Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230372e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e3230372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          pR9igfn4iw4tvyNXTVoVkiXm+BXlPHF0bd7HEwXlR88=
Subject key identifier:   ED:9D:97:BF:9C:D3:7D:B2:5D:27:C0:D7:18:3D:EC:28:C5:4F:BB:2B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       4F59C9310D9DDCE95788D1B13C0CF2A9E0B4B49E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230372e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:52:40 +0000
ROA not before:           Mon 02 Jun 2025 16:47:40 +0000
ROA not after:            Mon 01 Jun 2026 16:52:40 +0000
asID:                     834
IP address blocks:        143.20.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:59:c9:31:0d:9d:dc:e9:57:88:d1:b1:3c:0c:f2:a9:e0:b4:b4:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:47:40 2025 GMT
            Not After : Jun  1 16:52:40 2026 GMT
        Subject: CN=ED9D97BF9CD37DB25D27C0D7183DEC28C54FBB2B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:22:a1:2a:a5:85:16:23:85:93:ef:6d:5c:ec:
                    77:bc:f9:71:b0:d1:17:cd:50:63:7e:5b:a1:f6:1f:
                    c4:04:3c:90:9f:0e:a5:a8:64:b8:57:ee:55:db:0a:
                    a5:40:78:ff:33:7c:ba:74:36:9b:fd:9a:f4:63:99:
                    09:4f:f7:a4:9a:fd:f6:9d:c6:f8:7b:50:f3:a1:68:
                    6f:3a:bc:72:84:8c:8c:b7:5b:39:de:7d:47:8f:49:
                    ac:7b:8c:66:ae:24:24:66:f4:ec:60:18:7f:8c:04:
                    41:2d:0b:78:fc:04:be:30:8f:6e:87:7a:ae:da:b2:
                    32:c2:f7:0b:d9:a4:07:83:6d:ca:07:7e:13:d5:95:
                    24:5f:41:e4:ef:88:da:b9:aa:a0:20:4f:5e:7d:89:
                    c2:00:cc:90:d3:7f:51:9a:ca:2f:3f:13:4e:e9:2e:
                    77:3e:0b:0a:e7:a3:2d:33:2c:6b:34:fe:32:ca:39:
                    0e:cc:5c:c1:6d:f5:ea:71:a9:a9:f3:b2:09:63:20:
                    54:ee:4b:a6:1b:9e:f7:ab:5d:04:f1:23:d4:b0:4d:
                    50:d4:3d:27:86:d7:d1:60:5a:f7:78:7e:f4:9e:ef:
                    2d:d2:02:7f:c8:ba:fa:cd:c9:96:72:8b:02:18:ae:
                    82:83:19:ca:49:6f:b7:52:b3:b2:73:8d:3d:4d:bb:
                    ed:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:9D:97:BF:9C:D3:7D:B2:5D:27:C0:D7:18:3D:EC:28:C5:4F:BB:2B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:71:a8:16:b2:93:0a:ef:80:cb:75:dc:98:e1:08:23:3a:a1:
         94:f8:38:bc:55:0e:57:c0:4a:25:bb:4e:18:f2:37:3d:14:08:
         1d:6e:4d:36:db:c4:f6:9f:e9:d5:26:3e:ab:03:95:53:d0:7d:
         53:e8:9b:45:75:85:d5:21:e8:8a:3c:7b:ca:ab:9e:ef:22:cd:
         1b:26:28:85:c2:5a:bc:ec:bc:d9:62:94:e9:1c:23:b8:09:93:
         09:b7:50:1c:79:50:52:91:ee:c8:33:31:c2:ae:86:14:b3:e7:
         70:86:03:71:85:ab:79:b9:28:6a:03:a4:ab:1f:aa:61:37:e9:
         10:e1:28:e0:32:63:cf:89:52:7f:87:a9:d7:9d:ed:de:c5:50:
         08:a2:84:90:08:d1:f8:b9:82:e4:d5:3b:5a:3e:d2:8e:84:38:
         2b:cf:d5:4b:75:b9:fc:b1:7a:50:db:9a:41:86:85:8a:42:db:
         fd:9e:fe:e3:a8:e9:3a:01:6a:ca:17:1f:e8:e2:f1:1e:69:2f:
         34:94:fb:4c:ce:dd:89:d8:1b:6e:02:8e:b0:cf:7f:00:13:6d:
         3a:87:6f:cd:fd:32:03:d7:ec:00:c3:89:5c:90:9b:76:9d:df:
         51:23:b1:6d:97:be:bc:71:d7:7f:d4:55:24:19:a2:5a:b7:ad:
         27:f4:53:c2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUT1nJMQ2d3OlXiNGxPAzyqeC0tJ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjQ3NDBaFw0yNjA2MDExNjUyNDBaMDMxMTAvBgNV
BAMTKEVEOUQ5N0JGOUNEMzdEQjI1RDI3QzBENzE4M0RFQzI4QzU0RkJCMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2IqEqpYUWI4WT721c7He8+XGw
0RfNUGN+W6H2H8QEPJCfDqWoZLhX7lXbCqVAeP8zfLp0Npv9mvRjmQlP96Sa/fad
xvh7UPOhaG86vHKEjIy3WznefUePSax7jGauJCRm9OxgGH+MBEEtC3j8BL4wj26H
eq7asjLC9wvZpAeDbcoHfhPVlSRfQeTviNq5qqAgT159icIAzJDTf1Gayi8/E07p
Lnc+Cwrnoy0zLGs0/jLKOQ7MXMFt9epxqanzsgljIFTuS6YbnverXQTxI9SwTVDU
PSeG19FgWvd4fvSe7y3SAn/IuvrNyZZyiwIYroKDGcpJb7dSs7JzjT1Nu+1bAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU7Z2Xv5zTfbJdJ8DXGD3sKMVPuyswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMw
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFM8w
DQYJKoZIhvcNAQELBQADggEBAIZxqBaykwrvgMt13JjhCCM6oZT4OLxVDlfASiW7
ThjyNz0UCB1uTTbbxPaf6dUmPqsDlVPQfVPom0V1hdUh6Io8e8qrnu8izRsmKIXC
WrzsvNlilOkcI7gJkwm3UBx5UFKR7sgzMcKuhhSz53CGA3GFq3m5KGoDpKsfqmE3
6RDhKOAyY8+JUn+Hqded7d7FUAiihJAI0fi5guTVO1o+0o6EOCvP1Ut1ufyxelDb
mkGGhYpC2/2e/uOo6ToBasoXH+ji8R5pLzSU+0zO3YnYG24CjrDPfwATbTqHb839
MgPX7ADDiVyQm3ad31EjsW2Xvrxx13/UVSQZolq3rSf0U8I=
-----END CERTIFICATE-----