Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3232392e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e3232392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          08uCkW51nFgWShlyI+2DfBIemcWE/RGmpTsTNmZeR20=
Subject key identifier:   CD:6E:5A:00:C3:7F:7A:3B:EF:02:F8:35:5E:A5:D1:9D:F2:85:2B:E4
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3C3DF118867C87F4CE308C7B54461FE1A22CFAD1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3232392e302f32342d3234203d3e20383334.roa
Signing time:             Tue 06 May 2025 06:35:02 +0000
ROA not before:           Tue 06 May 2025 06:30:02 +0000
ROA not after:            Tue 05 May 2026 06:35:02 +0000
asID:                     834
IP address blocks:        143.20.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:3d:f1:18:86:7c:87:f4:ce:30:8c:7b:54:46:1f:e1:a2:2c:fa:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:30:02 2025 GMT
            Not After : May  5 06:35:02 2026 GMT
        Subject: CN=CD6E5A00C37F7A3BEF02F8355EA5D19DF2852BE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ed:41:29:11:b2:dd:01:3d:b3:d6:98:37:0e:
                    c7:25:d7:57:fc:f6:be:80:37:34:b9:65:01:62:8b:
                    96:52:c8:34:0f:7b:39:b0:6c:e9:27:8a:42:ef:80:
                    48:97:d0:ef:db:86:6c:fe:90:2c:f8:1e:e6:2d:dc:
                    12:0a:5e:17:7a:79:ca:6a:1c:0c:4f:f0:c7:6b:a7:
                    84:02:2a:08:43:7f:e6:6a:44:a1:9e:b4:ff:67:fa:
                    0e:6b:6f:19:a9:80:99:c4:1f:cf:3e:d1:a2:84:48:
                    6e:39:d1:9b:cc:cd:ea:70:fc:5b:d4:99:43:c9:7d:
                    25:5a:b7:2a:78:e6:89:aa:cf:09:c8:05:24:16:6e:
                    a6:f2:a0:28:47:bf:c1:be:9e:6c:d4:2e:f4:c2:e9:
                    28:0d:03:69:35:16:0e:91:be:a9:33:79:34:b7:cd:
                    ce:33:2a:b1:50:35:46:70:38:60:a2:87:f7:4d:53:
                    36:bf:1a:c9:c3:54:64:e3:af:42:09:d3:38:1f:a8:
                    b1:af:cf:66:50:43:1d:e5:db:fd:31:83:c1:6b:f1:
                    0e:4c:63:7a:ad:ef:f6:ef:3f:01:f9:b2:3d:ef:6e:
                    9c:e9:c0:a0:7f:2c:27:40:9f:56:8b:c5:45:2f:73:
                    ab:9c:c0:de:2c:29:ed:f7:52:d0:7a:ef:22:a9:74:
                    86:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:6E:5A:00:C3:7F:7A:3B:EF:02:F8:35:5E:A5:D1:9D:F2:85:2B:E4
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3232392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:71:ba:50:62:9e:7e:d9:c6:08:6a:a8:14:9b:8d:47:fa:ff:
         a1:d1:a9:4f:40:a0:c2:12:00:5c:5d:4d:1b:c8:54:25:42:1d:
         70:33:66:b0:92:8f:e9:2f:b6:bf:e5:de:51:ed:df:86:07:3d:
         59:93:91:21:21:ea:13:40:32:ea:49:05:2b:6b:c7:78:09:f4:
         69:e6:0c:b2:93:a8:50:cd:2a:a3:6d:45:f9:0d:82:aa:91:2f:
         83:77:df:20:dc:22:a9:f7:ac:19:82:58:73:84:a3:9a:c6:44:
         dc:72:a8:3f:6c:71:ca:d7:06:08:b6:74:68:01:7b:8e:b8:1a:
         95:8e:2e:10:77:c7:ac:6a:82:d3:d1:07:ac:a4:37:c0:19:41:
         c7:c5:c2:91:93:8a:b0:d9:21:4b:59:31:ee:82:64:19:9c:d7:
         f0:56:d4:e8:53:dd:8f:eb:52:b9:54:fe:9a:04:53:b5:2a:d3:
         46:3f:8b:f3:a7:4c:70:78:3b:93:67:17:26:d5:2b:78:a0:9c:
         45:c0:6f:28:05:42:df:66:f7:e7:55:44:c1:7a:31:9b:ee:6c:
         a1:3a:a2:20:72:bc:8c:ea:1e:87:6b:d2:d3:36:b0:d5:a6:f0:
         8a:af:b1:6b:19:f0:04:31:45:dd:84:81:3f:b6:54:17:f1:44:
         cf:e9:d9:32
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPD3xGIZ8h/TOMIx7VEYf4aIs+tEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMwMDJaFw0yNjA1MDUwNjM1MDJaMDMxMTAvBgNV
BAMTKENENkU1QTAwQzM3RjdBM0JFRjAyRjgzNTVFQTVEMTlERjI4NTJCRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/7UEpEbLdAT2z1pg3Dscl11f8
9r6ANzS5ZQFii5ZSyDQPezmwbOknikLvgEiX0O/bhmz+kCz4HuYt3BIKXhd6ecpq
HAxP8Mdrp4QCKghDf+ZqRKGetP9n+g5rbxmpgJnEH88+0aKESG450ZvMzepw/FvU
mUPJfSVatyp45omqzwnIBSQWbqbyoChHv8G+nmzULvTC6SgNA2k1Fg6RvqkzeTS3
zc4zKrFQNUZwOGCih/dNUza/GsnDVGTjr0IJ0zgfqLGvz2ZQQx3l2/0xg8Fr8Q5M
Y3qt7/bvPwH5sj3vbpzpwKB/LCdAn1aLxUUvc6ucwN4sKe33UtB67yKpdIZ3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUzW5aAMN/ejvvAvg1XqXRnfKFK+QwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMy
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFOUw
DQYJKoZIhvcNAQELBQADggEBAAtxulBinn7ZxghqqBSbjUf6/6HRqU9AoMISAFxd
TRvIVCVCHXAzZrCSj+kvtr/l3lHt34YHPVmTkSEh6hNAMupJBStrx3gJ9GnmDLKT
qFDNKqNtRfkNgqqRL4N33yDcIqn3rBmCWHOEo5rGRNxyqD9sccrXBgi2dGgBe464
GpWOLhB3x6xqgtPRB6ykN8AZQcfFwpGTirDZIUtZMe6CZBmc1/BW1OhT3Y/rUrlU
/poEU7Uq00Y/i/OnTHB4O5NnFybVK3ignEXAbygFQt9m9+dVRMF6MZvubKE6oiBy
vIzqHodr0tM2sNWm8IqvsWsZ8AQxRd2EgT+2VBfxRM/p2TI=
-----END CERTIFICATE-----