Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3135322e302f32312d3231203d3e2035363530.roa
File:                     3134332e32302e3135322e302f32312d3231203d3e2035363530.roa (raw, json)
Hash identifier:          BmadjfvUMRVd1qtTbl0w63Avp7lLY3xvAVqlNazwYC0=
Subject key identifier:   27:26:27:A7:36:D3:50:AA:94:24:19:09:CF:CD:69:68:A2:8C:17:69
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2663EAA34EB46D18E1D0ED285B48A5B64FAF5231
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3135322e302f32312d3231203d3e2035363530.roa
Signing time:             Tue 06 May 2025 06:35:40 +0000
ROA not before:           Tue 06 May 2025 06:30:40 +0000
ROA not after:            Tue 05 May 2026 06:35:40 +0000
asID:                     5650
IP address blocks:        143.20.152.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:63:ea:a3:4e:b4:6d:18:e1:d0:ed:28:5b:48:a5:b6:4f:af:52:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:30:40 2025 GMT
            Not After : May  5 06:35:40 2026 GMT
        Subject: CN=272627A736D350AA94241909CFCD6968A28C1769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6e:b3:80:ce:4a:8c:2d:df:ae:43:d0:8b:d1:
                    72:eb:6a:b3:22:b8:9d:a4:7e:60:b6:94:a8:79:b1:
                    de:2e:eb:42:9d:51:fa:e6:1a:fc:b6:de:34:73:3f:
                    54:2d:6d:f6:aa:e1:9b:5e:91:d0:37:e8:71:05:f0:
                    61:33:09:ad:96:d6:c0:58:f6:7d:17:9d:82:55:f6:
                    ed:bc:12:1f:72:d9:8d:f8:a3:d8:50:8e:3c:d1:7d:
                    28:f1:ff:7d:13:d9:1b:9e:e0:4f:9b:6a:db:89:17:
                    22:b1:e5:46:f5:66:b5:e3:de:19:85:d6:8a:5c:7e:
                    80:1a:c9:77:e8:7d:3e:41:e3:12:1a:ed:34:d5:9b:
                    cb:cd:f7:10:6c:67:da:53:2e:c2:04:51:73:ed:af:
                    10:c2:30:01:86:ee:e8:fd:48:45:5c:22:b0:f2:6d:
                    eb:37:89:9e:e2:81:d1:68:2f:23:53:e3:b9:41:6c:
                    c0:e1:d5:c2:43:05:78:30:0a:e5:85:95:0d:7e:26:
                    3e:e6:37:cd:96:8a:83:cd:82:5b:56:3e:92:e3:d1:
                    2c:92:52:cb:67:d0:87:a3:38:fc:68:6d:46:59:b7:
                    a9:4a:20:c8:2a:b8:32:c2:6f:05:2c:d1:5e:b2:b7:
                    b0:01:44:11:ee:fd:4e:13:8b:81:d3:a7:4f:cb:e4:
                    80:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:26:27:A7:36:D3:50:AA:94:24:19:09:CF:CD:69:68:A2:8C:17:69
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3135322e302f32312d3231203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         32:f6:66:92:0c:43:35:3e:ec:4f:64:9c:7a:56:21:0b:e2:17:
         eb:91:b9:3e:35:ab:5a:31:f7:36:e7:d2:6b:ca:74:9b:69:1b:
         e3:4c:93:4d:fc:b6:99:3e:3d:1a:06:ff:46:e1:a7:54:0a:29:
         f8:9b:b0:a9:2e:7d:0f:df:24:ed:98:ba:83:b1:89:9b:15:fc:
         31:06:3e:7a:f3:b1:8b:45:1d:60:4d:40:2e:a4:8d:65:fa:c8:
         d2:50:cd:ba:2a:a6:13:f0:9a:0c:90:f5:ae:f3:36:16:28:39:
         47:6b:ec:7b:48:a1:ba:e1:c9:4f:e7:62:f2:32:31:93:db:16:
         64:7b:20:26:f3:6d:05:ec:a5:8f:2c:9b:cc:78:e1:c3:7d:d0:
         8b:6b:e0:66:ac:50:63:ef:75:9e:a8:d4:2b:cd:f6:df:5e:62:
         3a:3a:2d:7b:d8:1a:74:d6:fd:bb:9a:98:ba:92:7f:7b:ed:be:
         81:96:16:2b:3c:50:e7:c3:59:04:89:f8:d4:ad:8d:c2:83:2b:
         f5:c1:a6:f8:c0:81:a5:a1:dc:a1:fd:4d:75:32:e6:2c:4c:0e:
         c5:33:93:0c:b3:6f:6d:27:46:e8:23:91:fe:cb:5e:b8:e6:a7:
         c6:4d:01:81:49:44:85:78:78:ee:db:10:02:6b:ce:fc:d0:06:
         fa:31:fd:64
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJmPqo060bRjh0O0oW0iltk+vUjEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMwNDBaFw0yNjA1MDUwNjM1NDBaMDMxMTAvBgNV
BAMTKDI3MjYyN0E3MzZEMzUwQUE5NDI0MTkwOUNGQ0Q2OTY4QTI4QzE3NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPbrOAzkqMLd+uQ9CL0XLrarMi
uJ2kfmC2lKh5sd4u60KdUfrmGvy23jRzP1Qtbfaq4ZtekdA36HEF8GEzCa2W1sBY
9n0XnYJV9u28Eh9y2Y34o9hQjjzRfSjx/30T2Rue4E+batuJFyKx5Ub1ZrXj3hmF
1opcfoAayXfofT5B4xIa7TTVm8vN9xBsZ9pTLsIEUXPtrxDCMAGG7uj9SEVcIrDy
bes3iZ7igdFoLyNT47lBbMDh1cJDBXgwCuWFlQ1+Jj7mN82WioPNgltWPpLj0SyS
Ustn0IejOPxobUZZt6lKIMgquDLCbwUs0V6yt7ABRBHu/U4Ti4HTp0/L5IDJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJyYnpzbTUKqUJBkJz81paKKMF2kwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTM1
MzIyZTMwMmYzMjMxMmQzMjMxMjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA48U
mDANBgkqhkiG9w0BAQsFAAOCAQEAMvZmkgxDNT7sT2ScelYhC+IX65G5PjWrWjH3
NufSa8p0m2kb40yTTfy2mT49Ggb/RuGnVAop+JuwqS59D98k7Zi6g7GJmxX8MQY+
evOxi0UdYE1ALqSNZfrI0lDNuiqmE/CaDJD1rvM2Fig5R2vse0ihuuHJT+di8jIx
k9sWZHsgJvNtBeyljyybzHjhw33Qi2vgZqxQY+91nqjUK832315iOjote9gadNb9
u5qYupJ/e+2+gZYWKzxQ58NZBIn41K2NwoMr9cGm+MCBpaHcof1NdTLmLEwOxTOT
DLNvbSdG6COR/steuOanxk0BgUlEhXh47tsQAmvO/NAG+jH9ZA==
-----END CERTIFICATE-----