Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234382e302f32342d3234203d3e2035303635.roa
File:                     3134332e32302e3234382e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          0cLe0lXaLS7TBxAP5tH50PbvtkCWHFdmbdaAbaTF+e8=
Subject key identifier:   ED:95:D4:93:E9:0C:88:EB:6C:D6:04:8A:71:F7:4F:DC:7B:28:49:C4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       648395847FDD61136F29F7E89CFF3C500C6BD18E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234382e302f32342d3234203d3e2035303635.roa
Signing time:             Tue 06 May 2025 06:35:25 +0000
ROA not before:           Tue 06 May 2025 06:30:25 +0000
ROA not after:            Tue 05 May 2026 06:35:25 +0000
asID:                     5065
IP address blocks:        143.20.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:83:95:84:7f:dd:61:13:6f:29:f7:e8:9c:ff:3c:50:0c:6b:d1:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:30:25 2025 GMT
            Not After : May  5 06:35:25 2026 GMT
        Subject: CN=ED95D493E90C88EB6CD6048A71F74FDC7B2849C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7b:0c:ff:33:35:9a:1e:2a:ef:a8:ae:c9:c5:
                    bf:67:65:71:f7:1c:e8:13:46:53:08:4b:54:e3:c5:
                    a1:b1:4f:06:52:f6:35:1a:94:fc:31:64:18:a0:34:
                    dd:8e:48:f8:65:7b:f7:3e:66:e1:c1:58:a9:5f:5c:
                    3c:ad:4d:f3:17:d8:e7:c1:24:7f:e4:1e:50:81:ba:
                    8b:ee:16:e2:68:84:95:d5:d1:f4:7c:7e:f0:56:85:
                    2a:05:33:d1:c9:4f:72:ee:4b:14:50:0f:b7:e7:88:
                    5f:e8:7b:9d:c2:61:0b:05:af:d7:44:e6:ee:e3:e8:
                    f6:2b:9e:a8:e5:77:66:31:08:56:c8:86:3c:df:b3:
                    bf:d9:44:66:36:fc:6a:a1:55:01:b5:5a:e5:93:31:
                    9e:4b:36:35:39:f3:0f:88:8b:43:0b:0f:3e:f6:13:
                    24:a2:fd:46:91:06:55:9c:5d:62:6e:45:8d:c0:54:
                    59:3b:a8:2e:a9:2f:d4:43:3a:a5:e8:06:c2:b7:4d:
                    2f:a7:5f:1a:e4:b4:64:38:7f:59:32:8e:0a:65:e4:
                    b3:0a:75:d2:a4:39:f6:c2:51:83:82:33:27:d0:86:
                    e7:e5:e7:17:83:29:60:ac:ec:1d:4d:37:11:2a:a9:
                    bc:0b:7d:a3:26:e9:c6:f7:ba:d4:3d:a1:20:ad:64:
                    d3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:95:D4:93:E9:0C:88:EB:6C:D6:04:8A:71:F7:4F:DC:7B:28:49:C4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234382e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:af:7c:a7:1d:99:91:f7:50:eb:6e:f2:9a:db:55:dd:9a:a9:
         92:df:af:ae:03:7d:f4:79:c6:77:02:40:59:3c:a1:52:a5:85:
         0a:31:dc:3e:01:49:58:2e:a6:eb:46:b9:d3:7a:34:be:a5:ac:
         87:80:7d:9c:30:a1:a0:bd:64:33:7e:33:b1:8c:60:f1:18:8b:
         3e:76:83:d1:b7:b6:13:78:61:79:12:0f:51:09:2d:6e:84:b1:
         6f:c7:0a:49:ee:bd:f8:35:1a:e5:aa:01:34:10:15:6e:4c:99:
         83:b5:87:61:9c:78:bd:4d:fd:91:66:e8:62:e7:56:c9:5a:7e:
         a8:77:7b:e0:ef:8c:1e:25:d4:62:e6:b8:40:6d:34:1e:e5:ab:
         82:31:92:b8:40:e9:43:94:35:43:99:4d:72:7b:78:d8:42:99:
         87:8b:e7:aa:21:6f:1a:42:9c:7c:6f:da:aa:3b:c2:e2:13:63:
         0f:37:84:48:7c:ad:79:31:72:22:0c:15:3d:bd:ee:c8:2f:f1:
         8d:b5:fc:62:10:2e:d4:99:99:4f:a2:32:2e:af:b4:ce:69:28:
         9e:b6:70:de:d4:31:ac:2e:1a:f7:d4:92:5c:1b:67:4a:cb:92:
         15:c8:91:27:ad:89:dc:68:e1:b4:84:d5:0a:b7:88:ec:b9:51:
         64:08:71:31
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZIOVhH/dYRNvKffonP88UAxr0Y4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMwMjVaFw0yNjA1MDUwNjM1MjVaMDMxMTAvBgNV
BAMTKEVEOTVENDkzRTkwQzg4RUI2Q0Q2MDQ4QTcxRjc0RkRDN0IyODQ5QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzewz/MzWaHirvqK7Jxb9nZXH3
HOgTRlMIS1TjxaGxTwZS9jUalPwxZBigNN2OSPhle/c+ZuHBWKlfXDytTfMX2OfB
JH/kHlCBuovuFuJohJXV0fR8fvBWhSoFM9HJT3LuSxRQD7fniF/oe53CYQsFr9dE
5u7j6PYrnqjld2YxCFbIhjzfs7/ZRGY2/GqhVQG1WuWTMZ5LNjU58w+Ii0MLDz72
EySi/UaRBlWcXWJuRY3AVFk7qC6pL9RDOqXoBsK3TS+nXxrktGQ4f1kyjgpl5LMK
ddKkOfbCUYOCMyfQhufl5xeDKWCs7B1NNxEqqbwLfaMm6cb3utQ9oSCtZNMzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7ZXUk+kMiOts1gSKcfdP3HsoScQwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjM0
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8U
+DANBgkqhkiG9w0BAQsFAAOCAQEAYK98px2ZkfdQ627ymttV3Zqpkt+vrgN99HnG
dwJAWTyhUqWFCjHcPgFJWC6m60a503o0vqWsh4B9nDChoL1kM34zsYxg8RiLPnaD
0be2E3hheRIPUQktboSxb8cKSe69+DUa5aoBNBAVbkyZg7WHYZx4vU39kWboYudW
yVp+qHd74O+MHiXUYua4QG00HuWrgjGSuEDpQ5Q1Q5lNcnt42EKZh4vnqiFvGkKc
fG/aqjvC4hNjDzeESHyteTFyIgwVPb3uyC/xjbX8YhAu1JmZT6IyLq+0zmkonrZw
3tQxrC4a99SSXBtnSsuSFciRJ62J3GjhtITVCreI7LlRZAhxMQ==
-----END CERTIFICATE-----