Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234392e302f32342d3234203d3e2035303635.roa
File:                     3134332e32302e3234392e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          6UcPgOAj/X2grTZcS9it6TVDOlTSiefsXWQNbI8CCwA=
Subject key identifier:   73:CA:24:DC:49:8E:94:17:42:23:8A:0F:2A:66:55:70:7A:52:24:73
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       763250FCA685863AC9DC947E938C0145719F93BD
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234392e302f32342d3234203d3e2035303635.roa
Signing time:             Tue 06 May 2025 06:35:26 +0000
ROA not before:           Tue 06 May 2025 06:30:26 +0000
ROA not after:            Tue 05 May 2026 06:35:26 +0000
asID:                     5065
IP address blocks:        143.20.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 16:19:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:32:50:fc:a6:85:86:3a:c9:dc:94:7e:93:8c:01:45:71:9f:93:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:30:26 2025 GMT
            Not After : May  5 06:35:26 2026 GMT
        Subject: CN=73CA24DC498E941742238A0F2A6655707A522473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:08:c2:b3:6f:e4:c3:0d:22:d1:2a:30:6d:76:
                    4f:56:96:50:33:58:8a:fc:63:88:65:aa:6b:46:ab:
                    ff:80:b2:9f:5c:10:22:9c:5e:50:9d:5b:77:cb:1a:
                    62:59:72:8d:fb:8b:97:ec:99:a9:f5:03:63:6c:43:
                    70:b4:db:82:2e:b7:d4:df:68:dd:8f:89:ea:1a:39:
                    4e:c9:6d:1a:b5:73:99:20:25:61:5b:95:9d:aa:3a:
                    6c:4d:4c:25:4b:87:b2:da:69:ad:b9:54:19:57:e9:
                    36:d4:57:90:9c:fb:b2:eb:e0:05:f8:2a:6a:84:a9:
                    f0:7a:57:a1:19:57:ff:1c:00:bc:47:76:fe:df:83:
                    f8:bb:aa:1f:a7:a0:8c:17:24:32:72:0e:36:32:de:
                    b2:b7:f3:35:2f:14:24:3f:6c:21:0e:93:3c:35:c6:
                    94:30:e9:80:ac:86:40:16:8b:ec:de:2f:79:0d:35:
                    cc:67:78:cf:07:dd:05:a6:93:66:86:62:96:85:9b:
                    10:21:a8:7b:17:52:80:9a:48:0e:8b:5d:1b:35:2e:
                    60:49:b2:96:ab:1c:44:dd:0f:1f:ae:08:38:23:05:
                    18:5f:a6:dd:74:76:02:8a:ed:04:22:f6:ab:8a:53:
                    18:1b:79:a4:2b:3e:67:cc:b0:c2:07:f4:6d:80:73:
                    9b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:CA:24:DC:49:8E:94:17:42:23:8A:0F:2A:66:55:70:7A:52:24:73
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3234392e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:3e:bf:cc:7a:b4:a5:15:a5:04:f8:46:d6:2b:08:6e:28:37:
         4e:3d:da:68:a4:11:b3:10:63:12:c5:7d:40:31:53:3b:58:ec:
         ff:dc:8a:2c:d4:68:e2:e6:86:b1:26:e6:79:87:20:31:91:66:
         31:c0:a5:31:4f:ba:e4:24:1b:c0:1a:c7:e8:8b:01:22:ec:81:
         85:bf:c1:6a:ed:a5:14:69:3e:71:4b:92:e0:e2:93:51:83:0d:
         b2:7b:00:0a:4d:12:37:58:2f:91:bb:d5:f4:a7:ef:2d:31:26:
         8a:98:3a:ee:5b:dd:61:8a:b8:04:2e:3f:0d:71:b6:31:3c:be:
         5e:3d:3a:7d:40:ce:ff:30:51:84:2f:fb:16:55:7e:b7:de:21:
         a8:c5:28:7e:d4:28:26:a5:74:d6:e0:f6:6a:7a:5d:a3:27:1e:
         03:e6:f0:d5:e1:46:38:ef:fd:b0:c3:e7:b1:5c:d9:db:82:48:
         26:98:ae:0b:d9:54:41:9a:0c:39:11:24:05:6b:f0:de:2b:fc:
         c3:03:72:5e:63:5e:2e:cf:3f:49:a4:07:ad:6d:9a:7a:05:62:
         3d:56:20:84:1e:8a:af:40:36:8a:37:c0:fb:63:8d:20:9f:55:
         0c:03:bb:6c:37:74:3d:7a:62:b5:51:d1:bd:11:b6:d9:fb:31:
         b1:d5:10:45
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdjJQ/KaFhjrJ3JR+k4wBRXGfk70wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMwMjZaFw0yNjA1MDUwNjM1MjZaMDMxMTAvBgNV
BAMTKDczQ0EyNERDNDk4RTk0MTc0MjIzOEEwRjJBNjY1NTcwN0E1MjI0NzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOCMKzb+TDDSLRKjBtdk9WllAz
WIr8Y4hlqmtGq/+Asp9cECKcXlCdW3fLGmJZco37i5fsman1A2NsQ3C024Iut9Tf
aN2PieoaOU7JbRq1c5kgJWFblZ2qOmxNTCVLh7Laaa25VBlX6TbUV5Cc+7Lr4AX4
KmqEqfB6V6EZV/8cALxHdv7fg/i7qh+noIwXJDJyDjYy3rK38zUvFCQ/bCEOkzw1
xpQw6YCshkAWi+zeL3kNNcxneM8H3QWmk2aGYpaFmxAhqHsXUoCaSA6LXRs1LmBJ
sparHETdDx+uCDgjBRhfpt10dgKK7QQi9quKUxgbeaQrPmfMsMIH9G2Ac5tDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUc8ok3EmOlBdCI4oPKmZVcHpSJHMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjM0
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8U
+TANBgkqhkiG9w0BAQsFAAOCAQEAuD6/zHq0pRWlBPhG1isIbig3Tj3aaKQRsxBj
EsV9QDFTO1js/9yKLNRo4uaGsSbmeYcgMZFmMcClMU+65CQbwBrH6IsBIuyBhb/B
au2lFGk+cUuS4OKTUYMNsnsACk0SN1gvkbvV9KfvLTEmipg67lvdYYq4BC4/DXG2
MTy+Xj06fUDO/zBRhC/7FlV+t94hqMUoftQoJqV01uD2anpdoyceA+bw1eFGOO/9
sMPnsVzZ24JIJpiuC9lUQZoMOREkBWvw3iv8wwNyXmNeLs8/SaQHrW2aegViPVYg
hB6Kr0A2ijfA+2ONIJ9VDAO7bDd0PXpitVHRvRG22fsxsdUQRQ==
-----END CERTIFICATE-----