Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230302e302f32322d3234203d3e20383334.roa
File:                     3134332e32302e3230302e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          cqySPMsl5r4JYUbQKzdk7jC7eggOFZb3NaVDOSUZusc=
Subject key identifier:   AA:4B:99:25:A3:AA:E7:41:8C:64:43:D9:2A:6E:00:14:8F:4B:E2:57
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       7CA693575F3990DFCB482098AEDC9ABE2E20CE48
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230302e302f32322d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:37:25 +0000
ROA not before:           Mon 02 Jun 2025 16:32:25 +0000
ROA not after:            Mon 01 Jun 2026 16:37:25 +0000
asID:                     834
IP address blocks:        143.20.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:a6:93:57:5f:39:90:df:cb:48:20:98:ae:dc:9a:be:2e:20:ce:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:32:25 2025 GMT
            Not After : Jun  1 16:37:25 2026 GMT
        Subject: CN=AA4B9925A3AAE7418C6443D92A6E00148F4BE257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:46:14:30:48:8e:5b:93:12:a6:b7:05:05:31:
                    4a:79:ce:7a:95:2c:bf:ea:f1:17:80:bc:3f:08:58:
                    6b:e4:03:f9:a0:30:a2:6b:19:d8:d9:01:24:56:15:
                    bd:97:d4:4a:5c:af:0c:2e:45:93:4d:95:e7:ee:23:
                    e9:19:6d:92:70:eb:16:96:ae:70:26:cd:86:66:68:
                    03:72:2f:c4:97:82:e3:49:48:02:1c:58:49:bf:cd:
                    92:3e:df:1f:88:4d:8f:c3:7e:da:31:2c:91:c4:ac:
                    38:57:46:f4:19:9c:5f:0d:cc:75:a6:88:28:1e:32:
                    47:89:d3:4f:ca:f8:57:58:f4:d2:b3:81:ff:fa:b4:
                    7e:61:52:28:a7:14:1b:f9:53:00:68:43:0a:b6:ef:
                    a6:43:33:33:19:38:3c:e7:48:b7:2f:61:56:cd:e7:
                    1d:7a:f6:0e:5f:bb:3b:b9:fb:18:0b:ab:d9:da:1b:
                    31:90:8c:49:58:f0:a6:5d:b9:56:28:df:9f:62:10:
                    48:8c:29:9c:19:99:08:b1:a4:4f:9f:c0:1b:27:96:
                    dd:41:21:ec:9c:6a:8b:54:4f:47:28:4a:1b:6e:15:
                    57:66:6c:e3:42:69:77:e9:89:a2:4f:4c:c8:41:e1:
                    2c:e3:4c:ce:0f:d5:57:71:b1:19:90:52:aa:5f:eb:
                    7b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4B:99:25:A3:AA:E7:41:8C:64:43:D9:2A:6E:00:14:8F:4B:E2:57
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230302e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:c8:1c:59:e3:38:a6:ec:48:9f:59:55:4d:f2:ae:7a:18:bb:
         5a:4e:eb:b2:08:0d:e5:fd:f3:b2:0d:f6:08:b2:db:08:ce:7a:
         d3:68:55:1b:81:b6:9a:e0:0b:75:a3:f3:51:96:18:2f:7c:86:
         1a:39:92:e0:08:01:1b:29:d1:c8:51:ec:aa:5a:23:a5:0d:e4:
         93:93:85:d2:92:d1:6a:70:2e:85:ae:bc:3d:f5:ad:8d:98:ff:
         4c:26:6b:9e:08:74:a0:87:fd:0e:ff:27:c9:59:d9:84:e1:a0:
         9c:09:17:49:a2:da:7d:28:73:3c:0d:35:05:7a:ba:66:3a:bd:
         7e:2e:3b:78:8d:91:72:06:c3:66:77:07:89:ab:03:5b:76:f8:
         3c:ae:93:fc:2e:ca:fe:93:6c:c7:20:f9:7d:9b:6c:24:cf:91:
         7d:37:4c:32:3d:69:64:09:fc:9e:9c:1c:da:d7:0b:e0:84:eb:
         39:0b:bb:c9:81:df:73:41:d8:8d:b3:49:09:db:87:d4:51:05:
         8d:b2:a1:28:2c:c6:29:20:94:59:7c:1c:a6:6a:ea:2f:62:23:
         69:dc:d2:23:6c:51:33:a7:b7:11:ef:16:98:f9:57:9f:d9:e0:
         a3:7f:ef:2d:58:02:d1:e5:a9:c2:5c:eb:28:ae:9a:7f:e0:a8:
         a9:db:e0:d4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUfKaTV185kN/LSCCYrtyavi4gzkgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjMyMjVaFw0yNjA2MDExNjM3MjVaMDMxMTAvBgNV
BAMTKEFBNEI5OTI1QTNBQUU3NDE4QzY0NDNEOTJBNkUwMDE0OEY0QkUyNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaRhQwSI5bkxKmtwUFMUp5znqV
LL/q8ReAvD8IWGvkA/mgMKJrGdjZASRWFb2X1EpcrwwuRZNNlefuI+kZbZJw6xaW
rnAmzYZmaANyL8SXguNJSAIcWEm/zZI+3x+ITY/DftoxLJHErDhXRvQZnF8NzHWm
iCgeMkeJ00/K+FdY9NKzgf/6tH5hUiinFBv5UwBoQwq276ZDMzMZODznSLcvYVbN
5x169g5fuzu5+xgLq9naGzGQjElY8KZduVYo359iEEiMKZwZmQixpE+fwBsnlt1B
IeycaotUT0coShtuFVdmbONCaXfpiaJPTMhB4SzjTM4P1VdxsRmQUqpf63vzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUqkuZJaOq50GMZEPZKm4AFI9L4lcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMw
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKPFMgw
DQYJKoZIhvcNAQELBQADggEBAHfIHFnjOKbsSJ9ZVU3yrnoYu1pO67IIDeX987IN
9giy2wjOetNoVRuBtprgC3Wj81GWGC98hho5kuAIARsp0chR7KpaI6UN5JOThdKS
0WpwLoWuvD31rY2Y/0wma54IdKCH/Q7/J8lZ2YThoJwJF0mi2n0oczwNNQV6umY6
vX4uO3iNkXIGw2Z3B4mrA1t2+Dyuk/wuyv6TbMcg+X2bbCTPkX03TDI9aWQJ/J6c
HNrXC+CE6zkLu8mB33NB2I2zSQnbh9RRBY2yoSgsxikglFl8HKZq6i9iI2nc0iNs
UTOntxHvFpj5V5/Z4KN/7y1YAtHlqcJc6yiumn/gqKnb4NQ=
-----END CERTIFICATE-----