Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e37322e302f32312d3234203d3e20383334.roa
File:                     3134332e32302e37322e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          R1UmL7a2E7QfTQMh5+VRSXu2pDa/jG0fh8KgWjzXDCQ=
Subject key identifier:   A6:AA:F1:07:31:9C:CD:65:34:B6:4A:0C:87:A7:AE:EC:A6:C8:38:68
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       1E1AC31CC0B7139DED04BB22A94A72FA2EDDB563
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e37322e302f32312d3234203d3e20383334.roa
Signing time:             Sun 18 May 2025 17:41:36 +0000
ROA not before:           Sun 18 May 2025 17:36:36 +0000
ROA not after:            Sun 17 May 2026 17:41:36 +0000
asID:                     834
IP address blocks:        143.20.72.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:1a:c3:1c:c0:b7:13:9d:ed:04:bb:22:a9:4a:72:fa:2e:dd:b5:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 18 17:36:36 2025 GMT
            Not After : May 17 17:41:36 2026 GMT
        Subject: CN=A6AAF107319CCD6534B64A0C87A7AEECA6C83868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bb:4c:17:0e:d4:f0:73:fd:bd:15:75:f7:f2:
                    0c:79:ff:31:50:d3:4b:bb:ff:3a:97:35:84:eb:fa:
                    dc:35:ae:35:8d:4b:ae:ef:e6:e9:20:6d:7d:70:79:
                    32:f7:4d:a8:3e:41:36:d7:a2:6a:71:59:d3:98:74:
                    d0:8d:08:4a:2d:78:c5:24:e6:55:39:12:6b:e4:28:
                    0c:5e:df:1b:19:b8:cc:33:6a:ee:fd:ac:91:b7:79:
                    f6:03:0c:d5:65:e0:dd:e1:08:b7:e3:b0:74:20:7a:
                    a4:64:8d:db:46:47:52:e4:65:7f:ce:f5:84:bb:51:
                    af:69:8a:d7:98:d4:42:ad:fd:d9:ae:8c:56:bb:93:
                    2e:f7:2c:47:83:ff:70:ac:e5:77:d9:d0:2c:42:e2:
                    1d:25:67:9d:ad:71:7e:78:1d:61:c0:5b:ca:38:5c:
                    3f:10:e0:a2:27:17:ee:fd:c5:20:03:c7:d3:f6:7b:
                    c9:5a:a3:46:59:23:06:a6:12:3a:4e:66:9b:58:09:
                    4e:55:b9:1b:4d:fe:91:d2:da:92:ac:e0:93:06:91:
                    97:19:d8:3d:22:17:65:af:c0:05:67:fc:0e:42:9e:
                    6d:4c:f1:c6:37:1e:48:66:a9:3c:4d:bc:c7:3f:58:
                    7c:db:4c:5f:9d:b3:f3:0d:d1:23:03:32:ac:65:15:
                    c8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:AA:F1:07:31:9C:CD:65:34:B6:4A:0C:87:A7:AE:EC:A6:C8:38:68
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e37322e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0e:a3:0f:8f:ef:ab:76:3f:72:ec:fc:28:d0:01:ec:12:31:f7:
         a4:c6:2d:02:ee:0c:a5:84:6c:05:93:cf:68:35:0b:a9:5a:ba:
         b0:f8:62:09:1b:5a:b3:3c:11:0c:6d:9c:d8:cf:8e:e0:9a:e0:
         41:d1:65:18:9c:63:82:71:de:6d:13:d4:b6:8f:70:80:17:6e:
         0b:50:41:bb:3b:7d:ae:2e:0a:56:6a:b9:f0:77:0b:d8:0c:5a:
         77:71:67:70:44:6f:80:b8:08:9b:e6:e6:66:21:68:d7:bc:e0:
         a6:e8:12:59:b7:ce:af:fe:27:3e:ef:d4:18:3c:7c:cb:ed:bb:
         06:d1:7c:ec:30:f9:1f:2a:26:27:ae:34:0d:a6:da:88:f8:d1:
         49:d4:43:ee:93:32:44:af:eb:a6:a7:c7:f3:e7:9f:69:bf:81:
         d2:dc:b0:d6:75:c5:d5:d8:e4:b5:2e:b9:e0:60:fc:1b:11:dd:
         a3:20:8a:c6:3d:f5:bd:60:08:62:c2:11:b2:cd:c0:b5:d0:2a:
         8a:f4:1d:28:95:eb:3c:cc:9f:7c:e5:88:26:72:e7:71:44:20:
         91:f4:0a:8a:49:a7:e6:45:9d:db:48:ca:fc:1e:be:cb:82:a3:
         70:0c:f6:b4:5b:37:6e:0a:36:0c:38:8a:38:4d:96:e9:06:4c:
         c2:01:86:1c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUHhrDHMC3E53tBLsiqUpy+i7dtWMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MTgxNzM2MzZaFw0yNjA1MTcxNzQxMzZaMDMxMTAvBgNV
BAMTKEE2QUFGMTA3MzE5Q0NENjUzNEI2NEEwQzg3QTdBRUVDQTZDODM4NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7u0wXDtTwc/29FXX38gx5/zFQ
00u7/zqXNYTr+tw1rjWNS67v5ukgbX1weTL3Tag+QTbXompxWdOYdNCNCEoteMUk
5lU5EmvkKAxe3xsZuMwzau79rJG3efYDDNVl4N3hCLfjsHQgeqRkjdtGR1LkZX/O
9YS7Ua9piteY1EKt/dmujFa7ky73LEeD/3Cs5XfZ0CxC4h0lZ52tcX54HWHAW8o4
XD8Q4KInF+79xSADx9P2e8lao0ZZIwamEjpOZptYCU5VuRtN/pHS2pKs4JMGkZcZ
2D0iF2WvwAVn/A5Cnm1M8cY3HkhmqTxNvMc/WHzbTF+ds/MN0SMDMqxlFcjBAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUpqrxBzGczWU0tkoMh6eu7KbIOGgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzNzMy
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDjxRIMA0G
CSqGSIb3DQEBCwUAA4IBAQAOow+P76t2P3Ls/CjQAewSMfekxi0C7gylhGwFk89o
NQupWrqw+GIJG1qzPBEMbZzYz47gmuBB0WUYnGOCcd5tE9S2j3CAF24LUEG7O32u
LgpWarnwdwvYDFp3cWdwRG+AuAib5uZmIWjXvOCm6BJZt86v/ic+79QYPHzL7bsG
0XzsMPkfKiYnrjQNptqI+NFJ1EPukzJEr+ump8fz559pv4HS3LDWdcXV2OS1Lrng
YPwbEd2jIIrGPfW9YAhiwhGyzcC10CqK9B0oles8zJ985YgmcudxRCCR9AqKSafm
RZ3bSMr8Hr7LgqNwDPa0WzduCjYMOIo4TZbpBkzCAYYc
-----END CERTIFICATE-----