Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3232382e302f32342d3234203d3e2036303739.roa
File:                     3134332e32302e3232382e302f32342d3234203d3e2036303739.roa (raw, json)
Hash identifier:          xbL+8PjGyL9tsMEXEEXfjlO28pTKSrCSpDVDw0oweIY=
Subject key identifier:   66:6A:2B:4E:80:91:D5:5D:0F:27:2E:AD:55:84:56:E0:45:9C:F0:58
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       76D4E047D812D684610E7EC44E877C76BBA73618
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3232382e302f32342d3234203d3e2036303739.roa
Signing time:             Tue 06 May 2025 06:37:10 +0000
ROA not before:           Tue 06 May 2025 06:32:10 +0000
ROA not after:            Tue 05 May 2026 06:37:10 +0000
asID:                     6079
IP address blocks:        143.20.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 17:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:d4:e0:47:d8:12:d6:84:61:0e:7e:c4:4e:87:7c:76:bb:a7:36:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:32:10 2025 GMT
            Not After : May  5 06:37:10 2026 GMT
        Subject: CN=666A2B4E8091D55D0F272EAD558456E0459CF058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a1:10:e4:ef:32:be:34:90:d8:18:5e:0c:52:
                    ec:a0:6a:02:4e:d7:33:52:6d:ca:ae:a4:a7:71:c9:
                    10:b5:a6:33:df:72:b5:d3:8b:8c:77:cc:5a:53:b3:
                    db:8c:da:79:04:e8:7e:e3:a1:18:bf:72:ca:69:a0:
                    fc:49:c1:97:00:ad:d3:48:ad:c9:b9:50:6d:7e:a9:
                    cc:6f:0c:9e:77:ff:2f:8d:8e:91:1c:9d:b2:3d:5d:
                    77:47:55:59:73:8b:d2:2b:bf:08:9f:f7:69:54:fd:
                    0e:ca:b0:71:f7:3f:e2:b7:a1:33:61:b2:71:ea:2f:
                    ab:94:6e:1d:5c:7b:de:95:f2:65:b6:a4:07:b7:9e:
                    0f:7c:5a:26:8a:d7:4b:d8:95:16:9a:89:2f:c3:95:
                    3e:d7:7b:6f:46:fa:ac:fd:09:78:35:19:a5:46:71:
                    5c:3a:7f:dd:96:39:16:09:d7:d7:1b:aa:71:e6:c5:
                    52:91:1b:da:02:d1:bf:03:26:c7:a8:44:99:66:0e:
                    ac:93:6a:41:e7:c4:e8:83:4c:2d:f5:6e:51:0a:f6:
                    5f:1a:fe:6c:c5:e7:8f:f9:8d:ee:33:9f:4a:1a:76:
                    fb:bb:c7:a6:67:cf:80:be:c9:11:48:fd:00:51:e3:
                    3b:b8:dc:4e:1a:ab:dd:c6:15:a9:70:b5:cf:bf:72:
                    63:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:6A:2B:4E:80:91:D5:5D:0F:27:2E:AD:55:84:56:E0:45:9C:F0:58
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3232382e302f32342d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a3:dc:59:79:45:6b:a0:2e:e5:f8:fe:35:13:cc:88:e8:ed:
         cc:13:8f:56:4e:7c:7a:f5:c0:5e:a3:6d:74:ef:bc:77:1d:52:
         bb:b7:eb:d4:0d:5a:54:ed:dc:74:8f:1e:6d:4c:03:b6:ff:3d:
         0b:8a:05:3b:b6:ee:9f:d8:8e:40:7e:db:89:73:88:96:46:f9:
         7d:fe:d4:5f:ee:84:73:51:d6:3b:ea:31:f4:53:8a:c8:b5:74:
         6b:13:22:61:53:77:19:94:87:f7:cd:ac:d5:11:54:9b:35:b8:
         b6:9a:77:d1:c8:50:63:d6:c2:af:c9:38:a3:77:35:36:c7:47:
         68:18:aa:f4:4f:59:86:48:6d:e7:c2:5a:e8:c5:f7:00:a5:ec:
         3a:f5:53:7d:de:15:7f:05:b8:a4:50:93:66:c2:2e:ab:22:b8:
         b0:97:c1:9a:a7:95:e4:1d:68:28:a3:04:3d:b2:36:53:6a:8b:
         2b:11:21:3c:bf:a3:8b:9b:36:a8:70:0d:3d:85:65:9e:00:6d:
         4a:e6:f9:94:c8:fb:f7:db:a5:f8:64:e0:fc:30:91:72:0b:03:
         0c:f7:96:e6:26:2b:57:35:71:7c:26:35:4e:96:f8:11:77:74:
         80:0f:0f:9c:16:85:db:34:61:34:75:a1:80:70:ef:62:9e:43:
         b1:ba:77:67
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdtTgR9gS1oRhDn7ETod8drunNhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMyMTBaFw0yNjA1MDUwNjM3MTBaMDMxMTAvBgNV
BAMTKDY2NkEyQjRFODA5MUQ1NUQwRjI3MkVBRDU1ODQ1NkUwNDU5Q0YwNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwoRDk7zK+NJDYGF4MUuygagJO
1zNSbcqupKdxyRC1pjPfcrXTi4x3zFpTs9uM2nkE6H7joRi/csppoPxJwZcArdNI
rcm5UG1+qcxvDJ53/y+NjpEcnbI9XXdHVVlzi9Irvwif92lU/Q7KsHH3P+K3oTNh
snHqL6uUbh1ce96V8mW2pAe3ng98WiaK10vYlRaaiS/DlT7Xe29G+qz9CXg1GaVG
cVw6f92WORYJ19cbqnHmxVKRG9oC0b8DJseoRJlmDqyTakHnxOiDTC31blEK9l8a
/mzF54/5je4zn0oadvu7x6Znz4C+yRFI/QBR4zu43E4aq93GFalwtc+/cmPLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUZmorToCR1V0PJy6tVYRW4EWc8FgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMy
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8U
5DANBgkqhkiG9w0BAQsFAAOCAQEAQaPcWXlFa6Au5fj+NRPMiOjtzBOPVk58evXA
XqNtdO+8dx1Su7fr1A1aVO3cdI8ebUwDtv89C4oFO7bun9iOQH7biXOIlkb5ff7U
X+6Ec1HWO+ox9FOKyLV0axMiYVN3GZSH982s1RFUmzW4tpp30chQY9bCr8k4o3c1
NsdHaBiq9E9Zhkht58Ja6MX3AKXsOvVTfd4VfwW4pFCTZsIuqyK4sJfBmqeV5B1o
KKMEPbI2U2qLKxEhPL+ji5s2qHANPYVlngBtSub5lMj799ul+GTg/DCRcgsDDPeW
5iYrVzVxfCY1Tpb4EXd0gA8PnBaF2zRhNHWhgHDvYp5Dsbp3Zw==
-----END CERTIFICATE-----