Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3138302e302f32322d3234203d3e20383334.roa
File:                     3134332e32302e3138302e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          mvyjqO855sTHFwaUmAPuFlgHl49LMKShrH/fEkN9Xmg=
Subject key identifier:   CF:82:88:FE:6D:13:D7:BD:A6:51:8C:56:77:93:AD:E7:12:43:F9:A9
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       328C1B92259458C45006289F2049A8CFC18D459C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3138302e302f32322d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:37:25 +0000
ROA not before:           Mon 02 Jun 2025 16:32:25 +0000
ROA not after:            Mon 01 Jun 2026 16:37:25 +0000
asID:                     834
IP address blocks:        143.20.180.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:8c:1b:92:25:94:58:c4:50:06:28:9f:20:49:a8:cf:c1:8d:45:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:32:25 2025 GMT
            Not After : Jun  1 16:37:25 2026 GMT
        Subject: CN=CF8288FE6D13D7BDA6518C567793ADE71243F9A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3f:1a:44:40:87:ef:80:ce:b1:e6:f3:32:79:
                    8c:d6:64:c4:d6:bc:2b:04:f1:82:97:90:53:e7:ff:
                    bf:51:cb:02:06:5c:c7:0e:cc:2d:20:28:e2:16:4b:
                    a8:e0:41:74:f0:f0:2d:92:7c:86:80:f5:8f:13:64:
                    5c:a2:55:22:0c:b1:f7:bb:f8:12:e6:5f:a9:2b:d3:
                    05:d6:89:29:94:ac:f7:e2:e5:54:d2:29:0d:0a:21:
                    d6:f7:25:7e:f0:eb:43:38:71:74:b5:ca:2f:5c:a5:
                    93:37:2e:14:c2:68:7f:67:b1:e0:1c:f5:4e:bb:c7:
                    b1:31:fc:35:9e:06:05:15:2c:2d:24:a4:36:a1:d1:
                    ac:2f:89:b9:ce:0b:e6:58:c2:36:95:82:8b:ea:52:
                    81:a7:52:47:f3:d9:1a:a4:49:8a:80:82:6f:a8:53:
                    ad:88:81:ab:c0:7b:60:18:b1:cf:ba:07:ad:40:ee:
                    67:f6:62:e2:1b:43:90:9b:3e:52:e1:e0:86:94:47:
                    b8:0b:87:18:6f:f9:50:87:02:4e:08:92:e9:f2:eb:
                    55:77:ea:e6:de:98:25:28:02:35:19:c4:21:e7:9e:
                    63:09:6a:f2:43:28:aa:e9:de:2b:0c:12:65:1f:8e:
                    ee:8a:a0:ff:a3:bf:72:3b:10:27:8e:3a:69:cc:9f:
                    4c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:82:88:FE:6D:13:D7:BD:A6:51:8C:56:77:93:AD:E7:12:43:F9:A9
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3138302e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:ea:75:cc:bf:b2:74:c9:d5:10:3a:86:6f:58:86:0d:4f:54:
         47:a5:d7:67:0e:75:8c:a9:92:00:b2:1f:c3:ba:21:05:62:72:
         59:33:56:16:72:84:a1:99:53:78:a1:0d:bc:08:99:92:b4:1f:
         bf:3b:ee:a2:bf:0b:88:c3:1f:3c:ab:3d:f4:21:ec:dc:d0:b1:
         83:05:9f:63:14:22:bd:68:90:f0:4c:c5:35:14:7b:16:22:85:
         f8:e6:4a:f2:6f:ce:84:75:c5:85:ce:28:3f:88:00:5f:42:f6:
         ea:f1:7c:d2:33:ed:08:36:f5:97:3a:35:63:7c:a6:f3:2d:ef:
         59:65:ac:c0:d6:58:f6:68:a4:a0:5c:2b:b1:c4:33:cb:2b:13:
         f9:33:ae:88:00:74:54:4f:fb:b6:c4:23:4c:f2:cc:f0:94:39:
         8d:ff:4d:82:cd:5c:52:8c:42:c7:96:9f:36:ba:79:3d:88:f4:
         9c:c5:24:de:d7:25:49:a6:78:3c:00:fe:df:6a:78:c4:96:41:
         7f:90:00:84:c1:f8:2b:a4:67:45:d1:fd:99:2b:a6:b3:25:c3:
         d7:4d:30:69:d5:7d:56:3e:11:67:b3:c8:c9:6c:d3:cb:33:cd:
         c2:be:95:50:40:b9:71:34:0b:29:e7:93:34:80:de:2c:75:5d:
         49:ee:ed:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUMowbkiWUWMRQBiifIEmoz8GNRZwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjMyMjVaFw0yNjA2MDExNjM3MjVaMDMxMTAvBgNV
BAMTKENGODI4OEZFNkQxM0Q3QkRBNjUxOEM1Njc3OTNBREU3MTI0M0Y5QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnPxpEQIfvgM6x5vMyeYzWZMTW
vCsE8YKXkFPn/79RywIGXMcOzC0gKOIWS6jgQXTw8C2SfIaA9Y8TZFyiVSIMsfe7
+BLmX6kr0wXWiSmUrPfi5VTSKQ0KIdb3JX7w60M4cXS1yi9cpZM3LhTCaH9nseAc
9U67x7Ex/DWeBgUVLC0kpDah0awvibnOC+ZYwjaVgovqUoGnUkfz2RqkSYqAgm+o
U62IgavAe2AYsc+6B61A7mf2YuIbQ5CbPlLh4IaUR7gLhxhv+VCHAk4Ikuny61V3
6ubemCUoAjUZxCHnnmMJavJDKKrp3isMEmUfju6KoP+jv3I7ECeOOmnMn0z/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUz4KI/m0T172mUYxWd5Ot5xJD+akwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTM4
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKPFLQw
DQYJKoZIhvcNAQELBQADggEBAGnqdcy/snTJ1RA6hm9Yhg1PVEel12cOdYypkgCy
H8O6IQViclkzVhZyhKGZU3ihDbwImZK0H7877qK/C4jDHzyrPfQh7NzQsYMFn2MU
Ir1okPBMxTUUexYihfjmSvJvzoR1xYXOKD+IAF9C9urxfNIz7Qg29Zc6NWN8pvMt
71llrMDWWPZopKBcK7HEM8srE/kzrogAdFRP+7bEI0zyzPCUOY3/TYLNXFKMQseW
nza6eT2I9JzFJN7XJUmmeDwA/t9qeMSWQX+QAITB+CukZ0XR/ZkrprMlw9dNMGnV
fVY+EWezyMls08szzcK+lVBAuXE0CynnkzSA3ix1XUnu7R0=
-----END CERTIFICATE-----