Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3139322e302f32312d3234203d3e20383334.roa
File:                     3134332e32302e3139322e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          lBb7Cnff0x8OxQx0ysoEoj9rF667Rcu+BI01Hm6oQPM=
Subject key identifier:   9B:05:4B:A1:E5:E4:A3:B2:98:9A:4C:37:78:0A:94:94:E0:D7:53:4D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       213EEDF88612325F03E984C76A6DF9B441C3F8EE
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3139322e302f32312d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:25:09 +0000
ROA not before:           Mon 02 Jun 2025 16:20:09 +0000
ROA not after:            Mon 01 Jun 2026 16:25:09 +0000
asID:                     834
IP address blocks:        143.20.192.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:3e:ed:f8:86:12:32:5f:03:e9:84:c7:6a:6d:f9:b4:41:c3:f8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:20:09 2025 GMT
            Not After : Jun  1 16:25:09 2026 GMT
        Subject: CN=9B054BA1E5E4A3B2989A4C37780A9494E0D7534D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0d:d4:19:d7:3d:6e:02:75:70:8a:02:67:28:
                    ba:ac:78:00:e2:7a:0d:70:80:01:28:37:fb:6b:2a:
                    a9:13:17:9f:aa:59:ae:9e:17:e9:8f:83:20:d8:30:
                    af:64:b0:61:f3:c5:67:4b:27:86:4c:2e:4f:34:fd:
                    f1:85:53:97:08:ae:ce:94:9f:75:6a:e2:ee:1e:48:
                    88:0f:a4:ea:1c:42:8a:72:75:c5:a0:0c:3c:3e:ad:
                    a0:43:c0:cf:1e:16:83:b2:6f:97:1f:29:81:b8:0b:
                    c4:6f:d9:35:1c:c9:fa:99:ab:0d:d9:aa:9a:1f:be:
                    c0:1d:f8:ff:f3:3e:87:69:ad:59:49:11:78:be:75:
                    43:43:41:6e:9a:c6:c7:3c:ac:7c:3b:0b:be:48:39:
                    f0:0d:6c:e9:fb:7f:a7:07:fe:4d:49:ef:b2:00:cd:
                    3a:7b:e1:0f:b3:77:5f:a9:23:0a:97:a4:b2:fb:66:
                    55:61:6e:28:fd:5d:c2:56:45:7a:68:b3:bf:97:c6:
                    13:ea:b8:f9:78:95:22:e8:dd:36:03:4f:45:c5:ae:
                    be:4c:05:9c:ab:69:fc:9d:9b:3d:de:62:ea:e8:bb:
                    2f:6f:0e:61:55:40:bd:3e:ee:70:d9:a8:f7:1c:4a:
                    f9:a7:b8:49:a1:6c:af:01:c3:9f:56:5f:83:63:44:
                    57:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:05:4B:A1:E5:E4:A3:B2:98:9A:4C:37:78:0A:94:94:E0:D7:53:4D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3139322e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         aa:24:c1:0f:41:83:41:a7:da:81:e7:57:b1:7d:2c:86:b3:17:
         39:c2:07:3a:1e:ba:4a:ec:e7:f3:16:32:07:6e:e6:8f:85:e4:
         79:cb:d8:aa:b8:7a:2c:b0:ef:a0:43:c7:88:a4:7d:51:c7:7e:
         88:3f:bd:94:f8:47:2a:bc:1e:65:f9:a9:3a:93:f8:ae:be:57:
         fb:56:33:04:14:71:25:05:74:30:ce:9d:66:6d:10:08:61:3d:
         e5:bb:3e:1d:a0:1a:aa:66:59:6f:72:32:db:42:7e:9c:4f:32:
         f9:fb:be:b3:0a:5b:df:64:e4:31:32:1d:a6:2b:15:c7:53:e0:
         cb:bf:4e:01:d9:bc:5c:85:c9:63:8b:5e:58:21:81:55:44:b9:
         67:94:ea:57:99:c4:3b:e3:9b:b1:0e:3b:59:3a:26:ff:6a:c6:
         6c:15:c4:82:4d:f1:3f:ed:bb:bc:01:d0:08:16:06:c7:00:c9:
         f0:e6:72:1e:90:3d:46:5a:4f:2c:ad:b9:0c:3b:a6:03:d4:22:
         30:0f:4a:cd:c2:b9:64:e9:43:51:89:75:83:63:ad:df:53:62:
         80:d6:52:e6:ec:f5:0c:5a:c8:ce:ed:b1:b2:00:4c:9c:59:a8:
         a6:f9:ed:17:52:c9:2a:90:7d:b5:f3:9f:60:af:ea:91:da:e1:
         92:a7:31:30
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIT7t+IYSMl8D6YTHam35tEHD+O4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjIwMDlaFw0yNjA2MDExNjI1MDlaMDMxMTAvBgNV
BAMTKDlCMDU0QkExRTVFNEEzQjI5ODlBNEMzNzc4MEE5NDk0RTBENzUzNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLDdQZ1z1uAnVwigJnKLqseADi
eg1wgAEoN/trKqkTF5+qWa6eF+mPgyDYMK9ksGHzxWdLJ4ZMLk80/fGFU5cIrs6U
n3Vq4u4eSIgPpOocQopydcWgDDw+raBDwM8eFoOyb5cfKYG4C8Rv2TUcyfqZqw3Z
qpofvsAd+P/zPodprVlJEXi+dUNDQW6axsc8rHw7C75IOfANbOn7f6cH/k1J77IA
zTp74Q+zd1+pIwqXpLL7ZlVhbij9XcJWRXpos7+XxhPquPl4lSLo3TYDT0XFrr5M
BZyrafydmz3eYurouy9vDmFVQL0+7nDZqPccSvmnuEmhbK8Bw59WX4NjRFeTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmwVLoeXko7KYmkw3eAqUlODXU00wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTM5
MzIyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOPFMAw
DQYJKoZIhvcNAQELBQADggEBAKokwQ9Bg0Gn2oHnV7F9LIazFznCBzoeukrs5/MW
Mgdu5o+F5HnL2Kq4eiyw76BDx4ikfVHHfog/vZT4Ryq8HmX5qTqT+K6+V/tWMwQU
cSUFdDDOnWZtEAhhPeW7Ph2gGqpmWW9yMttCfpxPMvn7vrMKW99k5DEyHaYrFcdT
4Mu/TgHZvFyFyWOLXlghgVVEuWeU6leZxDvjm7EOO1k6Jv9qxmwVxIJN8T/tu7wB
0AgWBscAyfDmch6QPUZaTyytuQw7pgPUIjAPSs3CuWTpQ1GJdYNjrd9TYoDWUubs
9QxayM7tsbIATJxZqKb57RdSySqQfbXzn2Cv6pHa4ZKnMTA=
-----END CERTIFICATE-----