Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234362e302f32342d3234203d3e2035303635.roa
File:                     3134332e32302e3234362e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          BA+NaImuy2IYYbcNoeyBRVcvILjeTJtrWis0+R1NCtc=
Subject key identifier:   E8:13:D0:92:E5:7E:AA:33:88:F0:94:93:70:52:64:0C:4C:4C:64:4B
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       2E1A3E317C72ED7D4D2E1501DE31759DEF387546
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234362e302f32342d3234203d3e2035303635.roa
Signing time:             Tue 06 May 2025 06:35:23 +0000
ROA not before:           Tue 06 May 2025 06:30:23 +0000
ROA not after:            Tue 05 May 2026 06:35:23 +0000
asID:                     5065
IP address blocks:        143.20.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:1a:3e:31:7c:72:ed:7d:4d:2e:15:01:de:31:75:9d:ef:38:75:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:30:23 2025 GMT
            Not After : May  5 06:35:23 2026 GMT
        Subject: CN=E813D092E57EAA3388F094937052640C4C4C644B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cd:3c:56:59:70:4d:a0:4b:80:4c:f5:17:f6:
                    69:75:66:02:96:82:df:68:af:4c:4e:7c:11:c6:be:
                    15:24:7b:d8:23:22:26:d6:fc:d1:62:7d:cd:a5:0a:
                    69:a0:82:f1:6d:3d:75:ae:59:6e:34:ee:38:54:e2:
                    65:01:b1:45:31:31:81:90:02:e3:30:f4:a1:3d:53:
                    70:e0:63:57:7a:75:60:f5:f7:b1:e7:e7:9b:20:f2:
                    02:12:a1:2b:68:15:e7:2f:15:f0:54:1b:00:d3:40:
                    bc:82:48:81:24:05:ff:c4:82:10:70:29:c3:1a:8e:
                    54:17:fb:d8:7e:71:91:9a:c6:fb:a6:ad:f2:0e:4c:
                    39:7e:1c:69:00:3f:9f:29:4f:bf:08:7e:64:98:a8:
                    55:a8:27:3d:56:0e:99:43:2d:df:d5:c6:d1:b8:7c:
                    b0:85:20:ca:2d:a2:54:b5:1e:eb:70:49:37:eb:d3:
                    a2:75:fe:d5:ac:4a:2c:ca:eb:ea:6b:5c:59:c8:9c:
                    af:50:04:df:12:59:fa:18:bb:ab:8f:99:c4:a4:36:
                    f3:8a:e8:82:e0:c2:80:9e:34:1e:ce:2a:90:ca:8f:
                    28:57:81:45:ba:02:ae:aa:13:d7:63:53:27:71:3d:
                    c3:22:b1:db:50:0e:d9:4a:68:e5:26:eb:50:b7:65:
                    57:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:13:D0:92:E5:7E:AA:33:88:F0:94:93:70:52:64:0C:4C:4C:64:4B
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234362e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:26:26:f0:90:94:78:2b:14:bf:2e:c3:f7:b4:a2:60:55:e6:
         98:f3:63:21:80:35:22:21:45:1c:03:f8:87:eb:f7:af:66:7a:
         bc:64:62:14:c1:7a:d8:a0:f1:06:1d:2f:65:81:72:b1:42:a5:
         a8:6d:2b:81:63:20:d9:18:88:2b:23:85:40:1c:10:53:38:89:
         53:5e:a4:91:96:37:77:88:5c:54:34:74:19:c3:67:59:10:ab:
         04:13:53:96:b7:32:54:96:cb:5f:a3:58:e6:ff:0b:1a:57:11:
         1c:ff:ed:48:ee:f2:ed:f8:46:9e:7f:81:1e:cb:47:75:b5:e7:
         c8:45:5f:8d:4e:c9:df:bb:01:50:08:c4:37:3f:e6:83:b3:30:
         17:e9:1d:a4:95:b6:ec:1a:3d:83:97:52:dc:94:0a:88:50:ba:
         68:08:15:61:ff:58:bb:31:1a:a8:58:f3:c4:d7:44:70:43:ce:
         96:27:fc:86:49:72:3c:bf:7c:8f:df:09:f4:67:cc:97:e7:39:
         cc:43:5b:ce:12:85:2d:dd:62:eb:06:80:7b:ec:33:63:d6:63:
         83:a9:1a:02:44:19:82:f1:a2:24:68:3e:ec:ee:ea:66:80:a3:
         dd:33:d4:28:71:44:57:95:cf:fa:e9:d7:67:c8:23:0c:b1:05:
         89:61:c9:8a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULho+MXxy7X1NLhUB3jF1ne84dUYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMwMjNaFw0yNjA1MDUwNjM1MjNaMDMxMTAvBgNV
BAMTKEU4MTNEMDkyRTU3RUFBMzM4OEYwOTQ5MzcwNTI2NDBDNEM0QzY0NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdzTxWWXBNoEuATPUX9ml1ZgKW
gt9or0xOfBHGvhUke9gjIibW/NFifc2lCmmggvFtPXWuWW407jhU4mUBsUUxMYGQ
AuMw9KE9U3DgY1d6dWD197Hn55sg8gISoStoFecvFfBUGwDTQLyCSIEkBf/EghBw
KcMajlQX+9h+cZGaxvumrfIOTDl+HGkAP58pT78IfmSYqFWoJz1WDplDLd/VxtG4
fLCFIMotolS1HutwSTfr06J1/tWsSizK6+prXFnInK9QBN8SWfoYu6uPmcSkNvOK
6ILgwoCeNB7OKpDKjyhXgUW6Aq6qE9djUydxPcMisdtQDtlKaOUm61C3ZVfTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU6BPQkuV+qjOI8JSTcFJkDExMZEswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjM0
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8U
9jANBgkqhkiG9w0BAQsFAAOCAQEAWyYm8JCUeCsUvy7D97SiYFXmmPNjIYA1IiFF
HAP4h+v3r2Z6vGRiFMF62KDxBh0vZYFysUKlqG0rgWMg2RiIKyOFQBwQUziJU16k
kZY3d4hcVDR0GcNnWRCrBBNTlrcyVJbLX6NY5v8LGlcRHP/tSO7y7fhGnn+BHstH
dbXnyEVfjU7J37sBUAjENz/mg7MwF+kdpJW27Bo9g5dS3JQKiFC6aAgVYf9YuzEa
qFjzxNdEcEPOlif8hklyPL98j98J9GfMl+c5zENbzhKFLd1i6waAe+wzY9Zjg6ka
AkQZgvGiJGg+7O7qZoCj3TPUKHFEV5XP+unXZ8gjDLEFiWHJig==
-----END CERTIFICATE-----