Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e39362e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e39362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          NpDUbBiujss1L8NAqBpKwQRF/BFgpVm86m8oG7NJsnI=
Subject key identifier:   33:44:3D:EB:AB:54:7D:F3:DB:A6:B5:16:1C:42:D8:EF:51:09:06:20
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5E1D36B7EAB0D43D7C6F1C8831B76BAA445AA849
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e39362e302f32342d3234203d3e20383334.roa
Signing time:             Sun 18 May 2025 17:41:36 +0000
ROA not before:           Sun 18 May 2025 17:36:36 +0000
ROA not after:            Sun 17 May 2026 17:41:36 +0000
asID:                     834
IP address blocks:        143.20.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:1d:36:b7:ea:b0:d4:3d:7c:6f:1c:88:31:b7:6b:aa:44:5a:a8:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 18 17:36:36 2025 GMT
            Not After : May 17 17:41:36 2026 GMT
        Subject: CN=33443DEBAB547DF3DBA6B5161C42D8EF51090620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b3:f7:7e:df:0e:32:c4:e1:e3:76:0d:54:fb:
                    80:c6:ee:0b:c8:53:9d:8e:43:1c:b2:3c:bd:10:79:
                    b6:5a:e8:4e:e4:dd:1a:0c:a9:7a:d7:83:87:fa:c9:
                    4d:8c:0a:af:00:08:83:40:29:99:74:88:46:df:ba:
                    4d:44:18:0b:4c:2a:9c:3d:5b:2a:f3:58:93:e8:98:
                    e5:cc:0e:66:f6:a7:36:5d:4e:56:ab:e1:95:5b:f7:
                    37:df:16:fa:0c:03:0e:f8:45:60:69:12:f3:16:30:
                    00:eb:46:39:f2:3e:43:05:4a:8c:78:82:48:53:f0:
                    2f:6a:94:8f:78:85:22:37:f6:c6:bf:2f:6f:52:33:
                    c6:83:5f:6e:eb:95:24:47:a8:8b:6c:3b:50:d2:94:
                    ea:a5:5d:ec:a4:04:f6:20:4e:dd:26:e0:fa:8c:04:
                    31:fd:c6:31:83:8f:31:b2:51:53:ff:a2:2d:08:53:
                    c0:e3:4c:8e:f1:63:2b:4c:ae:de:ba:44:e5:15:fd:
                    e7:44:ff:2e:7d:69:1f:10:bb:f3:0b:ba:10:85:cb:
                    e6:de:73:2f:b3:45:b6:a9:11:4d:47:62:57:46:8a:
                    e6:58:70:0b:cd:11:53:cb:70:70:b6:ac:fb:f0:46:
                    bf:ef:9d:e0:b6:15:97:e4:77:b4:a3:0f:52:1f:c4:
                    20:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:44:3D:EB:AB:54:7D:F3:DB:A6:B5:16:1C:42:D8:EF:51:09:06:20
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e39362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:83:c3:29:f7:d6:95:bc:6a:74:cc:e2:df:28:6e:49:45:b3:
         1a:76:7a:02:60:f3:bb:c4:b0:9d:ba:c2:3a:75:0d:91:57:b7:
         df:f4:fd:86:48:8e:cd:42:ee:b3:76:c8:d4:3b:78:1d:02:99:
         b5:45:2a:0b:0d:6a:36:4c:99:a9:a9:2b:0f:7b:18:9b:e0:8d:
         88:47:c6:8a:18:6a:2e:b0:81:cc:09:c4:1c:a4:d7:69:49:f4:
         17:35:30:d7:47:30:ef:e9:3b:87:a2:fc:08:48:8b:e5:ba:74:
         0b:29:35:18:23:e3:e9:54:99:90:90:03:67:3a:89:34:77:70:
         46:91:99:b1:79:74:4c:eb:fb:5a:47:59:81:0d:da:4b:50:33:
         6e:b9:d9:fe:72:f0:f0:51:a5:47:eb:4d:60:a4:b2:94:6e:ca:
         e1:47:87:aa:40:bb:b5:4e:41:0b:30:c4:24:60:08:87:aa:4a:
         a0:a2:36:9b:f1:2c:74:23:0e:94:52:6e:3d:b2:60:f7:c0:98:
         8e:dd:c8:65:ab:41:7f:2c:d5:19:2e:82:00:5a:aa:00:59:23:
         fa:24:17:10:81:d1:c0:6f:64:48:8e:cc:5e:26:c7:52:51:7b:
         96:ef:d7:f1:4f:73:24:22:0d:e3:9b:38:12:03:af:9c:be:13:
         8e:90:24:15
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUXh02t+qw1D18bxyIMbdrqkRaqEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MTgxNzM2MzZaFw0yNjA1MTcxNzQxMzZaMDMxMTAvBgNV
BAMTKDMzNDQzREVCQUI1NDdERjNEQkE2QjUxNjFDNDJEOEVGNTEwOTA2MjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEs/d+3w4yxOHjdg1U+4DG7gvI
U52OQxyyPL0QebZa6E7k3RoMqXrXg4f6yU2MCq8ACINAKZl0iEbfuk1EGAtMKpw9
WyrzWJPomOXMDmb2pzZdTlar4ZVb9zffFvoMAw74RWBpEvMWMADrRjnyPkMFSox4
gkhT8C9qlI94hSI39sa/L29SM8aDX27rlSRHqItsO1DSlOqlXeykBPYgTt0m4PqM
BDH9xjGDjzGyUVP/oi0IU8DjTI7xYytMrt66ROUV/edE/y59aR8Qu/MLuhCFy+be
cy+zRbapEU1HYldGiuZYcAvNEVPLcHC2rPvwRr/vneC2FZfkd7SjD1IfxCDDAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUM0Q966tUffPbprUWHELY71EJBiAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzOTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxRgMA0G
CSqGSIb3DQEBCwUAA4IBAQBWg8Mp99aVvGp0zOLfKG5JRbMadnoCYPO7xLCdusI6
dQ2RV7ff9P2GSI7NQu6zdsjUO3gdApm1RSoLDWo2TJmpqSsPexib4I2IR8aKGGou
sIHMCcQcpNdpSfQXNTDXRzDv6TuHovwISIvlunQLKTUYI+PpVJmQkANnOok0d3BG
kZmxeXRM6/taR1mBDdpLUDNuudn+cvDwUaVH601gpLKUbsrhR4eqQLu1TkELMMQk
YAiHqkqgojab8Sx0Iw6UUm49smD3wJiO3chlq0F/LNUZLoIAWqoAWSP6JBcQgdHA
b2RIjsxeJsdSUXuW79fxT3MkIg3jmzgSA6+cvhOOkCQV
-----END CERTIFICATE-----