Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3231362e302f32312d3231203d3e2037303239.roa
File:                     3134332e32302e3231362e302f32312d3231203d3e2037303239.roa (raw, json)
Hash identifier:          WkxXTrrrOnL2+bmQ6QY3i1Tdflywayiy/CdWawPekVw=
Subject key identifier:   8C:04:72:3A:94:ED:31:D2:49:39:5A:2A:74:8A:2C:C0:06:29:7D:18
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       482F9A3397FE18AF152DBB92BFE7CF7FE7D5597D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3231362e302f32312d3231203d3e2037303239.roa
Signing time:             Tue 06 May 2025 06:36:11 +0000
ROA not before:           Tue 06 May 2025 06:31:11 +0000
ROA not after:            Tue 05 May 2026 06:36:11 +0000
asID:                     7029
IP address blocks:        143.20.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:2f:9a:33:97:fe:18:af:15:2d:bb:92:bf:e7:cf:7f:e7:d5:59:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:31:11 2025 GMT
            Not After : May  5 06:36:11 2026 GMT
        Subject: CN=8C04723A94ED31D249395A2A748A2CC006297D18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b6:d5:f4:a9:9d:45:f2:48:58:4f:5f:32:32:
                    06:eb:32:dd:48:d4:d1:76:9f:70:94:b1:d5:c1:dc:
                    03:78:ba:9f:6e:98:5f:a2:20:bf:83:51:be:6b:3b:
                    01:c0:7f:4e:28:a3:97:ec:02:ac:21:36:b9:1e:1b:
                    1b:c7:bb:66:c2:ff:87:fa:21:75:8d:e9:47:a3:03:
                    94:37:4c:e5:af:97:c5:73:83:f1:3d:f3:a7:c5:5f:
                    04:8c:db:4e:54:ac:15:d0:c2:ce:9f:cc:13:46:5a:
                    cf:5e:2d:3d:55:8d:5e:96:86:e2:90:ad:84:3e:a6:
                    5c:e5:c3:c9:80:cd:0a:8f:ab:c6:a7:8d:a0:be:ad:
                    e4:a3:f5:e4:34:16:5e:04:78:11:0c:6b:09:44:32:
                    b4:16:5e:d9:d5:9d:9f:a1:94:d4:1f:2d:0e:da:d6:
                    97:e0:38:7a:e1:48:8b:7e:81:33:bc:05:8a:86:7a:
                    1b:11:f5:47:8c:72:91:78:cf:bd:c2:c3:b4:b5:69:
                    94:b7:02:4e:aa:b5:09:52:d4:2b:5f:5e:c9:b7:5c:
                    45:f8:74:31:52:e8:8a:df:37:29:e8:dd:71:16:92:
                    27:a0:46:d8:f8:43:7f:29:00:45:9c:45:e5:ee:b2:
                    be:78:98:55:3f:7c:b0:a8:2e:92:63:3f:ed:85:28:
                    07:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:04:72:3A:94:ED:31:D2:49:39:5A:2A:74:8A:2C:C0:06:29:7D:18
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3231362e302f32312d3231203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         78:a4:77:90:dd:25:67:9b:b5:c8:62:cc:8c:3a:81:b5:d7:98:
         e4:a5:25:37:ea:58:a3:70:50:26:67:e2:12:8d:f5:7a:a8:d7:
         dc:ee:bf:75:3a:4c:b8:f4:5a:71:fd:7e:ec:b0:a4:cc:9d:2b:
         19:e4:35:74:ab:5a:cf:42:58:6e:8b:78:98:62:69:ac:83:c2:
         b2:29:a7:61:d0:65:85:b2:58:76:44:c4:b2:4b:32:05:5d:d1:
         bc:8f:47:3a:90:49:41:5c:38:e8:d0:19:89:a7:35:5e:0d:6c:
         ce:18:7f:01:24:7a:99:ca:d4:ec:22:0a:d9:e3:e2:82:aa:61:
         07:7a:a2:d1:5d:f7:3d:64:f3:1d:3b:3d:ce:83:98:b4:c7:bc:
         17:c6:62:b2:62:31:a4:1d:d9:36:2e:e0:b9:6b:72:38:ee:80:
         4b:0e:0b:7b:24:9f:92:2e:a9:25:bc:dd:3f:cf:a3:1d:b6:99:
         dc:c4:12:3a:84:92:ab:b7:93:47:cf:1e:bf:54:cc:76:bf:d0:
         6b:93:68:cb:83:1e:77:8a:70:2c:7d:46:21:26:45:8b:28:22:
         1f:34:52:ba:29:b8:22:ab:b3:14:01:de:12:68:ba:c9:df:bc:
         d3:25:a3:64:01:a2:5b:28:ab:62:7d:9f:45:4a:7f:5c:a6:48:
         2f:3f:fc:d6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSC+aM5f+GK8VLbuSv+fPf+fVWX0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMxMTFaFw0yNjA1MDUwNjM2MTFaMDMxMTAvBgNV
BAMTKDhDMDQ3MjNBOTRFRDMxRDI0OTM5NUEyQTc0OEEyQ0MwMDYyOTdEMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzttX0qZ1F8khYT18yMgbrMt1I
1NF2n3CUsdXB3AN4up9umF+iIL+DUb5rOwHAf04oo5fsAqwhNrkeGxvHu2bC/4f6
IXWN6UejA5Q3TOWvl8Vzg/E986fFXwSM205UrBXQws6fzBNGWs9eLT1VjV6WhuKQ
rYQ+plzlw8mAzQqPq8anjaC+reSj9eQ0Fl4EeBEMawlEMrQWXtnVnZ+hlNQfLQ7a
1pfgOHrhSIt+gTO8BYqGehsR9UeMcpF4z73Cw7S1aZS3Ak6qtQlS1CtfXsm3XEX4
dDFS6IrfNyno3XEWkiegRtj4Q38pAEWcReXusr54mFU/fLCoLpJjP+2FKAePAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjARyOpTtMdJJOVoqdIoswAYpfRgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMx
MzYyZTMwMmYzMjMxMmQzMjMxMjAzZDNlMjAzNzMwMzIzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA48U
2DANBgkqhkiG9w0BAQsFAAOCAQEAeKR3kN0lZ5u1yGLMjDqBtdeY5KUlN+pYo3BQ
JmfiEo31eqjX3O6/dTpMuPRacf1+7LCkzJ0rGeQ1dKtaz0JYbot4mGJprIPCsimn
YdBlhbJYdkTEsksyBV3RvI9HOpBJQVw46NAZiac1Xg1szhh/ASR6mcrU7CIK2ePi
gqphB3qi0V33PWTzHTs9zoOYtMe8F8ZismIxpB3ZNi7guWtyOO6ASw4LeySfki6p
JbzdP8+jHbaZ3MQSOoSSq7eTR88ev1TMdr/Qa5Noy4Med4pwLH1GISZFiygiHzRS
uim4IquzFAHeEmi6yd+80yWjZAGiWyirYn2fRUp/XKZILz/81g==
-----END CERTIFICATE-----