Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e352e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          b3b+MLNs718fTSVFpwfDNxBcIFhrny6aw+WG9PjwNx4=
Subject key identifier:   ED:88:92:7C:00:9A:6D:A1:87:CA:17:2E:10:0A:C2:55:30:84:F5:8A
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1A46AFE502AC156AA7609D7F799E1E7A4D2EA389
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e352e302f32342d3234203d3e20383334.roa
Signing time:             Tue 13 May 2025 06:01:39 +0000
ROA not before:           Tue 13 May 2025 05:56:39 +0000
ROA not after:            Tue 12 May 2026 06:01:39 +0000
asID:                     834
IP address blocks:        143.20.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:46:af:e5:02:ac:15:6a:a7:60:9d:7f:79:9e:1e:7a:4d:2e:a3:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 13 05:56:39 2025 GMT
            Not After : May 12 06:01:39 2026 GMT
        Subject: CN=ED88927C009A6DA187CA172E100AC2553084F58A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d3:f7:6c:a1:2d:15:63:a7:d8:15:6d:b4:55:
                    bf:62:3a:e6:ae:42:46:1b:65:cb:12:a7:e4:d5:a4:
                    2a:68:7e:07:b7:6c:2c:4b:b7:62:8d:44:18:ba:16:
                    ea:2b:01:c6:3a:af:6c:6b:d1:dc:92:c6:d8:50:c3:
                    e3:95:5e:12:82:e7:36:c0:ac:87:ca:72:b1:b1:9f:
                    95:51:11:9b:b3:a3:b1:e5:0c:4e:8c:1e:bd:50:95:
                    d9:5d:7c:6c:f7:31:81:ee:ee:32:f1:55:b6:c6:ab:
                    56:8a:41:33:0a:fc:71:d9:17:72:0b:e0:3f:00:a7:
                    db:6c:52:3c:35:c9:29:35:93:68:b5:aa:fa:8c:fa:
                    68:8d:57:4b:62:91:32:49:c3:3f:15:b5:7f:72:e4:
                    46:94:6e:10:74:9e:a4:38:86:37:24:c2:f8:24:a8:
                    0f:f5:bf:e1:4e:25:08:42:fd:e8:fc:47:6f:2b:f2:
                    fa:67:ea:a1:92:01:77:cc:fa:e2:6a:b8:08:23:53:
                    16:e0:34:c4:ee:cb:35:2f:45:30:42:4b:17:cb:13:
                    7a:ed:0e:59:bc:de:30:02:59:07:2f:6d:fa:55:ee:
                    f0:a0:98:c8:ad:c4:d4:7c:53:7f:27:43:92:c5:19:
                    a8:40:47:61:25:6f:96:3c:6e:1e:0b:d3:81:58:17:
                    c1:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:88:92:7C:00:9A:6D:A1:87:CA:17:2E:10:0A:C2:55:30:84:F5:8A
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:d0:82:9d:7a:d3:ac:29:29:f5:46:ad:07:28:9b:b0:1c:5f:
         0e:08:7d:2d:95:7f:cb:a7:80:71:62:20:98:5a:ff:bf:c8:43:
         ae:94:aa:84:1a:b6:38:7f:48:c9:ca:d4:d1:73:35:e2:ea:7c:
         3d:ba:36:71:95:42:d9:94:b6:a2:71:bf:b9:a0:c3:66:66:db:
         1c:03:eb:fd:94:a8:16:e8:61:6e:ea:70:ea:49:f2:0f:ee:14:
         f2:42:4c:f2:a7:bc:84:ea:b6:67:7c:f4:15:df:25:f5:93:f2:
         79:9e:dd:f1:38:68:e0:d4:cf:f4:b2:82:f5:b1:fb:ba:5d:7e:
         02:b1:02:df:11:74:41:7d:7c:94:7c:84:ab:0c:20:0c:49:ee:
         f5:23:d9:a2:b2:e7:25:d7:bb:46:22:46:d4:25:71:66:bc:fd:
         4a:0f:92:35:4e:4c:c2:c4:9e:62:a2:ef:72:59:af:a0:9d:33:
         71:fe:76:e4:e7:d9:01:cf:5a:1f:05:b7:53:c8:bf:a3:b2:8c:
         c3:cd:d3:37:2d:62:6d:8e:a6:29:c0:11:50:00:b4:d5:62:fa:
         c7:e0:7d:fa:c9:44:ed:88:54:41:a2:fc:71:b3:97:e2:c4:91:
         fe:ac:1c:10:3b:52:c7:be:c9:cd:97:6e:04:df:f5:d8:dd:f0:
         c9:a3:4e:3c
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUGkav5QKsFWqnYJ1/eZ4eek0uo4kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MTMwNTU2MzlaFw0yNjA1MTIwNjAxMzlaMDMxMTAvBgNV
BAMTKEVEODg5MjdDMDA5QTZEQTE4N0NBMTcyRTEwMEFDMjU1MzA4NEY1OEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC20/dsoS0VY6fYFW20Vb9iOuau
QkYbZcsSp+TVpCpofge3bCxLt2KNRBi6FuorAcY6r2xr0dySxthQw+OVXhKC5zbA
rIfKcrGxn5VREZuzo7HlDE6MHr1QldldfGz3MYHu7jLxVbbGq1aKQTMK/HHZF3IL
4D8Ap9tsUjw1ySk1k2i1qvqM+miNV0tikTJJwz8VtX9y5EaUbhB0nqQ4hjckwvgk
qA/1v+FOJQhC/ej8R28r8vpn6qGSAXfM+uJquAgjUxbgNMTuyzUvRTBCSxfLE3rt
Dlm83jACWQcvbfpV7vCgmMitxNR8U38nQ5LFGahAR2Elb5Y8bh4L04FYF8E5AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQU7YiSfACabaGHyhcuEArCVTCE9YowHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8UBTANBgkq
hkiG9w0BAQsFAAOCAQEAlNCCnXrTrCkp9UatByibsBxfDgh9LZV/y6eAcWIgmFr/
v8hDrpSqhBq2OH9IycrU0XM14up8Pbo2cZVC2ZS2onG/uaDDZmbbHAPr/ZSoFuhh
bupw6knyD+4U8kJM8qe8hOq2Z3z0Fd8l9ZPyeZ7d8Tho4NTP9LKC9bH7ul1+ArEC
3xF0QX18lHyEqwwgDEnu9SPZorLnJde7RiJG1CVxZrz9Sg+SNU5MwsSeYqLvclmv
oJ0zcf525OfZAc9aHwW3U8i/o7KMw83TNy1ibY6mKcARUAC01WL6x+B9+slE7YhU
QaL8cbOX4sSR/qwcEDtSx77JzZduBN/12N3wyaNOPA==
-----END CERTIFICATE-----