Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e38352e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e38352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          PETJfW3Z1dWgbCakKGo8ColxjQ4jruOCIKWpUTEH/kU=
Subject key identifier:   B6:62:9F:A3:35:28:DA:8B:1D:98:24:EF:C8:96:E2:2D:AF:7C:68:B6
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6797DB71F9E8D00F940348082ABE806DB4D47111
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e38352e302f32342d3234203d3e20383334.roa
Signing time:             Fri 30 May 2025 08:08:45 +0000
ROA not before:           Fri 30 May 2025 08:03:45 +0000
ROA not after:            Fri 29 May 2026 08:08:45 +0000
asID:                     834
IP address blocks:        143.20.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:97:db:71:f9:e8:d0:0f:94:03:48:08:2a:be:80:6d:b4:d4:71:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 30 08:03:45 2025 GMT
            Not After : May 29 08:08:45 2026 GMT
        Subject: CN=B6629FA33528DA8B1D9824EFC896E22DAF7C68B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:36:fa:81:8a:83:e1:e2:92:b9:de:51:91:96:
                    f0:c3:b9:1b:df:53:ac:e7:f5:28:fa:b7:99:f0:28:
                    45:f6:cc:1f:24:b3:bb:da:5e:22:fe:1a:1c:68:e8:
                    e8:7f:22:f8:4a:c3:f3:8b:a7:ab:9a:38:bc:a8:b2:
                    ad:b1:4a:fe:1c:af:2a:df:08:b9:55:6e:f7:ac:76:
                    72:3e:60:66:ae:cf:7a:d7:59:bd:3a:b1:ca:36:10:
                    a1:41:79:24:4b:8c:da:fe:be:33:02:31:4d:b6:a0:
                    e3:59:31:32:36:9b:da:e1:a3:51:a8:cc:8b:4f:8c:
                    41:4e:c8:b4:25:03:a1:27:f8:f1:29:1b:af:aa:37:
                    71:3c:1a:f4:35:21:90:ae:10:02:c5:80:18:d7:e4:
                    25:ef:16:b5:f5:b4:88:b6:ad:cb:cd:a4:b3:21:74:
                    42:42:62:6d:25:66:63:e3:32:5a:8b:21:6f:de:41:
                    dd:eb:9f:92:9c:75:da:89:33:35:f2:a0:54:e8:9e:
                    8f:e5:72:b8:6b:e5:98:cd:52:7f:22:a3:a9:f7:72:
                    7b:c3:76:db:d6:36:cc:6b:af:7a:72:63:fe:cf:56:
                    37:cb:4e:9b:75:41:0e:73:38:6a:64:c8:54:7c:0e:
                    ae:ef:07:de:53:74:7a:03:ce:15:b0:ac:c6:6e:8a:
                    5e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:62:9F:A3:35:28:DA:8B:1D:98:24:EF:C8:96:E2:2D:AF:7C:68:B6
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e38352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:ab:3e:de:e7:75:ad:08:30:d3:07:8a:20:af:60:c6:80:e4:
         fb:da:17:c8:ea:30:55:b0:a2:58:47:f8:34:24:93:9a:d5:6f:
         ec:0d:01:b9:61:ba:e0:e9:77:3e:e0:38:a6:ff:cb:e3:c0:3c:
         56:72:3d:b6:f1:5f:e2:7a:30:ad:78:51:dc:01:59:d2:79:5f:
         d6:4f:fa:b3:90:7c:96:6c:65:de:56:ad:fd:ca:c9:03:cb:23:
         44:42:6d:e1:5e:e4:3c:cd:9f:91:92:1b:3e:56:f9:b3:31:69:
         63:ea:de:a8:84:b8:dd:05:a8:19:e5:66:11:0a:71:fc:18:9e:
         1b:07:a0:47:41:24:1a:9a:ea:a8:61:e9:a5:67:6d:dd:dc:3d:
         9e:c6:02:7f:4d:d5:54:89:94:30:50:2e:2f:19:4c:42:d4:20:
         30:7f:92:f4:ef:24:2f:ad:6d:cf:c3:c5:d0:ff:75:17:83:c0:
         53:51:3c:71:e3:01:bb:fa:b9:b7:67:25:8d:74:4b:46:fb:5e:
         1d:c6:92:fe:41:fb:7c:e0:06:00:05:cd:6a:fc:b3:8d:70:a7:
         a1:a6:4e:8b:0b:68:0b:e0:00:63:c5:d9:e5:04:12:ed:a9:98:
         61:62:17:01:f9:ee:99:a3:60:d2:a2:96:88:4f:cd:cb:f2:aa:
         eb:ce:4f:2e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUZ5fbcfno0A+UA0gIKr6AbbTUcREwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MzAwODAzNDVaFw0yNjA1MjkwODA4NDVaMDMxMTAvBgNV
BAMTKEI2NjI5RkEzMzUyOERBOEIxRDk4MjRFRkM4OTZFMjJEQUY3QzY4QjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlNvqBioPh4pK53lGRlvDDuRvf
U6zn9Sj6t5nwKEX2zB8ks7vaXiL+Ghxo6Oh/IvhKw/OLp6uaOLyosq2xSv4cryrf
CLlVbvesdnI+YGauz3rXWb06sco2EKFBeSRLjNr+vjMCMU22oONZMTI2m9rho1Go
zItPjEFOyLQlA6En+PEpG6+qN3E8GvQ1IZCuEALFgBjX5CXvFrX1tIi2rcvNpLMh
dEJCYm0lZmPjMlqLIW/eQd3rn5KcddqJMzXyoFTono/lcrhr5ZjNUn8io6n3cnvD
dtvWNsxrr3pyY/7PVjfLTpt1QQ5zOGpkyFR8Dq7vB95TdHoDzhWwrMZuil7jAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtmKfozUo2osdmCTvyJbiLa98aLYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzODM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRVMA0G
CSqGSIb3DQEBCwUAA4IBAQCJqz7e53WtCDDTB4ogr2DGgOT72hfI6jBVsKJYR/g0
JJOa1W/sDQG5Ybrg6Xc+4Dim/8vjwDxWcj228V/iejCteFHcAVnSeV/WT/qzkHyW
bGXeVq39yskDyyNEQm3hXuQ8zZ+Rkhs+VvmzMWlj6t6ohLjdBagZ5WYRCnH8GJ4b
B6BHQSQamuqoYemlZ23d3D2exgJ/TdVUiZQwUC4vGUxC1CAwf5L07yQvrW3Pw8XQ
/3UXg8BTUTxx4wG7+rm3ZyWNdEtG+14dxpL+Qft84AYABc1q/LONcKehpk6LC2gL
4ABjxdnlBBLtqZhhYhcB+e6Zo2DSopaIT83L8qrrzk8u
-----END CERTIFICATE-----