Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3133362e302f32322d3232203d3e2036303739.roa
File:                     3134332e32302e3133362e302f32322d3232203d3e2036303739.roa (raw, json)
Hash identifier:          lFEX9EzxEIN13V7vtJ/sA5OQkmvRDyzV5Xo0qeV+0xM=
Subject key identifier:   CE:26:9A:75:7E:A4:51:9F:1E:D9:B5:BD:25:5B:4A:FA:4D:91:82:0C
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       36A54A0178606BB92C7657AC3374D68C77C3C0D0
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3133362e302f32322d3232203d3e2036303739.roa
Signing time:             Tue 06 May 2025 06:35:47 +0000
ROA not before:           Tue 06 May 2025 06:30:47 +0000
ROA not after:            Tue 05 May 2026 06:35:47 +0000
asID:                     6079
IP address blocks:        143.20.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 16:19:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:a5:4a:01:78:60:6b:b9:2c:76:57:ac:33:74:d6:8c:77:c3:c0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:30:47 2025 GMT
            Not After : May  5 06:35:47 2026 GMT
        Subject: CN=CE269A757EA4519F1ED9B5BD255B4AFA4D91820C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8f:27:0b:f8:60:73:91:84:02:c2:2e:21:87:
                    0e:25:cf:18:74:06:38:42:f0:7b:16:e0:56:bd:4e:
                    71:a2:e8:cd:4a:a5:5c:1d:db:2a:0a:28:f9:c7:1c:
                    0b:e3:f9:be:34:83:b7:49:bf:93:6c:2a:fd:a7:1e:
                    ba:2b:dd:27:4c:20:e3:67:14:f4:c5:ee:c9:c0:f3:
                    ba:45:73:e1:4d:a6:42:09:2a:12:b1:92:c7:03:94:
                    e1:5b:0a:a1:fd:7f:2b:ef:d0:05:03:9f:da:fe:90:
                    1b:dd:bc:f4:f4:24:57:ab:60:18:0d:d8:5d:fd:5f:
                    88:aa:17:8b:c1:af:af:f9:0d:98:91:e5:1d:f6:9f:
                    31:67:36:75:8c:00:14:d5:28:97:ef:f0:57:a9:23:
                    8b:3a:5e:96:15:82:88:43:9a:0f:68:7d:91:44:6b:
                    5c:f9:55:cb:25:ca:48:9d:d5:b3:73:c8:4c:79:1d:
                    df:85:ff:17:d7:35:04:2a:f0:24:7c:0d:de:98:d2:
                    37:cc:e3:92:a0:9c:23:b3:f6:82:9c:3a:14:9c:97:
                    44:4d:0f:8d:b1:03:9a:1b:63:61:53:af:69:de:c8:
                    02:e5:8b:12:47:9c:4b:82:9c:c8:92:51:22:da:03:
                    d3:14:d1:f0:75:be:34:63:09:6e:5c:da:ff:8e:99:
                    85:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:26:9A:75:7E:A4:51:9F:1E:D9:B5:BD:25:5B:4A:FA:4D:91:82:0C
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3133362e302f32322d3232203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:77:83:c5:44:97:22:b5:d2:f2:6d:bf:15:59:69:a4:e9:c8:
         67:b8:e8:20:fd:da:3b:d2:74:4b:33:77:b8:ff:ad:93:61:fd:
         b4:d0:e5:7a:b5:a9:7b:b2:81:a0:fe:d7:38:c3:a7:d1:05:90:
         d4:f0:8e:82:0d:a7:b1:88:da:6d:2f:e0:6a:8f:99:3e:77:4f:
         a4:a5:fc:6a:1e:f8:e2:5f:13:a7:cb:96:99:2c:6b:84:07:b2:
         97:26:03:eb:ff:3a:6e:b1:76:80:e1:7c:e4:88:e0:75:95:b4:
         5b:f2:fd:13:e4:1c:a5:17:43:ba:a5:f8:1e:f8:61:ff:c1:70:
         78:6a:00:be:65:12:bc:55:31:30:fa:46:18:0e:59:5c:2b:22:
         f4:fa:5f:22:e1:da:89:e0:28:71:2b:eb:7e:cb:81:be:e2:ff:
         b2:b6:b8:78:47:51:56:2a:fb:f8:57:86:1e:ef:16:35:29:17:
         0e:d8:8b:91:52:9b:35:b9:7e:a2:de:6e:bf:6a:62:f9:e1:1b:
         ae:51:00:cf:0b:4b:f9:c6:27:c3:b2:3e:7f:eb:11:20:f4:f3:
         26:b7:8c:c1:0c:d0:5e:c9:d4:08:6a:2e:b8:4a:fd:8d:bf:1b:
         93:bb:4c:e6:e0:0b:57:53:ef:63:67:d7:70:49:2b:45:33:41:
         e5:da:2d:d1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNqVKAXhga7ksdlesM3TWjHfDwNAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMwNDdaFw0yNjA1MDUwNjM1NDdaMDMxMTAvBgNV
BAMTKENFMjY5QTc1N0VBNDUxOUYxRUQ5QjVCRDI1NUI0QUZBNEQ5MTgyMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/jycL+GBzkYQCwi4hhw4lzxh0
BjhC8HsW4Fa9TnGi6M1KpVwd2yoKKPnHHAvj+b40g7dJv5NsKv2nHror3SdMIONn
FPTF7snA87pFc+FNpkIJKhKxkscDlOFbCqH9fyvv0AUDn9r+kBvdvPT0JFerYBgN
2F39X4iqF4vBr6/5DZiR5R32nzFnNnWMABTVKJfv8FepI4s6XpYVgohDmg9ofZFE
a1z5Vcslykid1bNzyEx5Hd+F/xfXNQQq8CR8Dd6Y0jfM45KgnCOz9oKcOhScl0RN
D42xA5obY2FTr2neyALlixJHnEuCnMiSUSLaA9MU0fB1vjRjCW5c2v+OmYUrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUziaadX6kUZ8e2bW9JVtK+k2RggwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTMz
MzYyZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAo8U
iDANBgkqhkiG9w0BAQsFAAOCAQEAc3eDxUSXIrXS8m2/FVlppOnIZ7joIP3aO9J0
SzN3uP+tk2H9tNDlerWpe7KBoP7XOMOn0QWQ1PCOgg2nsYjabS/gao+ZPndPpKX8
ah744l8Tp8uWmSxrhAeylyYD6/86brF2gOF85IjgdZW0W/L9E+QcpRdDuqX4Hvhh
/8FweGoAvmUSvFUxMPpGGA5ZXCsi9PpfIuHaieAocSvrfsuBvuL/sra4eEdRVir7
+FeGHu8WNSkXDtiLkVKbNbl+ot5uv2pi+eEbrlEAzwtL+cYnw7I+f+sRIPTzJreM
wQzQXsnUCGouuEr9jb8bk7tM5uALV1PvY2fXcEkrRTNB5dot0Q==
-----END CERTIFICATE-----