Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3233362e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e3233362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          81Ue51o4CnK3yC5/mM+uevtkxQ0e3f/g7gsvursDcbk=
Subject key identifier:   55:13:D1:2A:5F:A5:CA:0C:27:49:8E:D5:D0:38:B9:DC:24:54:49:A7
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       33409F82B3F33CEE30F9616098E1C45365F10A1E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3233362e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Jun 2025 16:55:44 +0000
ROA not before:           Mon 02 Jun 2025 16:50:44 +0000
ROA not after:            Mon 01 Jun 2026 16:55:44 +0000
asID:                     834
IP address blocks:        143.20.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:40:9f:82:b3:f3:3c:ee:30:f9:61:60:98:e1:c4:53:65:f1:0a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  2 16:50:44 2025 GMT
            Not After : Jun  1 16:55:44 2026 GMT
        Subject: CN=5513D12A5FA5CA0C27498ED5D038B9DC245449A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:87:51:84:36:e4:34:b7:ed:0e:65:1e:a5:51:
                    67:f6:a9:2d:bb:b3:f9:94:f4:a0:a7:14:c4:8b:80:
                    ef:94:08:ce:79:f0:2e:84:c0:cd:00:a8:c3:ba:e0:
                    da:c8:c6:13:40:57:0f:0a:b1:09:09:48:c0:c5:9f:
                    38:1f:27:83:9f:72:45:3c:93:dc:d0:8f:e1:24:e6:
                    a8:15:f9:a7:1a:d7:8c:67:e6:d0:a7:42:94:7e:9d:
                    64:e4:36:84:8f:1c:3e:e5:92:57:4e:97:66:ac:2a:
                    f8:98:54:f0:f7:b7:a4:04:20:16:76:b1:8e:90:b5:
                    39:89:54:ed:aa:e4:ed:15:54:69:03:e9:5e:17:bc:
                    bb:48:4d:b6:18:20:69:ba:ca:92:7a:26:9c:05:47:
                    b2:75:a9:f3:a9:55:c7:4b:17:43:49:cf:c2:7e:5c:
                    a4:8d:77:d2:12:78:ad:67:e3:8f:dc:7a:96:a0:75:
                    03:06:2a:74:e7:d8:30:0e:8a:99:2e:9e:8a:aa:7b:
                    f6:45:35:60:56:01:3d:e7:52:29:2b:83:26:94:20:
                    e2:1c:a6:e3:d9:c6:24:14:5e:22:3a:c3:37:be:1d:
                    ce:e3:29:02:4a:ac:53:eb:86:e6:75:55:c2:64:c8:
                    6c:b5:07:67:8d:08:0d:85:13:3d:53:c9:e7:0c:b5:
                    8a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:13:D1:2A:5F:A5:CA:0C:27:49:8E:D5:D0:38:B9:DC:24:54:49:A7
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3233362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:b9:30:45:2b:a7:02:e4:18:09:8d:40:fc:1c:b7:85:ef:9a:
         10:72:f0:e3:15:32:fa:91:c0:c1:e5:7a:c3:e3:d4:0c:05:72:
         80:fd:0f:ee:79:14:59:f6:ed:30:4d:05:8a:ec:e1:fa:e9:86:
         58:c4:1a:c1:89:db:f2:b4:f1:af:82:29:07:9c:a9:fa:e0:b0:
         99:2e:cc:5f:3d:0f:72:f1:ad:29:c4:a7:f1:e0:15:e7:5a:2d:
         48:a2:96:75:c9:6b:62:50:97:e0:e6:9f:8f:ce:f1:f6:03:08:
         08:69:be:04:cf:96:4e:68:d2:17:2f:4e:ae:17:9f:06:c5:1a:
         e4:58:e3:2f:36:cf:82:d1:4d:7e:44:86:e7:a7:69:11:c3:f6:
         e5:dc:32:5b:3f:f8:ec:e1:12:d3:49:0b:73:e1:7e:45:35:39:
         6b:03:ae:2c:e2:2e:a6:d0:0b:da:ff:06:0b:07:92:42:50:1b:
         31:96:de:a8:b0:2f:a9:04:65:f3:56:83:1b:81:25:18:8d:68:
         b6:35:00:06:67:28:e6:f1:8f:09:5e:28:ba:21:cf:39:a0:ca:
         07:f3:65:81:1a:ac:46:cd:e5:f2:79:93:18:cf:c8:4c:b9:c2:
         71:b6:86:12:f3:8c:8a:a2:ce:fe:56:a5:ed:70:54:b7:b6:d1:
         2a:96:eb:46
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUM0CfgrPzPO4w+WFgmOHEU2XxCh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDIxNjUwNDRaFw0yNjA2MDExNjU1NDRaMDMxMTAvBgNV
BAMTKDU1MTNEMTJBNUZBNUNBMEMyNzQ5OEVENUQwMzhCOURDMjQ1NDQ5QTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmh1GENuQ0t+0OZR6lUWf2qS27
s/mU9KCnFMSLgO+UCM558C6EwM0AqMO64NrIxhNAVw8KsQkJSMDFnzgfJ4OfckU8
k9zQj+Ek5qgV+aca14xn5tCnQpR+nWTkNoSPHD7lkldOl2asKviYVPD3t6QEIBZ2
sY6QtTmJVO2q5O0VVGkD6V4XvLtITbYYIGm6ypJ6JpwFR7J1qfOpVcdLF0NJz8J+
XKSNd9ISeK1n44/cepagdQMGKnTn2DAOipkunoqqe/ZFNWBWAT3nUikrgyaUIOIc
puPZxiQUXiI6wze+Hc7jKQJKrFPrhuZ1VcJkyGy1B2eNCA2FEz1TyecMtYoJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUVRPRKl+lygwnSY7V0Di53CRUSacwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMz
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFOww
DQYJKoZIhvcNAQELBQADggEBACy5MEUrpwLkGAmNQPwct4XvmhBy8OMVMvqRwMHl
esPj1AwFcoD9D+55FFn27TBNBYrs4frphljEGsGJ2/K08a+CKQecqfrgsJkuzF89
D3LxrSnEp/HgFedaLUiilnXJa2JQl+Dmn4/O8fYDCAhpvgTPlk5o0hcvTq4XnwbF
GuRY4y82z4LRTX5EhuenaRHD9uXcMls/+OzhEtNJC3PhfkU1OWsDriziLqbQC9r/
BgsHkkJQGzGW3qiwL6kEZfNWgxuBJRiNaLY1AAZnKObxjwleKLohzzmgygfzZYEa
rEbN5fJ5kxjPyEy5wnG2hhLzjIqizv5Wpe1wVLe20SqW60Y=
-----END CERTIFICATE-----