Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3232342e302f32312d3234203d3e20383334.roa
File:                     3134332e32302e3232342e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          1mj2i/+l7FRJxcGSDXD1m5eEaZuNke52o6emJvkVm2g=
Subject key identifier:   C8:A5:A7:89:0C:95:B3:C6:74:37:EE:6F:C8:94:DC:77:24:7F:BC:41
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       024A075138BB019CEE0C710610E52815DF813999
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3232342e302f32312d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:52:40 +0000
ROA not before:           Mon 02 Jun 2025 16:47:40 +0000
ROA not after:            Mon 01 Jun 2026 16:52:40 +0000
asID:                     834
IP address blocks:        143.20.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:4a:07:51:38:bb:01:9c:ee:0c:71:06:10:e5:28:15:df:81:39:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:47:40 2025 GMT
            Not After : Jun  1 16:52:40 2026 GMT
        Subject: CN=C8A5A7890C95B3C67437EE6FC894DC77247FBC41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:83:de:2b:51:1f:01:fb:95:95:ee:4a:1f:8c:
                    4a:75:53:f7:5e:76:a4:e9:7a:ee:e2:9c:f3:25:07:
                    b0:3c:ee:90:a5:02:ec:1b:26:74:e6:98:1b:c5:89:
                    c1:0f:32:ee:2e:bf:03:06:d5:43:04:75:a1:2d:be:
                    98:14:73:c5:e1:5d:58:ec:c0:ce:00:4e:9b:6f:68:
                    1e:e8:39:0f:d5:84:11:43:c1:eb:64:d2:6a:1f:eb:
                    e0:82:59:b6:6f:b6:56:a4:bd:f6:be:05:fa:4b:96:
                    34:57:ef:87:43:a6:a9:47:33:72:f1:c2:68:91:4c:
                    18:a7:2a:cf:4a:6a:cc:c6:44:f7:3a:c0:0c:b4:b8:
                    c5:63:93:3c:66:9d:28:e1:d0:14:1d:a1:d5:41:d7:
                    92:81:81:ec:fe:f5:89:f8:dc:d4:18:da:8e:be:53:
                    0c:a2:b9:50:05:ff:d3:79:cb:35:e0:e9:c5:47:82:
                    67:c9:11:30:86:5e:de:d0:bc:10:d6:ba:29:03:0b:
                    f1:7d:66:77:09:a0:0b:9f:78:76:98:a7:9b:5f:8e:
                    d8:57:ef:24:7a:fc:f4:33:f8:49:a4:47:f5:fa:39:
                    6a:4f:2c:b7:f7:49:b1:9d:dd:4f:a1:e9:15:fc:c8:
                    7b:71:5e:59:54:08:a1:f9:0f:9b:d5:3e:20:d2:6e:
                    89:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A5:A7:89:0C:95:B3:C6:74:37:EE:6F:C8:94:DC:77:24:7F:BC:41
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3232342e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d0:32:62:33:b1:35:3d:3d:56:91:9d:9b:80:18:b5:e8:9d:37:
         03:31:18:bd:28:72:07:c1:51:12:4b:a6:b0:a5:2d:c9:6d:de:
         0e:28:5e:6e:51:29:b2:45:30:2c:23:3b:ea:d8:1e:8a:a9:aa:
         c1:84:df:36:45:61:98:9f:13:03:ab:0a:58:43:1c:fd:e9:d2:
         49:3d:85:29:14:12:2a:14:a3:18:ba:bf:40:08:45:39:0c:88:
         74:09:3b:4d:6d:02:73:88:1b:ae:ae:43:af:55:f0:18:a9:bd:
         3b:75:e9:89:4d:0d:9f:37:6b:77:2b:e3:6f:31:be:39:bb:6d:
         98:64:59:88:a4:5e:4a:8b:5b:8e:ea:d5:eb:d0:bb:f7:77:8e:
         13:87:a6:12:d2:9d:f1:8f:6a:cd:65:6b:a1:32:07:73:56:52:
         e0:eb:af:09:49:ef:e2:c8:3c:9c:e3:a7:ed:39:e6:5c:9e:d9:
         20:b8:93:a5:0f:ac:09:1f:e2:35:ed:20:9e:27:19:12:e8:76:
         17:c6:42:25:76:e0:49:6c:43:ef:eb:23:df:2a:ee:b8:84:7f:
         59:25:87:6e:a0:15:25:4d:39:01:8f:fb:87:a7:d1:9f:c0:e4:
         00:df:62:c2:30:c6:8a:ae:a0:17:c5:15:67:5a:0c:78:0b:af:
         38:1c:72:3a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAkoHUTi7AZzuDHEGEOUoFd+BOZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjQ3NDBaFw0yNjA2MDExNjUyNDBaMDMxMTAvBgNV
BAMTKEM4QTVBNzg5MEM5NUIzQzY3NDM3RUU2RkM4OTREQzc3MjQ3RkJDNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyg94rUR8B+5WV7kofjEp1U/de
dqTpeu7inPMlB7A87pClAuwbJnTmmBvFicEPMu4uvwMG1UMEdaEtvpgUc8XhXVjs
wM4ATptvaB7oOQ/VhBFDwetk0mof6+CCWbZvtlakvfa+BfpLljRX74dDpqlHM3Lx
wmiRTBinKs9KaszGRPc6wAy0uMVjkzxmnSjh0BQdodVB15KBgez+9Yn43NQY2o6+
UwyiuVAF/9N5yzXg6cVHgmfJETCGXt7QvBDWuikDC/F9ZncJoAufeHaYp5tfjthX
7yR6/PQz+EmkR/X6OWpPLLf3SbGd3U+h6RX8yHtxXllUCKH5D5vVPiDSbonxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUyKWniQyVs8Z0N+5vyJTcdyR/vEEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMy
MzQyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOPFOAw
DQYJKoZIhvcNAQELBQADggEBANAyYjOxNT09VpGdm4AYteidNwMxGL0ocgfBURJL
prClLclt3g4oXm5RKbJFMCwjO+rYHoqpqsGE3zZFYZifEwOrClhDHP3p0kk9hSkU
EioUoxi6v0AIRTkMiHQJO01tAnOIG66uQ69V8BipvTt16YlNDZ83a3cr428xvjm7
bZhkWYikXkqLW47q1evQu/d3jhOHphLSnfGPas1la6EyB3NWUuDrrwlJ7+LIPJzj
p+055lye2SC4k6UPrAkf4jXtIJ4nGRLodhfGQiV24ElsQ+/rI98q7riEf1klh26g
FSVNOQGP+4en0Z/A5ADfYsIwxoquoBfFFWdaDHgLrzgccjo=
-----END CERTIFICATE-----