Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3138342e302f32312d3234203d3e20383334.roa
File:                     3134332e32302e3138342e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          zQW+gOSWfRXKPYi4H2hIhDefSse25qR3bYIqK/n+fEg=
Subject key identifier:   95:AF:F4:37:3D:28:CE:B6:D5:AD:75:E7:77:33:1B:EF:8D:15:EF:40
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       50923F38C4671913AB437E32F1DBB2781AA3E563
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3138342e302f32312d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:25:09 +0000
ROA not before:           Mon 02 Jun 2025 16:20:09 +0000
ROA not after:            Mon 01 Jun 2026 16:25:09 +0000
asID:                     834
IP address blocks:        143.20.184.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:92:3f:38:c4:67:19:13:ab:43:7e:32:f1:db:b2:78:1a:a3:e5:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:20:09 2025 GMT
            Not After : Jun  1 16:25:09 2026 GMT
        Subject: CN=95AFF4373D28CEB6D5AD75E777331BEF8D15EF40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a1:52:69:d9:97:c8:96:e8:b9:cb:a8:3d:68:
                    d9:04:d8:ab:0b:5e:d8:49:97:f9:40:46:11:d5:6f:
                    48:d3:ad:64:92:ab:38:ca:3a:17:e0:5c:62:ba:31:
                    58:bc:17:7a:31:bf:6f:b7:57:70:89:85:7a:d3:f1:
                    70:06:c1:3f:66:45:c4:2d:f2:f8:9d:9c:fd:5e:f8:
                    e8:93:d9:34:90:48:3c:eb:66:bc:2d:1e:b9:52:48:
                    71:f4:fd:11:e3:30:fb:07:2f:b3:22:31:27:96:e2:
                    74:8a:29:21:66:ea:35:49:a8:2e:ed:a9:f4:b3:ec:
                    49:7f:f2:b6:a3:a7:e9:50:21:56:7b:a1:22:76:a1:
                    27:bd:1b:d7:75:75:9b:9e:aa:c5:d2:67:ce:13:27:
                    9e:12:82:a0:97:71:08:60:35:37:d6:82:f6:64:fd:
                    36:57:da:24:a2:ce:52:f4:df:41:d2:39:18:f7:01:
                    e6:63:7e:57:d7:d9:71:6c:78:c9:78:62:c1:7c:49:
                    09:47:ba:f0:b2:5b:14:b8:d1:bb:38:63:e1:9d:bc:
                    93:ef:30:68:2e:8b:2b:9a:9e:6d:ce:34:0b:5a:b0:
                    c7:d1:92:2b:89:ff:fc:25:dc:08:0b:ec:f0:9b:b8:
                    06:19:53:98:33:11:89:1c:c7:80:09:6d:34:cf:31:
                    8b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:AF:F4:37:3D:28:CE:B6:D5:AD:75:E7:77:33:1B:EF:8D:15:EF:40
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3138342e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:fd:f9:a8:7f:7f:3a:5f:4b:aa:cc:8d:5e:6e:18:4e:b5:55:
         28:81:1d:77:12:11:71:cb:58:4e:76:af:bd:fe:6e:23:35:53:
         55:39:2f:40:e4:45:7d:74:48:ce:86:fb:f2:dd:9c:61:8a:2e:
         6c:34:48:0c:13:34:a0:e9:a9:6d:9f:ac:13:49:12:93:ac:97:
         49:92:ae:bb:99:80:d6:2d:7d:d3:b1:36:f3:00:d8:c5:1d:b5:
         dc:b7:a0:74:57:54:28:49:8f:bf:a4:7b:c2:23:98:99:bb:d1:
         d4:ed:8d:1e:5c:a7:85:57:ff:a6:ec:ac:4f:35:f8:07:f1:55:
         ed:ad:d4:19:89:7c:8c:d3:18:27:01:29:a4:87:5d:aa:19:8e:
         e6:86:c2:db:89:ac:ee:e6:4f:4d:9a:a1:3d:85:34:91:e0:19:
         17:ef:ab:0b:f1:46:e4:81:9b:c3:55:64:6b:3f:d6:cb:f8:2f:
         1e:4f:b2:ba:52:4c:5b:fd:b7:f3:5c:b3:f7:94:47:8b:39:4c:
         f2:5d:67:fa:0d:c3:7c:4b:26:37:ea:2c:59:79:c1:b2:3f:96:
         85:d5:fd:46:ed:03:1c:7d:c1:db:cc:7e:5c:58:32:58:71:02:
         b6:d0:9a:9b:3d:f4:e8:3b:db:dd:66:e0:b8:1b:58:9d:12:fb:
         5f:9c:32:e0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUJI/OMRnGROrQ34y8duyeBqj5WMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjIwMDlaFw0yNjA2MDExNjI1MDlaMDMxMTAvBgNV
BAMTKDk1QUZGNDM3M0QyOENFQjZENUFENzVFNzc3MzMxQkVGOEQxNUVGNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRoVJp2ZfIlui5y6g9aNkE2KsL
XthJl/lARhHVb0jTrWSSqzjKOhfgXGK6MVi8F3oxv2+3V3CJhXrT8XAGwT9mRcQt
8vidnP1e+OiT2TSQSDzrZrwtHrlSSHH0/RHjMPsHL7MiMSeW4nSKKSFm6jVJqC7t
qfSz7El/8rajp+lQIVZ7oSJ2oSe9G9d1dZueqsXSZ84TJ54SgqCXcQhgNTfWgvZk
/TZX2iSizlL030HSORj3AeZjflfX2XFseMl4YsF8SQlHuvCyWxS40bs4Y+GdvJPv
MGguiyuanm3ONAtasMfRkiuJ//wl3AgL7PCbuAYZU5gzEYkcx4AJbTTPMYvhAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUla/0Nz0ozrbVrXXndzMb740V70AwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTM4
MzQyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOPFLgw
DQYJKoZIhvcNAQELBQADggEBAGT9+ah/fzpfS6rMjV5uGE61VSiBHXcSEXHLWE52
r73+biM1U1U5L0DkRX10SM6G+/LdnGGKLmw0SAwTNKDpqW2frBNJEpOsl0mSrruZ
gNYtfdOxNvMA2MUdtdy3oHRXVChJj7+ke8IjmJm70dTtjR5cp4VX/6bsrE81+Afx
Ve2t1BmJfIzTGCcBKaSHXaoZjuaGwtuJrO7mT02aoT2FNJHgGRfvqwvxRuSBm8NV
ZGs/1sv4Lx5PsrpSTFv9t/Ncs/eUR4s5TPJdZ/oNw3xLJjfqLFl5wbI/loXV/Ubt
Axx9wdvMflxYMlhxArbQmps99Og7291m4LgbWJ0S+1+cMuA=
-----END CERTIFICATE-----