Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e38362e302f32332d3234203d3e20383334.roa
File:                     3134332e32302e38362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          Lx1xuBZArkE2KDiraoqJPzzQDbDQk+BDarELoK9y2R8=
Subject key identifier:   59:0C:DB:4E:F7:B9:0A:B1:0B:34:D7:75:79:31:A5:6C:B5:BC:7C:DB
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       12D0DB219950049EED4CC8F8CEE9FAF627152BE3
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e38362e302f32332d3234203d3e20383334.roa
Signing time:             Fri 30 May 2025 08:08:45 +0000
ROA not before:           Fri 30 May 2025 08:03:45 +0000
ROA not after:            Fri 29 May 2026 08:08:45 +0000
asID:                     834
IP address blocks:        143.20.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:d0:db:21:99:50:04:9e:ed:4c:c8:f8:ce:e9:fa:f6:27:15:2b:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 30 08:03:45 2025 GMT
            Not After : May 29 08:08:45 2026 GMT
        Subject: CN=590CDB4EF7B90AB10B34D7757931A56CB5BC7CDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:77:05:88:3f:9e:df:35:f7:4b:66:6e:86:3f:
                    be:7f:1a:24:37:9a:1f:5e:ad:0b:55:7f:10:aa:7f:
                    d9:6f:67:c3:56:22:24:7a:4e:ee:95:87:d4:99:8d:
                    63:f4:2c:bb:55:ff:86:de:1b:b5:ab:48:f8:d7:dd:
                    e1:06:ba:b8:be:1f:ab:74:10:30:d2:53:a9:48:0c:
                    ea:93:0e:54:e9:6f:64:7f:42:a0:b8:6a:b7:21:da:
                    0e:89:e7:a6:77:5c:49:6a:ac:68:2e:04:38:33:ab:
                    d1:6e:9e:62:6b:d9:9f:a2:10:43:c4:54:1b:7e:61:
                    54:d9:f9:ec:53:4c:a9:06:ba:e0:a1:4f:53:41:5b:
                    2e:a9:35:8b:2c:ee:2c:78:d6:28:d8:3e:2e:58:f1:
                    d7:e5:9e:76:0c:19:cb:21:a4:af:25:e9:fc:12:d7:
                    4d:82:9e:b9:38:b2:f0:df:61:1d:bb:d5:c1:cd:55:
                    f7:a9:0b:1e:03:25:d9:96:67:8f:d7:38:2e:c0:93:
                    d7:5e:61:2d:ea:85:d2:c1:37:d3:ec:7b:fc:aa:50:
                    0a:6d:70:a2:91:11:a4:26:57:db:64:34:4d:1d:22:
                    98:07:89:d5:f4:b2:a8:88:dd:db:eb:e7:24:0a:99:
                    64:28:f6:41:e8:87:9d:ed:27:30:67:d4:d7:77:46:
                    1a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:0C:DB:4E:F7:B9:0A:B1:0B:34:D7:75:79:31:A5:6C:B5:BC:7C:DB
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e38362e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:73:a4:de:29:b8:fd:f7:fd:68:7c:1d:74:97:c0:5f:f2:1b:
         e8:a8:85:ee:14:99:65:dd:79:1e:8d:67:8d:a4:06:2a:b6:42:
         42:e8:5c:26:76:0e:c2:cd:45:5f:5e:52:d5:fe:6c:b2:0d:21:
         e3:65:79:10:9c:18:5f:d2:cd:6b:cb:eb:d5:d5:91:36:c3:f8:
         87:89:ac:8f:24:4b:97:88:5f:7e:4e:ae:30:6c:e4:a9:46:3c:
         b0:d9:45:34:df:02:93:d6:d6:f0:86:4a:78:ad:07:b7:13:0e:
         b2:b0:68:0a:e1:e1:14:96:c9:e7:ec:d8:9d:ae:85:7c:d5:f0:
         a2:50:1f:29:f2:b0:8b:c4:c9:2c:e3:cc:74:85:39:45:b8:1b:
         32:87:9b:09:44:ba:88:53:ba:4d:60:9d:a7:93:5e:5c:59:59:
         c5:65:e6:f1:f2:98:be:17:e7:ba:f7:a3:28:a7:c8:0d:04:35:
         a1:15:30:d4:54:7a:32:34:17:b9:6c:21:7f:44:1d:f5:7c:ab:
         85:46:0b:73:9b:f5:9d:1f:32:d8:50:2a:ff:ec:86:09:25:62:
         ed:1a:81:5a:8e:ac:a3:c5:22:93:5f:fd:ed:fd:da:e3:a2:47:
         0a:b8:f8:7e:82:c9:2b:55:b4:ff:91:68:b0:6d:37:cb:89:b9:
         60:39:05:47
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUEtDbIZlQBJ7tTMj4zun69icVK+MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MzAwODAzNDVaFw0yNjA1MjkwODA4NDVaMDMxMTAvBgNV
BAMTKDU5MENEQjRFRjdCOTBBQjEwQjM0RDc3NTc5MzFBNTZDQjVCQzdDREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5dwWIP57fNfdLZm6GP75/GiQ3
mh9erQtVfxCqf9lvZ8NWIiR6Tu6Vh9SZjWP0LLtV/4beG7WrSPjX3eEGuri+H6t0
EDDSU6lIDOqTDlTpb2R/QqC4arch2g6J56Z3XElqrGguBDgzq9FunmJr2Z+iEEPE
VBt+YVTZ+exTTKkGuuChT1NBWy6pNYss7ix41ijYPi5Y8dflnnYMGcshpK8l6fwS
102Cnrk4svDfYR271cHNVfepCx4DJdmWZ4/XOC7Ak9deYS3qhdLBN9Pse/yqUApt
cKKREaQmV9tkNE0dIpgHidX0sqiI3dvr5yQKmWQo9kHoh53tJzBn1Nd3RhrlAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUWQzbTve5CrELNNd1eTGlbLW8fNswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzODM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjxRWMA0G
CSqGSIb3DQEBCwUAA4IBAQABc6TeKbj99/1ofB10l8Bf8hvoqIXuFJll3XkejWeN
pAYqtkJC6Fwmdg7CzUVfXlLV/myyDSHjZXkQnBhf0s1ry+vV1ZE2w/iHiayPJEuX
iF9+Tq4wbOSpRjyw2UU03wKT1tbwhkp4rQe3Ew6ysGgK4eEUlsnn7NidroV81fCi
UB8p8rCLxMks48x0hTlFuBsyh5sJRLqIU7pNYJ2nk15cWVnFZebx8pi+F+e696Mo
p8gNBDWhFTDUVHoyNBe5bCF/RB31fKuFRgtzm/WdHzLYUCr/7IYJJWLtGoFajqyj
xSKTX/3t/drjokcKuPh+gskrVbT/kWiwbTfLiblgOQVH
-----END CERTIFICATE-----