Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230382e302f32302d3234203d3e20383334.roa
File:                     3134332e32302e3230382e302f32302d3234203d3e20383334.roa (raw, json)
Hash identifier:          Bh3QJwf9hyhpd6pVuPPdeS1ph8CRtbFq1zojnDux2QI=
Subject key identifier:   44:8F:D7:9F:8C:96:9B:E8:9C:71:46:3B:C9:2D:E2:B0:CF:4F:64:0F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5B58B88204439327D53842CDF634A8E31C541E42
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230382e302f32302d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:25:09 +0000
ROA not before:           Mon 02 Jun 2025 16:20:09 +0000
ROA not after:            Mon 01 Jun 2026 16:25:09 +0000
asID:                     834
IP address blocks:        143.20.208.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:58:b8:82:04:43:93:27:d5:38:42:cd:f6:34:a8:e3:1c:54:1e:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:20:09 2025 GMT
            Not After : Jun  1 16:25:09 2026 GMT
        Subject: CN=448FD79F8C969BE89C71463BC92DE2B0CF4F640F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:44:c7:60:02:ae:34:bd:91:5c:04:94:9a:00:
                    c3:dd:7f:85:64:eb:dd:8d:ef:a3:a9:ab:00:4a:a1:
                    80:dd:f0:4b:0b:23:6b:a3:27:18:94:3b:0c:00:e1:
                    56:e1:79:56:be:5b:43:9c:0a:4f:77:d4:d5:34:21:
                    6f:35:7f:11:80:ab:f8:dc:f5:4f:c8:9e:23:fc:68:
                    bd:12:0b:fc:e6:52:e9:0b:aa:41:26:6d:82:f7:12:
                    e8:6f:da:83:ad:94:33:f4:ae:4b:2b:69:78:22:ee:
                    5a:d5:a2:a3:f6:cf:f8:db:2f:b4:63:39:38:26:cf:
                    82:3a:0b:b5:36:88:c7:84:63:29:17:c5:b0:ed:23:
                    e9:bb:fa:6f:96:6f:06:b1:e4:84:55:e4:67:06:e3:
                    35:c4:36:d5:8e:af:18:c1:6a:e1:72:64:92:c3:dc:
                    31:49:f8:61:f9:d3:98:15:97:9a:bf:9f:1c:0a:0d:
                    fb:a9:52:cb:2c:a7:46:3f:5a:32:4e:8f:11:09:79:
                    c2:3e:52:d0:c3:18:fd:ca:db:7b:75:0f:a9:55:3d:
                    77:75:13:60:92:ed:ec:dd:14:90:c0:a1:ac:bb:fe:
                    b9:f4:8b:64:c1:cc:15:2f:f7:1f:05:5a:6c:d7:9d:
                    c6:d8:f0:fb:cb:17:c0:fb:09:62:e8:9a:77:f4:05:
                    37:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:8F:D7:9F:8C:96:9B:E8:9C:71:46:3B:C9:2D:E2:B0:CF:4F:64:0F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3230382e302f32302d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b8:90:6f:54:0f:b7:6f:22:8d:f8:45:eb:b5:83:80:42:36:57:
         c7:db:91:f0:f1:60:22:86:c0:a7:44:6b:85:61:30:96:0a:29:
         59:74:99:d4:ca:3c:79:0f:78:82:67:fe:71:0e:ff:fd:0b:c9:
         b6:17:91:99:88:21:56:90:8e:cf:94:81:c5:0f:b7:be:d2:c2:
         22:53:f6:f8:7d:0d:c7:7f:ec:9d:2b:68:d0:79:62:c9:97:e3:
         a8:c4:e8:3a:4b:ce:83:b9:6b:84:2d:01:c8:f2:48:7c:c8:e0:
         09:d8:9c:8e:62:74:89:aa:31:f7:5f:7e:41:1e:f0:01:ac:20:
         d5:dd:9b:74:94:77:dc:c0:ba:dd:ce:9c:aa:6a:75:97:96:6c:
         13:a3:37:f8:13:bb:8f:02:85:29:89:5f:99:b1:6c:e6:60:88:
         ee:e7:9a:04:e1:87:3b:3f:2a:cb:dd:e1:32:5c:3f:f7:65:87:
         24:9a:45:33:37:5d:54:83:eb:3b:14:67:b6:76:5f:b3:d5:43:
         c5:b7:fa:8b:ce:a4:92:6e:2e:03:17:d1:09:cc:b8:fe:80:e1:
         54:df:a3:ec:52:67:af:f8:6e:49:76:d6:7f:3c:15:87:13:c3:
         f2:5c:f3:6f:0c:14:33:a2:3e:51:56:f8:cb:16:53:93:d6:d5:
         01:31:1d:8b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUW1i4ggRDkyfVOELN9jSo4xxUHkIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjIwMDlaFw0yNjA2MDExNjI1MDlaMDMxMTAvBgNV
BAMTKDQ0OEZENzlGOEM5NjlCRTg5QzcxNDYzQkM5MkRFMkIwQ0Y0RjY0MEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1RMdgAq40vZFcBJSaAMPdf4Vk
692N76OpqwBKoYDd8EsLI2ujJxiUOwwA4VbheVa+W0OcCk931NU0IW81fxGAq/jc
9U/IniP8aL0SC/zmUukLqkEmbYL3Euhv2oOtlDP0rksraXgi7lrVoqP2z/jbL7Rj
OTgmz4I6C7U2iMeEYykXxbDtI+m7+m+Wbwax5IRV5GcG4zXENtWOrxjBauFyZJLD
3DFJ+GH505gVl5q/nxwKDfupUsssp0Y/WjJOjxEJecI+UtDDGP3K23t1D6lVPXd1
E2CS7ezdFJDAoay7/rn0i2TBzBUv9x8FWmzXncbY8PvLF8D7CWLomnf0BTc1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQURI/Xn4yWm+iccUY7yS3isM9PZA8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMw
MzgyZTMwMmYzMjMwMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBASPFNAw
DQYJKoZIhvcNAQELBQADggEBALiQb1QPt28ijfhF67WDgEI2V8fbkfDxYCKGwKdE
a4VhMJYKKVl0mdTKPHkPeIJn/nEO//0LybYXkZmIIVaQjs+UgcUPt77SwiJT9vh9
Dcd/7J0raNB5YsmX46jE6DpLzoO5a4QtAcjySHzI4AnYnI5idImqMfdffkEe8AGs
INXdm3SUd9zAut3OnKpqdZeWbBOjN/gTu48ChSmJX5mxbOZgiO7nmgThhzs/Ksvd
4TJcP/dlhySaRTM3XVSD6zsUZ7Z2X7PVQ8W3+ovOpJJuLgMX0QnMuP6A4VTfo+xS
Z6/4bkl21n88FYcTw/Jc828MFDOiPlFW+MsWU5PW1QExHYs=
-----END CERTIFICATE-----