Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3137362e302f32332d3234203d3e20383334.roa
File:                     3134332e32302e3137362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          IDl0K3PpVuZLooTNjU7sDQbyNinCOReVLxXC8CyFnNk=
Subject key identifier:   71:4D:0B:0B:06:1A:AC:8B:CA:1B:5C:6B:42:C8:21:31:15:52:72:0A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       39863E37D8272EDA588101C3875E2A28C4E58128
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3137362e302f32332d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:40:30 +0000
ROA not before:           Mon 02 Jun 2025 16:35:30 +0000
ROA not after:            Mon 01 Jun 2026 16:40:30 +0000
asID:                     834
IP address blocks:        143.20.176.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:86:3e:37:d8:27:2e:da:58:81:01:c3:87:5e:2a:28:c4:e5:81:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:35:30 2025 GMT
            Not After : Jun  1 16:40:30 2026 GMT
        Subject: CN=714D0B0B061AAC8BCA1B5C6B42C821311552720A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d4:6f:82:ba:37:0f:17:1a:9e:cf:a6:a6:0f:
                    f1:b8:1e:ea:0c:73:a0:15:4f:35:d4:02:b4:c2:3a:
                    f0:7a:89:3a:68:84:c4:4c:c3:dc:3a:38:12:eb:91:
                    ef:70:89:83:ea:bf:6e:91:64:18:e6:59:f8:0e:c6:
                    03:21:92:43:d1:bb:24:5a:f0:a2:22:c7:ad:ac:6c:
                    1e:1f:d2:1c:42:1f:4e:d7:75:03:75:f8:60:dc:aa:
                    b1:a5:8b:be:a2:da:01:a8:5d:35:72:e0:0c:96:12:
                    7d:12:65:db:e2:0d:db:45:70:76:2f:44:df:cc:ea:
                    0f:b6:23:26:39:e8:52:40:a0:b7:86:35:22:54:7d:
                    90:8d:10:fa:b9:02:11:30:4f:71:ce:d2:34:86:13:
                    31:34:1e:98:a5:aa:22:e3:2e:6a:4c:4d:0a:72:45:
                    bd:a5:6e:ea:1e:f8:5f:be:17:69:ef:33:c4:82:0d:
                    a4:36:68:7e:8e:af:be:56:d2:39:2e:58:1c:a2:38:
                    cb:c7:58:30:a4:d2:5a:5b:4c:93:c9:53:82:81:15:
                    dc:e8:a7:65:b1:bf:67:5e:d2:24:1d:de:57:c2:f5:
                    ab:48:5b:1c:97:7c:e3:22:62:b3:10:1c:73:8a:83:
                    0b:28:bb:7b:84:c0:e9:c1:9b:84:45:70:98:a4:c0:
                    29:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:4D:0B:0B:06:1A:AC:8B:CA:1B:5C:6B:42:C8:21:31:15:52:72:0A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3137362e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:e4:33:1f:3c:e6:44:81:3c:8d:59:31:cf:e1:ae:4b:43:6d:
         ff:d3:4c:c2:4f:ff:8a:25:18:59:eb:af:aa:af:93:a6:82:42:
         bc:7e:a4:9f:27:ab:87:cc:97:62:2c:1e:8b:49:e0:38:6c:a7:
         1b:ac:b8:7b:db:c3:34:a3:7f:3e:9f:83:33:c3:e9:11:ab:86:
         fb:7d:c9:b6:4c:d0:83:9b:57:23:a5:dd:2f:37:d4:11:c1:0f:
         90:e7:b4:ca:ee:f1:17:2a:6e:6d:43:a0:45:9e:f1:bd:00:a6:
         75:97:dd:55:ac:b9:82:b6:fc:fe:a3:fe:57:19:0f:94:73:60:
         77:aa:8d:79:0b:b7:70:82:2b:4a:10:66:18:17:d2:d9:ed:17:
         c9:d7:0a:aa:1e:fb:3e:ea:2e:c3:85:82:73:a9:ee:55:57:c0:
         50:e0:57:82:c5:11:af:17:01:3f:b9:18:a3:0a:48:34:1e:3c:
         ee:86:42:ca:a2:d3:0f:f4:90:42:3b:9f:65:80:31:2e:32:93:
         0b:57:fb:42:5c:5d:09:b3:b1:45:34:37:a9:c3:be:0f:b1:00:
         a2:94:a5:eb:e1:ec:88:62:0a:3c:3d:c7:07:46:42:a8:aa:e1:
         8c:83:45:5b:6d:49:94:49:11:73:93:00:5d:a9:d5:be:b2:c3:
         44:35:ad:25
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUOYY+N9gnLtpYgQHDh14qKMTlgSgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjM1MzBaFw0yNjA2MDExNjQwMzBaMDMxMTAvBgNV
BAMTKDcxNEQwQjBCMDYxQUFDOEJDQTFCNUM2QjQyQzgyMTMxMTU1MjcyMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC51G+CujcPFxqez6amD/G4HuoM
c6AVTzXUArTCOvB6iTpohMRMw9w6OBLrke9wiYPqv26RZBjmWfgOxgMhkkPRuyRa
8KIix62sbB4f0hxCH07XdQN1+GDcqrGli76i2gGoXTVy4AyWEn0SZdviDdtFcHYv
RN/M6g+2IyY56FJAoLeGNSJUfZCNEPq5AhEwT3HO0jSGEzE0HpilqiLjLmpMTQpy
Rb2lbuoe+F++F2nvM8SCDaQ2aH6Or75W0jkuWByiOMvHWDCk0lpbTJPJU4KBFdzo
p2Wxv2de0iQd3lfC9atIWxyXfOMiYrMQHHOKgwsou3uEwOnBm4RFcJikwCn3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUcU0LCwYarIvKG1xrQsghMRVScgowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTM3
MzYyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGPFLAw
DQYJKoZIhvcNAQELBQADggEBAFjkMx885kSBPI1ZMc/hrktDbf/TTMJP/4olGFnr
r6qvk6aCQrx+pJ8nq4fMl2IsHotJ4DhspxusuHvbwzSjfz6fgzPD6RGrhvt9ybZM
0IObVyOl3S831BHBD5DntMru8Rcqbm1DoEWe8b0ApnWX3VWsuYK2/P6j/lcZD5Rz
YHeqjXkLt3CCK0oQZhgX0tntF8nXCqoe+z7qLsOFgnOp7lVXwFDgV4LFEa8XAT+5
GKMKSDQePO6GQsqi0w/0kEI7n2WAMS4ykwtX+0JcXQmzsUU0N6nDvg+xAKKUpevh
7IhiCjw9xwdGQqiq4YyDRVttSZRJEXOTAF2p1b6yw0Q1rSU=
-----END CERTIFICATE-----