Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230342e302f32332d3234203d3e20383334.roa
File:                     3134332e32302e3230342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          F4rDnR1urPqHUnVYygf0oA4R573976I7MfsJ62w6rFE=
Subject key identifier:   90:B9:21:3C:62:1C:49:B8:84:4D:81:16:8A:48:31:37:EE:6C:B5:DD
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4ECE58F3147457A7A81D536FE8A75FEEA86AC855
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230342e302f32332d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:46:35 +0000
ROA not before:           Mon 02 Jun 2025 16:41:35 +0000
ROA not after:            Mon 01 Jun 2026 16:46:35 +0000
asID:                     834
IP address blocks:        143.20.204.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ce:58:f3:14:74:57:a7:a8:1d:53:6f:e8:a7:5f:ee:a8:6a:c8:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:41:35 2025 GMT
            Not After : Jun  1 16:46:35 2026 GMT
        Subject: CN=90B9213C621C49B8844D81168A483137EE6CB5DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0c:b0:45:ea:9d:5c:a8:a9:9f:a2:39:65:74:
                    5d:d1:b0:35:21:1e:a4:ae:8c:70:9b:82:8a:7d:a8:
                    f7:d8:74:53:4c:0f:cc:c4:0c:12:bf:29:48:fb:32:
                    29:13:55:cf:ea:23:d6:d6:c6:e6:b4:7f:91:de:07:
                    0d:70:58:ec:36:e1:c2:75:b2:25:c9:e3:23:5e:40:
                    fe:ae:2e:86:ee:d1:51:1f:59:50:d5:86:08:82:a5:
                    78:3f:bd:88:38:78:a3:dd:6c:7d:51:f2:60:38:b6:
                    2a:63:d6:3f:9d:35:cc:28:ab:b4:0a:d9:f2:62:44:
                    87:13:04:5a:63:5c:18:38:be:75:54:ea:22:ba:a6:
                    1a:7a:0f:42:a2:a9:89:81:43:6b:3c:3b:bc:cc:35:
                    5a:28:79:4c:b1:e9:de:d0:94:58:2b:c2:f6:3b:75:
                    88:a1:61:0e:d1:d7:b0:89:22:dd:26:3c:51:fe:a1:
                    4d:a1:78:51:5b:40:6c:f7:52:c6:80:0e:e4:0d:96:
                    b2:39:69:2d:4d:12:c4:d9:43:2a:83:00:37:5c:d1:
                    04:1f:a8:ef:5e:69:aa:5c:5f:97:65:a5:3b:53:a3:
                    6b:87:30:fb:95:8a:c8:59:0b:52:9d:78:49:f9:9d:
                    14:48:17:84:e5:76:78:3a:83:c1:58:d4:18:40:f5:
                    8f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B9:21:3C:62:1C:49:B8:84:4D:81:16:8A:48:31:37:EE:6C:B5:DD
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230342e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:2e:f9:d8:a1:18:60:8c:d4:11:50:c4:33:54:47:51:6b:21:
         3f:2a:28:7d:46:8c:02:d5:b8:f0:17:37:7a:7f:2e:a3:3e:12:
         29:c9:33:50:47:ae:12:76:9b:2b:77:ba:13:0b:a7:34:8f:e6:
         cb:7a:e0:8a:e2:8d:70:41:6d:88:cd:b8:87:4b:1e:ec:0a:46:
         18:68:ac:3d:37:82:35:1e:c9:29:d9:e7:2f:43:dc:41:db:68:
         62:02:7f:1f:2c:7f:5c:b2:09:14:4b:a3:30:c7:9a:e1:bd:45:
         8c:51:a5:d5:5c:29:4c:17:f5:56:db:84:8a:e4:f0:51:f3:c4:
         ed:ac:9f:cd:8e:4a:59:b2:76:bc:79:e8:8a:58:7c:19:12:ef:
         de:da:56:e2:36:80:2c:de:af:b2:04:83:ac:2c:e6:7f:28:76:
         60:ba:bf:6b:bf:0e:77:8d:39:b2:ab:79:09:eb:f0:54:33:d1:
         0c:02:5f:16:1d:ba:a5:d8:40:a7:76:eb:dd:f1:a2:da:7c:b0:
         1c:48:fa:8c:9e:e4:89:60:bb:73:ce:b7:87:36:fd:3c:88:3c:
         8e:19:ea:ff:5f:2a:73:d8:56:5f:b4:1d:a9:4d:81:ce:93:28:
         ce:f4:45:e9:9f:04:8f:54:6e:f7:5e:09:0c:52:4b:bd:df:9f:
         79:47:c2:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUTs5Y8xR0V6eoHVNv6Kdf7qhqyFUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjQxMzVaFw0yNjA2MDExNjQ2MzVaMDMxMTAvBgNV
BAMTKDkwQjkyMTNDNjIxQzQ5Qjg4NDREODExNjhBNDgzMTM3RUU2Q0I1REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvDLBF6p1cqKmfojlldF3RsDUh
HqSujHCbgop9qPfYdFNMD8zEDBK/KUj7MikTVc/qI9bWxua0f5HeBw1wWOw24cJ1
siXJ4yNeQP6uLobu0VEfWVDVhgiCpXg/vYg4eKPdbH1R8mA4tipj1j+dNcwoq7QK
2fJiRIcTBFpjXBg4vnVU6iK6php6D0KiqYmBQ2s8O7zMNVooeUyx6d7QlFgrwvY7
dYihYQ7R17CJIt0mPFH+oU2heFFbQGz3UsaADuQNlrI5aS1NEsTZQyqDADdc0QQf
qO9eaapcX5dlpTtTo2uHMPuVishZC1KdeEn5nRRIF4Tldng6g8FY1BhA9Y8dAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUkLkhPGIcSbiETYEWikgxN+5std0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMw
MzQyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGPFMww
DQYJKoZIhvcNAQELBQADggEBAE4u+dihGGCM1BFQxDNUR1FrIT8qKH1GjALVuPAX
N3p/LqM+EinJM1BHrhJ2myt3uhMLpzSP5st64IrijXBBbYjNuIdLHuwKRhhorD03
gjUeySnZ5y9D3EHbaGICfx8sf1yyCRRLozDHmuG9RYxRpdVcKUwX9VbbhIrk8FHz
xO2sn82OSlmydrx56IpYfBkS797aVuI2gCzer7IEg6ws5n8odmC6v2u/DneNObKr
eQnr8FQz0QwCXxYduqXYQKd2693xotp8sBxI+oye5Ilgu3POt4c2/TyIPI4Z6v9f
KnPYVl+0HalNgc6TKM70RemfBI9UbvdeCQxSS73fn3lHwh0=
-----END CERTIFICATE-----