Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234372e302f32342d3234203d3e20383334.roa
File:                     3134332e32302e3234372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          9Fu/ZDevh2obc7FCjOwFBkAhc9+eLiaTU8qRONjeCvo=
Subject key identifier:   56:47:B6:B0:BC:E6:3D:38:FE:C6:9B:91:21:3F:1F:B9:AF:71:AB:7F
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       3C9EBEF30298225C1D2CEDBFA982FD25F5C86190
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 06 May 2025 06:35:05 +0000
ROA not before:           Tue 06 May 2025 06:30:05 +0000
ROA not after:            Tue 05 May 2026 06:35:05 +0000
asID:                     834
IP address blocks:        143.20.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:9e:be:f3:02:98:22:5c:1d:2c:ed:bf:a9:82:fd:25:f5:c8:61:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:30:05 2025 GMT
            Not After : May  5 06:35:05 2026 GMT
        Subject: CN=5647B6B0BCE63D38FEC69B91213F1FB9AF71AB7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8d:ed:4e:cb:65:33:55:6c:c9:65:da:3e:d4:
                    b8:64:13:0f:fe:7b:1f:1f:54:66:e6:57:21:83:71:
                    99:e3:6b:0a:73:fb:b6:68:79:32:43:4a:48:59:75:
                    ea:95:91:94:0a:cc:27:9b:69:49:f1:c9:88:e6:10:
                    e2:b8:f4:67:96:b7:13:8c:c4:13:c0:4f:17:38:cb:
                    43:51:3b:6e:2e:b4:60:8c:92:98:af:58:b6:58:ee:
                    e3:4f:18:2e:bb:16:63:14:d4:f4:40:ac:3d:8f:ab:
                    ea:19:ab:c0:d5:24:d1:10:a9:93:68:ef:b7:b8:54:
                    00:9b:76:60:41:0b:ba:de:27:38:f5:26:68:e8:31:
                    7e:f7:93:8e:70:11:c3:fd:31:68:5e:a6:e2:13:8e:
                    8d:e2:6a:27:97:00:b1:3e:c3:c6:f0:81:91:3e:e6:
                    ac:aa:c6:87:34:84:a9:24:37:3f:c7:f9:fa:3d:6b:
                    cf:53:0b:42:cf:2a:62:1e:ee:a5:7a:d2:cf:5a:63:
                    40:bb:0e:a4:93:f9:86:e4:4e:8d:7c:e6:a3:18:f5:
                    22:25:a2:ee:bf:43:24:01:c6:c4:1b:71:72:6f:18:
                    50:bd:71:3b:4e:e2:e4:91:5e:cc:d3:32:df:82:07:
                    ac:93:dc:a6:de:ce:04:d4:bf:29:a1:05:4b:b1:12:
                    73:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:47:B6:B0:BC:E6:3D:38:FE:C6:9B:91:21:3F:1F:B9:AF:71:AB:7F
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:41:79:d7:be:65:c0:6f:c7:8e:4b:f8:30:80:69:04:eb:d9:
         22:01:08:4f:a8:e2:de:74:3e:3c:e6:1f:d5:80:bc:c5:2a:df:
         92:4f:a5:e6:24:47:88:86:cf:88:51:90:4c:84:90:d4:71:ea:
         d3:aa:04:cb:94:3f:1c:1d:ab:ae:d0:ed:35:fd:2b:a4:5d:d7:
         6e:58:3b:cb:6d:1c:8a:db:0f:1a:8c:80:29:e8:0a:db:39:71:
         10:2d:e9:fe:9b:51:69:50:1d:12:b5:5a:8a:1e:ad:c0:34:bf:
         39:36:81:fd:62:11:82:22:73:7b:6c:d4:17:59:63:40:28:7b:
         2f:ad:51:6e:f2:6c:08:6c:66:c9:3b:c1:75:b4:29:c5:a0:f2:
         d8:c5:49:f9:cf:e3:69:e9:7e:49:55:db:8a:10:49:2a:c8:3c:
         50:36:5b:af:b6:5b:30:d4:ad:5d:16:32:04:51:01:40:2d:a6:
         f3:eb:19:1e:18:e5:92:07:13:28:8a:4c:69:66:e1:28:25:59:
         7d:09:5b:58:59:44:f4:00:e8:dd:2b:12:a7:68:f1:b9:ce:07:
         b4:ba:27:b1:69:e2:4d:5d:23:ab:8c:a0:98:59:cf:d7:29:84:
         53:cf:9f:71:89:c3:3d:99:d4:9d:f5:63:7d:55:06:d3:a5:54:
         9f:5b:4b:e1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPJ6+8wKYIlwdLO2/qYL9JfXIYZAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMwMDVaFw0yNjA1MDUwNjM1MDVaMDMxMTAvBgNV
BAMTKDU2NDdCNkIwQkNFNjNEMzhGRUM2OUI5MTIxM0YxRkI5QUY3MUFCN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZje1Oy2UzVWzJZdo+1LhkEw/+
ex8fVGbmVyGDcZnjawpz+7ZoeTJDSkhZdeqVkZQKzCebaUnxyYjmEOK49GeWtxOM
xBPATxc4y0NRO24utGCMkpivWLZY7uNPGC67FmMU1PRArD2Pq+oZq8DVJNEQqZNo
77e4VACbdmBBC7reJzj1JmjoMX73k45wEcP9MWhepuITjo3iaieXALE+w8bwgZE+
5qyqxoc0hKkkNz/H+fo9a89TC0LPKmIe7qV60s9aY0C7DqST+YbkTo185qMY9SIl
ou6/QyQBxsQbcXJvGFC9cTtO4uSRXszTMt+CB6yT3KbezgTUvymhBUuxEnNXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUVke2sLzmPTj+xpuRIT8fua9xq38wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjM0
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFPcw
DQYJKoZIhvcNAQELBQADggEBABlBede+ZcBvx45L+DCAaQTr2SIBCE+o4t50Pjzm
H9WAvMUq35JPpeYkR4iGz4hRkEyEkNRx6tOqBMuUPxwdq67Q7TX9K6Rd125YO8tt
HIrbDxqMgCnoCts5cRAt6f6bUWlQHRK1WooercA0vzk2gf1iEYIic3ts1BdZY0Ao
ey+tUW7ybAhsZsk7wXW0KcWg8tjFSfnP42npfklV24oQSSrIPFA2W6+2WzDUrV0W
MgRRAUAtpvPrGR4Y5ZIHEyiKTGlm4SglWX0JW1hZRPQA6N0rEqdo8bnOB7S6J7Fp
4k1dI6uMoJhZz9cphFPPn3GJwz2Z1J31Y31VBtOlVJ9bS+E=
-----END CERTIFICATE-----