Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e36392e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e36392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          6U5I0tsOzPC5Uz0zEl0YLzqozgG+sFhwekxgPwGmF8I=
Subject key identifier:   73:61:B1:07:26:05:C6:58:40:09:F4:07:CA:4D:BF:94:49:8D:23:E7
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       15FE686B39D662AF67756F815D2D3245E078956E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e36392e302f32342d3234203d3e20383334.roa
Signing time:             Sun 18 May 2025 17:41:35 +0000
ROA not before:           Sun 18 May 2025 17:36:35 +0000
ROA not after:            Sun 17 May 2026 17:41:35 +0000
asID:                     834
IP address blocks:        143.20.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:fe:68:6b:39:d6:62:af:67:75:6f:81:5d:2d:32:45:e0:78:95:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 18 17:36:35 2025 GMT
            Not After : May 17 17:41:35 2026 GMT
        Subject: CN=7361B1072605C6584009F407CA4DBF94498D23E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:bd:a0:af:97:d0:51:b1:fe:e8:ea:d3:e5:f0:
                    97:cd:73:82:2b:b6:4d:de:1d:00:ea:35:37:b9:23:
                    91:9e:39:e6:8e:24:5c:64:39:62:bd:e4:ec:5a:56:
                    de:13:83:ff:a7:dd:fa:85:68:15:0f:a0:e5:d4:ff:
                    6e:da:ea:84:84:26:24:2e:f9:7c:ba:9b:8d:15:75:
                    b5:72:ef:b5:00:e9:12:f1:24:b8:00:a3:52:ef:b6:
                    a9:a4:2b:bd:8d:b8:ed:e6:2f:e4:0e:dd:d8:e9:e8:
                    e0:89:dd:a7:d7:bc:c5:bf:22:fa:7b:02:18:54:5a:
                    16:1d:48:e4:d2:d2:5f:6a:4f:d1:2a:b7:96:56:59:
                    1e:d5:3a:c3:0e:7e:f1:81:d9:02:9a:c3:c6:8c:44:
                    41:66:ae:1d:d2:09:8c:65:01:11:1d:b2:1e:bc:f7:
                    0a:e1:de:50:ee:95:84:00:0e:3c:7b:0c:39:57:77:
                    4c:8f:a1:38:fb:89:a2:e5:29:0f:a1:9a:4a:34:85:
                    23:c2:00:e1:b4:6c:6b:9e:ee:ba:d0:16:4b:7b:f7:
                    6a:8c:0e:48:c4:7e:fa:0f:55:05:c2:45:16:c7:59:
                    4c:cf:d5:cc:2c:79:b2:fa:c9:2c:da:e9:88:98:dc:
                    9f:88:28:65:1e:eb:0b:40:22:cb:1a:5f:04:05:68:
                    c4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:61:B1:07:26:05:C6:58:40:09:F4:07:CA:4D:BF:94:49:8D:23:E7
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e36392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f9:ba:59:28:8c:88:67:12:f4:1e:23:1f:f5:09:73:29:f1:
         c5:72:a4:e9:14:87:d6:d2:d1:e1:bd:d2:6c:8e:6c:3a:fa:65:
         c0:8d:58:79:ff:a3:7a:c7:2d:58:26:d7:b0:46:2f:44:90:13:
         a8:6d:57:f7:2d:dc:3f:0c:7a:53:60:33:60:de:75:1b:7e:4e:
         79:78:a1:d8:4f:8c:95:d9:2c:4d:59:0f:f8:6e:b9:ce:51:92:
         14:7c:96:71:45:99:17:85:2c:fa:b4:71:23:0c:68:dc:69:72:
         c2:3f:8d:20:69:8a:db:6a:94:b8:ac:ab:e2:e9:f5:25:e2:ab:
         ed:71:c3:d6:7e:ff:e7:95:de:1d:1f:f0:a7:ef:85:82:7d:64:
         8d:a1:1b:b8:8a:5f:4d:1e:4a:6b:a4:28:da:da:e9:af:3e:41:
         5f:46:28:07:b1:e7:24:2e:e4:58:80:47:87:db:f2:fc:76:68:
         be:9b:ec:fb:ef:1a:db:4f:40:95:b1:6b:41:2b:c7:5a:d1:20:
         1c:8f:e4:61:d9:e8:51:5d:0e:d6:e4:aa:f0:ef:47:ca:24:4e:
         3a:6a:70:09:f8:93:c6:4a:87:43:1a:37:2a:b7:36:1a:83:77:
         4e:e4:50:32:8b:74:d8:6f:c0:e6:d8:2b:d7:43:b1:0d:92:48:
         d4:d1:ea:59
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUFf5oaznWYq9ndW+BXS0yReB4lW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MTgxNzM2MzVaFw0yNjA1MTcxNzQxMzVaMDMxMTAvBgNV
BAMTKDczNjFCMTA3MjYwNUM2NTg0MDA5RjQwN0NBNERCRjk0NDk4RDIzRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOvaCvl9BRsf7o6tPl8JfNc4Ir
tk3eHQDqNTe5I5GeOeaOJFxkOWK95OxaVt4Tg/+n3fqFaBUPoOXU/27a6oSEJiQu
+Xy6m40VdbVy77UA6RLxJLgAo1LvtqmkK72NuO3mL+QO3djp6OCJ3afXvMW/Ivp7
AhhUWhYdSOTS0l9qT9Eqt5ZWWR7VOsMOfvGB2QKaw8aMREFmrh3SCYxlAREdsh68
9wrh3lDulYQADjx7DDlXd0yPoTj7iaLlKQ+hmko0hSPCAOG0bGue7rrQFkt792qM
DkjEfvoPVQXCRRbHWUzP1cwsebL6ySza6YiY3J+IKGUe6wtAIssaXwQFaMQJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUc2GxByYFxlhACfQHyk2/lEmNI+cwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzNjM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRFMA0G
CSqGSIb3DQEBCwUAA4IBAQBq+bpZKIyIZxL0HiMf9QlzKfHFcqTpFIfW0tHhvdJs
jmw6+mXAjVh5/6N6xy1YJtewRi9EkBOobVf3Ldw/DHpTYDNg3nUbfk55eKHYT4yV
2SxNWQ/4brnOUZIUfJZxRZkXhSz6tHEjDGjcaXLCP40gaYrbapS4rKvi6fUl4qvt
ccPWfv/nld4dH/Cn74WCfWSNoRu4il9NHkprpCja2umvPkFfRigHseckLuRYgEeH
2/L8dmi+m+z77xrbT0CVsWtBK8da0SAcj+Rh2ehRXQ7W5Krw70fKJE46anAJ+JPG
SodDGjcqtzYag3dO5FAyi3TYb8Dm2CvXQ7ENkkjU0epZ
-----END CERTIFICATE-----