp9so
INWlYW7FxfXOvwlNzSBLN3TAVJ6d+17EF0s2oj1pr6aybGhVloboBS7b2DG4bs+5
gp8VoR/eRnPcbKMVVorD1VXSoy5D39AnUOeSMs/tFRT9mno=
-----END CERTIFICATE-----