Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e37302e302f32332d3234203d3e20383334.roa
File:                     3134332e32302e37302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          7MQ48Us9qNpbw1RrSJ7jiZ8L5wP9GLS/K5NuaaEsEBY=
Subject key identifier:   2E:EF:EA:FB:D6:43:DD:9E:93:A2:1D:7E:85:7E:EB:79:E3:58:37:FD
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       14C27403548461DA92AD8DD8EBBE9587E83D2D0D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e37302e302f32332d3234203d3e20383334.roa
Signing time:             Sun 18 May 2025 17:41:36 +0000
ROA not before:           Sun 18 May 2025 17:36:36 +0000
ROA not after:            Sun 17 May 2026 17:41:36 +0000
asID:                     834
IP address blocks:        143.20.70.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:c2:74:03:54:84:61:da:92:ad:8d:d8:eb:be:95:87:e8:3d:2d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 18 17:36:36 2025 GMT
            Not After : May 17 17:41:36 2026 GMT
        Subject: CN=2EEFEAFBD643DD9E93A21D7E857EEB79E35837FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:94:92:d5:cc:45:02:e7:f4:5e:74:e2:f9:ce:
                    cc:2c:75:91:83:4d:8a:2a:d1:86:b1:fa:aa:8d:e4:
                    9a:96:0a:03:49:8b:cd:48:6b:45:20:4d:2d:95:1c:
                    25:32:21:23:3d:25:2d:6c:3a:63:a3:2c:7e:bb:af:
                    f9:d5:29:38:28:94:87:34:79:c7:b1:c0:e4:c5:18:
                    0e:1f:4d:91:54:7f:0c:46:a9:16:d3:8c:34:3e:5f:
                    e6:df:42:a0:e2:51:d6:ef:e2:ad:b3:e7:68:4f:10:
                    3d:38:ae:92:3f:f6:c8:b9:15:7c:ec:d0:34:a0:6b:
                    a0:2e:d2:1b:37:ed:85:b3:ed:27:37:ac:07:de:52:
                    8c:bc:d0:79:2c:d4:48:c6:7d:a8:7c:e5:13:a3:29:
                    de:31:c2:29:b6:1d:25:21:7f:e7:c4:45:14:88:ba:
                    43:e6:8f:fa:d4:a8:66:b0:7a:aa:da:7f:6c:f0:e8:
                    b0:fc:04:3c:e6:46:12:4b:d7:b5:e2:84:6c:89:6d:
                    e4:c2:7a:ae:8e:73:fc:1b:5a:d7:4e:c3:67:8f:5b:
                    fd:41:dc:c8:ea:f5:c2:69:52:aa:2f:90:dc:c2:2d:
                    1a:08:ef:59:9e:98:6d:33:9c:63:e7:a8:57:45:10:
                    8c:2e:44:37:8b:c1:20:59:ba:73:fb:4c:4f:20:b4:
                    89:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:EF:EA:FB:D6:43:DD:9E:93:A2:1D:7E:85:7E:EB:79:E3:58:37:FD
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e37302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:51:bc:91:5d:4b:bf:8d:65:31:ee:ee:e6:e8:06:ca:81:c7:
         88:3d:72:c7:6e:d2:6d:a1:2f:60:c7:e9:93:de:db:33:da:bc:
         3b:0a:e5:b0:ae:fd:0f:80:34:a5:1f:21:a1:18:30:e7:2d:8b:
         d8:00:20:9e:77:37:2e:b5:72:88:10:c8:a6:18:47:ef:92:ba:
         f4:31:c4:ad:4b:ad:e0:9c:af:e1:95:03:9d:17:c0:45:e4:17:
         cd:ec:e8:90:69:ee:d5:c5:6f:18:6c:b4:b4:6d:e4:3b:23:be:
         b6:cf:e5:2d:1d:ba:d3:f0:e3:91:eb:e2:02:ed:1d:82:26:3b:
         ac:4f:bb:53:2b:39:c0:27:62:af:1e:8b:59:ed:e7:39:aa:12:
         5a:a6:f3:4c:bf:f4:e0:0b:81:52:4b:67:b6:e1:5f:ad:76:a9:
         58:ee:38:9f:a2:e5:00:fe:dc:8a:5c:07:47:8e:a3:f2:5a:d3:
         14:c7:a9:2b:18:c2:80:47:9d:cb:1d:83:d4:2b:cc:25:2a:d1:
         95:c2:eb:4c:4a:69:1f:b3:cd:1c:87:bf:4c:1f:5d:18:e3:b8:
         a2:ba:ac:e7:e6:d0:62:5a:7a:81:35:13:0c:98:d4:0c:b1:50:
         e6:35:a1:77:3f:6d:68:b1:76:5c:14:d9:ab:f0:a9:a8:2b:ee:
         d8:ad:b3:69
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUFMJ0A1SEYdqSrY3Y676Vh+g9LQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MTgxNzM2MzZaFw0yNjA1MTcxNzQxMzZaMDMxMTAvBgNV
BAMTKDJFRUZFQUZCRDY0M0REOUU5M0EyMUQ3RTg1N0VFQjc5RTM1ODM3RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdlJLVzEUC5/RedOL5zswsdZGD
TYoq0Yax+qqN5JqWCgNJi81Ia0UgTS2VHCUyISM9JS1sOmOjLH67r/nVKTgolIc0
ecexwOTFGA4fTZFUfwxGqRbTjDQ+X+bfQqDiUdbv4q2z52hPED04rpI/9si5FXzs
0DSga6Au0hs37YWz7Sc3rAfeUoy80Hks1EjGfah85ROjKd4xwim2HSUhf+fERRSI
ukPmj/rUqGaweqraf2zw6LD8BDzmRhJL17XihGyJbeTCeq6Oc/wbWtdOw2ePW/1B
3Mjq9cJpUqovkNzCLRoI71memG0znGPnqFdFEIwuRDeLwSBZunP7TE8gtInXAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQULu/q+9ZD3Z6Toh1+hX7reeNYN/0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzNzMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjxRGMA0G
CSqGSIb3DQEBCwUAA4IBAQAbUbyRXUu/jWUx7u7m6AbKgceIPXLHbtJtoS9gx+mT
3tsz2rw7CuWwrv0PgDSlHyGhGDDnLYvYACCedzcutXKIEMimGEfvkrr0McStS63g
nK/hlQOdF8BF5BfN7OiQae7VxW8YbLS0beQ7I762z+UtHbrT8OOR6+IC7R2CJjus
T7tTKznAJ2KvHotZ7ec5qhJapvNMv/TgC4FSS2e24V+tdqlY7jifouUA/tyKXAdH
jqPyWtMUx6krGMKAR53LHYPUK8wlKtGVwutMSmkfs80ch79MH10Y47iiuqzn5tBi
WnqBNRMMmNQMsVDmNaF3P21osXZcFNmr8KmoK+7YrbNp
-----END CERTIFICATE-----