Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3138302e302f32322d3232203d3e2037303239.roa
File:                     3134332e32302e3138302e302f32322d3232203d3e2037303239.roa (raw, json)
Hash identifier:          jylJWuZzjAtS2MjJS0C/lGXsxZj+w1RCZkzombu+sJI=
Subject key identifier:   EC:86:CF:5C:37:BE:51:B1:A8:46:78:B1:B5:AE:58:39:FC:6E:64:AD
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       19C53AA2C074C41F6503266156B12942995F4E25
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3138302e302f32322d3232203d3e2037303239.roa
Signing time:             Tue 06 May 2025 06:36:29 +0000
ROA not before:           Tue 06 May 2025 06:31:29 +0000
ROA not after:            Tue 05 May 2026 06:36:29 +0000
asID:                     7029
IP address blocks:        143.20.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 12:04:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:c5:3a:a2:c0:74:c4:1f:65:03:26:61:56:b1:29:42:99:5f:4e:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:31:29 2025 GMT
            Not After : May  5 06:36:29 2026 GMT
        Subject: CN=EC86CF5C37BE51B1A84678B1B5AE5839FC6E64AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e6:24:e4:0e:95:f4:03:8b:5d:27:c9:f9:ba:
                    b4:2e:9f:3d:58:af:c5:71:54:9a:4c:76:59:33:43:
                    99:01:c8:b6:16:5e:a8:86:c4:78:33:c0:1a:80:2f:
                    28:b6:56:5a:b4:59:78:8f:be:b8:93:94:0a:71:6a:
                    35:d2:55:0b:f2:ed:32:59:e7:19:df:92:14:e2:ca:
                    db:19:62:4f:fb:07:ad:7a:53:98:8a:34:70:b8:51:
                    ee:b7:a4:26:e6:16:9c:17:9d:5e:6b:06:eb:fc:a9:
                    ff:8f:fc:46:02:44:eb:ea:25:9e:18:91:f4:b6:f8:
                    80:c2:e9:a7:65:8c:e6:ff:6a:5d:4e:59:d5:23:90:
                    64:bb:d1:ac:d7:67:fd:64:7e:0a:31:ca:16:76:49:
                    74:f3:c2:83:6f:22:a0:f6:ab:8f:87:dd:e5:c0:71:
                    91:f9:13:56:f5:51:91:0b:54:13:10:d5:ea:57:e8:
                    df:11:d5:ae:26:56:ed:65:61:73:45:73:99:b5:36:
                    b7:b0:6a:3d:f7:3b:3e:38:dc:97:68:a0:87:1d:4b:
                    83:43:7e:b8:ee:42:3b:89:c7:01:be:9e:9f:de:48:
                    b5:54:bd:5d:42:30:72:87:44:7b:ab:df:ae:a3:4b:
                    78:8d:6d:90:79:aa:8a:90:00:71:f9:89:7c:35:91:
                    a6:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:86:CF:5C:37:BE:51:B1:A8:46:78:B1:B5:AE:58:39:FC:6E:64:AD
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3138302e302f32322d3232203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bb:50:ed:bc:2d:eb:10:3d:ec:13:a4:92:77:b4:c7:92:70:1a:
         f1:19:20:3b:d3:fe:e4:c4:5e:58:41:ff:4f:de:e5:f3:2f:18:
         e3:34:7d:32:5e:32:4d:16:8a:4b:80:b5:f1:d1:34:3c:8b:53:
         6a:46:bf:ef:c9:00:64:54:77:04:6e:23:05:4b:d6:05:d9:9b:
         25:ff:3e:b9:80:4b:90:54:ed:58:58:11:f8:5c:75:e8:87:12:
         e8:bb:59:4f:5f:73:a7:9f:93:1e:c0:dd:65:45:61:a7:8d:5c:
         09:17:98:62:04:e8:a1:01:31:10:26:7e:b3:52:ff:1a:e8:cd:
         2c:6e:2a:30:9f:90:39:57:d3:60:b5:db:5e:70:c4:f7:ea:ac:
         67:e7:23:11:70:d4:f8:37:19:8f:1b:f9:1b:fe:0d:55:e1:6f:
         a2:22:1b:43:de:44:d7:62:af:28:7c:20:a3:3c:4f:5e:8c:59:
         d3:49:e2:5b:a1:03:d7:a1:8b:b8:42:38:be:49:85:39:20:15:
         d0:40:b8:d3:bc:70:37:ba:b1:a7:91:36:83:0e:90:6d:c1:d1:
         a9:41:30:b8:49:54:8d:40:7e:e5:d7:18:b7:d2:ce:62:c4:16:
         32:b8:6d:05:42:4f:95:05:71:6c:2d:29:fa:de:23:3e:65:7e:
         6b:1a:74:bc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGcU6osB0xB9lAyZhVrEpQplfTiUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMxMjlaFw0yNjA1MDUwNjM2MjlaMDMxMTAvBgNV
BAMTKEVDODZDRjVDMzdCRTUxQjFBODQ2NzhCMUI1QUU1ODM5RkM2RTY0QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn5iTkDpX0A4tdJ8n5urQunz1Y
r8VxVJpMdlkzQ5kByLYWXqiGxHgzwBqALyi2Vlq0WXiPvriTlApxajXSVQvy7TJZ
5xnfkhTiytsZYk/7B616U5iKNHC4Ue63pCbmFpwXnV5rBuv8qf+P/EYCROvqJZ4Y
kfS2+IDC6adljOb/al1OWdUjkGS70azXZ/1kfgoxyhZ2SXTzwoNvIqD2q4+H3eXA
cZH5E1b1UZELVBMQ1epX6N8R1a4mVu1lYXNFc5m1Nrewaj33Oz443JdooIcdS4ND
frjuQjuJxwG+np/eSLVUvV1CMHKHRHur366jS3iNbZB5qoqQAHH5iXw1kab5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7IbPXDe+UbGoRnixta5YOfxuZK0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTM4
MzAyZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzNzMwMzIzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAo8U
tDANBgkqhkiG9w0BAQsFAAOCAQEAu1DtvC3rED3sE6SSd7THknAa8RkgO9P+5MRe
WEH/T97l8y8Y4zR9Ml4yTRaKS4C18dE0PItTaka/78kAZFR3BG4jBUvWBdmbJf8+
uYBLkFTtWFgR+Fx16IcS6LtZT19zp5+THsDdZUVhp41cCReYYgTooQExECZ+s1L/
GujNLG4qMJ+QOVfTYLXbXnDE9+qsZ+cjEXDU+DcZjxv5G/4NVeFvoiIbQ95E12Kv
KHwgozxPXoxZ00niW6ED16GLuEI4vkmFOSAV0EC407xwN7qxp5E2gw6QbcHRqUEw
uElUjUB+5dcYt9LOYsQWMrhtBUJPlQVxbC0p+t4jPmV+axp0vA==
-----END CERTIFICATE-----