Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e382e302f32312d3234203d3e20383334.roa
File:                     3134332e32302e382e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          Jh2L3Za2BuynqmDcaG9TmhIzcQzGXPeHI2q5L9OUk8Q=
Subject key identifier:   7D:0E:BC:97:B4:C8:ED:FF:BC:E9:EF:03:4D:13:CD:6C:9D:D4:4F:AD
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0EEC03029387C259565FAB2E1AA7A54B379B9B68
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e382e302f32312d3234203d3e20383334.roa
Signing time:             Tue 13 May 2025 06:01:39 +0000
ROA not before:           Tue 13 May 2025 05:56:39 +0000
ROA not after:            Tue 12 May 2026 06:01:39 +0000
asID:                     834
IP address blocks:        143.20.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:ec:03:02:93:87:c2:59:56:5f:ab:2e:1a:a7:a5:4b:37:9b:9b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 13 05:56:39 2025 GMT
            Not After : May 12 06:01:39 2026 GMT
        Subject: CN=7D0EBC97B4C8EDFFBCE9EF034D13CD6C9DD44FAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1b:6d:86:09:c5:48:ab:00:22:f2:d5:61:41:
                    0e:e1:a7:5c:06:2f:7f:2c:81:6a:9e:5f:6e:c7:f5:
                    6b:19:a5:e5:76:9c:a5:4f:e6:4e:2f:c5:87:12:7d:
                    37:12:8a:22:d5:39:90:ff:cd:19:96:8f:c2:cb:6f:
                    74:6b:6d:0e:7f:b9:b6:89:16:82:35:7d:ee:19:3b:
                    ef:e2:83:99:db:94:31:ab:ab:eb:7b:45:18:f2:21:
                    08:03:97:ba:24:4a:da:cc:73:67:9c:b6:ce:e3:69:
                    0f:22:3c:96:fe:70:12:7c:41:ef:67:80:ee:c8:37:
                    15:ca:37:9f:7e:79:c7:b7:e0:e9:c8:14:05:c7:bc:
                    aa:f0:cd:78:56:f8:3b:8f:9c:ae:00:d7:32:40:a4:
                    50:5e:29:eb:be:a5:9b:e0:be:f5:bd:72:c5:4c:a6:
                    2e:14:c0:5d:2f:d6:c7:58:2d:05:ee:c5:9e:77:77:
                    cc:04:3b:e8:17:96:73:59:74:78:88:d2:da:d4:8a:
                    7d:71:e5:69:c6:79:87:a8:ba:96:91:5a:16:9b:a0:
                    ec:87:69:29:cc:bb:65:78:bf:fb:75:7b:d5:2e:9f:
                    3a:51:f2:0f:c4:36:37:21:4c:21:f2:52:d2:19:2e:
                    30:0d:c7:e6:0b:8d:81:4c:d0:f0:c9:02:f0:25:98:
                    22:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:0E:BC:97:B4:C8:ED:FF:BC:E9:EF:03:4D:13:CD:6C:9D:D4:4F:AD
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e382e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         68:20:12:61:76:0b:95:d8:8a:bb:47:55:8d:00:ec:93:71:65:
         f8:3c:f4:e5:be:23:7f:ab:3e:3c:98:c4:bc:34:0e:94:48:89:
         83:ae:97:34:77:9d:f3:15:19:fb:a6:b1:d7:4b:51:f1:4f:3a:
         ce:cd:25:dd:1f:e1:f7:70:2e:fd:02:bf:97:cf:87:d3:05:b7:
         8c:e8:9b:bb:4a:07:d3:93:f9:74:a8:fc:50:07:62:7e:e9:62:
         f6:0c:b7:97:00:14:84:eb:ac:75:54:32:a0:9d:e6:05:44:83:
         f1:32:9d:53:df:38:41:b7:d7:1a:b6:59:f7:ae:54:20:3d:a8:
         79:06:6f:37:b4:56:92:8b:34:5c:8e:97:8f:8c:ca:df:a1:6b:
         d3:5e:1a:cc:7d:e7:fc:36:ae:2e:dc:81:81:a2:21:09:35:10:
         22:5a:a5:eb:c3:1a:35:65:76:e2:6b:98:c7:3d:90:67:8a:ff:
         55:ad:4a:6a:ea:03:a9:22:d2:e8:3f:f2:09:47:d6:c5:1f:02:
         be:5b:b5:42:41:ec:0f:82:be:2a:a1:18:02:2f:ea:40:f7:8b:
         25:12:23:47:16:bd:72:58:14:ff:41:ca:ef:51:9f:33:f1:f7:
         6b:56:35:6d:b5:e2:ff:ee:64:88:a4:95:20:59:f7:85:9a:c6:
         94:7b:0f:9a
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUDuwDApOHwllWX6suGqelSzebm2gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MTMwNTU2MzlaFw0yNjA1MTIwNjAxMzlaMDMxMTAvBgNV
BAMTKDdEMEVCQzk3QjRDOEVERkZCQ0U5RUYwMzREMTNDRDZDOURENDRGQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuG22GCcVIqwAi8tVhQQ7hp1wG
L38sgWqeX27H9WsZpeV2nKVP5k4vxYcSfTcSiiLVOZD/zRmWj8LLb3RrbQ5/ubaJ
FoI1fe4ZO+/ig5nblDGrq+t7RRjyIQgDl7okStrMc2ects7jaQ8iPJb+cBJ8Qe9n
gO7INxXKN59+ece34OnIFAXHvKrwzXhW+DuPnK4A1zJApFBeKeu+pZvgvvW9csVM
pi4UwF0v1sdYLQXuxZ53d8wEO+gXlnNZdHiI0trUin1x5WnGeYeoupaRWhaboOyH
aSnMu2V4v/t1e9UunzpR8g/ENjchTCHyUtIZLjANx+YLjYFM0PDJAvAlmCIRAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUfQ68l7TI7f+86e8DTRPNbJ3UT60wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzODJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA48UCDANBgkq
hkiG9w0BAQsFAAOCAQEAaCASYXYLldiKu0dVjQDsk3Fl+Dz05b4jf6s+PJjEvDQO
lEiJg66XNHed8xUZ+6ax10tR8U86zs0l3R/h93Au/QK/l8+H0wW3jOibu0oH05P5
dKj8UAdifuli9gy3lwAUhOusdVQyoJ3mBUSD8TKdU984QbfXGrZZ965UID2oeQZv
N7RWkos0XI6Xj4zK36Fr014azH3n/DauLtyBgaIhCTUQIlql68MaNWV24muYxz2Q
Z4r/Va1KauoDqSLS6D/yCUfWxR8Cvlu1QkHsD4K+KqEYAi/qQPeLJRIjRxa9clgU
/0HK71GfM/H3a1Y1bbXi/+5kiKSVIFn3hZrGlHsPmg==
-----END CERTIFICATE-----