Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3233322e302f32322d3232203d3e2036303739.roa
File:                     3134332e32302e3233322e302f32322d3232203d3e2036303739.roa (raw, json)
Hash identifier:          D4ARdzEoZ1bjX6CvUTS8wUjm/5dom07RT6c3Ot4QzGM=
Subject key identifier:   5F:B0:BC:F4:AD:B4:29:10:E2:C5:8E:2A:57:3F:3D:C2:DC:D0:C7:D9
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       379BA38169F9F5085141580F50799AE292BA9463
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3233322e302f32322d3232203d3e2036303739.roa
Signing time:             Tue 06 May 2025 06:37:16 +0000
ROA not before:           Tue 06 May 2025 06:32:16 +0000
ROA not after:            Tue 05 May 2026 06:37:16 +0000
asID:                     6079
IP address blocks:        143.20.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 12:07:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:9b:a3:81:69:f9:f5:08:51:41:58:0f:50:79:9a:e2:92:ba:94:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:32:16 2025 GMT
            Not After : May  5 06:37:16 2026 GMT
        Subject: CN=5FB0BCF4ADB42910E2C58E2A573F3DC2DCD0C7D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:91:17:15:96:ce:1d:f4:a6:af:b8:a8:cc:37:
                    78:e1:cc:2a:16:f8:15:90:d1:5f:7a:3b:4b:8a:b4:
                    71:21:cc:52:0a:83:cf:df:09:1a:31:e0:2f:96:75:
                    e1:7f:3a:eb:c2:2a:ed:bb:8e:71:9b:ee:e8:32:a4:
                    9c:a4:0e:62:52:bc:d6:0c:da:a4:19:13:16:83:b2:
                    31:2f:f5:2f:f2:06:bb:88:a1:82:21:53:a8:0b:a0:
                    8a:03:31:1d:bd:f4:46:cd:12:de:60:ba:66:87:71:
                    38:3b:68:ac:0d:a6:11:3f:35:1d:41:57:fa:00:65:
                    ce:51:88:4c:c3:20:68:c2:16:a6:c1:04:7d:7b:75:
                    9a:d6:6f:f6:9c:d0:ad:ae:f4:9b:85:b2:4b:47:be:
                    c2:58:5d:16:02:5a:cf:86:0a:f9:98:10:5a:27:41:
                    1b:58:d0:1a:df:93:d2:85:f9:47:5f:c4:ff:15:37:
                    6f:77:71:d3:86:ed:de:95:68:5a:37:aa:52:83:83:
                    cd:a7:09:3b:59:d2:93:40:94:d2:69:5f:73:40:5e:
                    ff:3b:d5:06:d8:c3:28:32:6b:05:6e:f7:1b:a8:c1:
                    63:3e:b4:d9:b9:f9:6f:5b:af:af:23:41:0b:2e:fa:
                    0c:9f:bf:b7:b0:75:6b:ae:65:57:c9:bd:82:eb:89:
                    7c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B0:BC:F4:AD:B4:29:10:E2:C5:8E:2A:57:3F:3D:C2:DC:D0:C7:D9
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3233322e302f32322d3232203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:ba:b6:86:c7:4c:9a:cf:14:eb:25:e0:c0:9c:f4:b3:da:16:
         24:71:e2:12:34:77:95:db:39:f9:73:5b:f9:b8:dc:5f:34:7a:
         dd:31:71:e4:77:cc:56:98:69:09:30:47:c1:e9:ba:2b:42:10:
         19:84:a5:17:45:6b:7a:07:f4:fb:23:3b:70:80:ea:8a:83:38:
         ff:2a:c8:34:77:95:c5:79:bb:a0:fa:d1:cd:57:45:7c:5e:b0:
         42:2b:60:90:8c:b0:ac:64:e9:8f:4d:c9:52:31:a1:cd:95:97:
         f2:52:1e:a4:ed:44:52:31:13:67:69:85:85:24:d7:7a:38:76:
         b1:16:aa:62:84:13:0b:b7:40:74:b8:e2:f0:a5:92:72:44:d7:
         25:31:27:da:ef:58:f8:c7:ef:dc:3d:aa:bf:f1:88:51:ef:96:
         ca:18:25:0f:90:2c:29:1a:65:bb:15:6d:f1:85:ec:d6:10:7e:
         04:0d:56:a5:59:77:dc:f1:e6:54:5e:b7:5b:af:79:03:ef:59:
         f1:c5:67:fa:d5:fd:c8:d2:5d:ec:fc:cf:58:74:f9:b4:3d:06:
         9d:81:2f:11:ea:7e:71:1c:c9:c2:59:c5:11:94:d2:ff:87:8f:
         e4:e1:6d:41:28:a3:85:3f:24:ce:96:d5:75:c9:18:e2:49:7e:
         59:eb:0b:19
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUN5ujgWn59QhRQVgPUHma4pK6lGMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMyMTZaFw0yNjA1MDUwNjM3MTZaMDMxMTAvBgNV
BAMTKDVGQjBCQ0Y0QURCNDI5MTBFMkM1OEUyQTU3M0YzREMyRENEMEM3RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSkRcVls4d9KavuKjMN3jhzCoW
+BWQ0V96O0uKtHEhzFIKg8/fCRox4C+WdeF/OuvCKu27jnGb7ugypJykDmJSvNYM
2qQZExaDsjEv9S/yBruIoYIhU6gLoIoDMR299EbNEt5gumaHcTg7aKwNphE/NR1B
V/oAZc5RiEzDIGjCFqbBBH17dZrWb/ac0K2u9JuFsktHvsJYXRYCWs+GCvmYEFon
QRtY0Brfk9KF+UdfxP8VN293cdOG7d6VaFo3qlKDg82nCTtZ0pNAlNJpX3NAXv87
1QbYwygyawVu9xuowWM+tNm5+W9br68jQQsu+gyfv7ewdWuuZVfJvYLriXzdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUX7C89K20KRDixY4qVz89wtzQx9kwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMz
MzIyZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAo8U
6DANBgkqhkiG9w0BAQsFAAOCAQEAWLq2hsdMms8U6yXgwJz0s9oWJHHiEjR3lds5
+XNb+bjcXzR63TFx5HfMVphpCTBHwem6K0IQGYSlF0Vregf0+yM7cIDqioM4/yrI
NHeVxXm7oPrRzVdFfF6wQitgkIywrGTpj03JUjGhzZWX8lIepO1EUjETZ2mFhSTX
ejh2sRaqYoQTC7dAdLji8KWSckTXJTEn2u9Y+Mfv3D2qv/GIUe+WyhglD5AsKRpl
uxVt8YXs1hB+BA1WpVl33PHmVF63W695A+9Z8cVn+tX9yNJd7PzPWHT5tD0GnYEv
Eep+cRzJwlnFEZTS/4eP5OFtQSijhT8kzpbVdckY4kl+WesLGQ==
-----END CERTIFICATE-----