Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3235312e302f32342d3234203d3e2035303635.roa
File:                     3134332e32302e3235312e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          s3sROFoEyoTHikZzsjyLtHg0AcVlAJvqMVggJtcLsmw=
Subject key identifier:   2D:AE:BA:82:C6:33:F0:10:4F:AA:77:9F:40:A8:CE:40:07:BC:A3:40
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       0F015375FB13ADA6AB054606C7816C840A6F50E9
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3235312e302f32342d3234203d3e2035303635.roa
Signing time:             Tue 06 May 2025 06:35:33 +0000
ROA not before:           Tue 06 May 2025 06:30:33 +0000
ROA not after:            Tue 05 May 2026 06:35:33 +0000
asID:                     5065
IP address blocks:        143.20.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 12:07:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:01:53:75:fb:13:ad:a6:ab:05:46:06:c7:81:6c:84:0a:6f:50:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:30:33 2025 GMT
            Not After : May  5 06:35:33 2026 GMT
        Subject: CN=2DAEBA82C633F0104FAA779F40A8CE4007BCA340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:19:ba:41:33:bc:f4:30:6f:38:d9:8e:21:f4:
                    96:0d:da:93:b7:1d:87:c6:ce:78:94:11:44:63:4f:
                    dc:e6:34:48:52:88:6b:23:76:b2:0e:3f:0c:33:e8:
                    47:9a:b7:ba:e1:db:e0:eb:82:82:2e:3a:5b:f3:6c:
                    7f:69:9a:cf:b1:d5:27:56:a1:06:6c:0a:8c:d8:8d:
                    36:9f:d7:ba:93:64:f3:68:a2:e6:e7:cd:4e:4a:76:
                    cf:8b:8c:15:95:98:e7:33:d1:cc:af:39:7f:db:4b:
                    e0:68:ca:e0:57:eb:15:ba:5d:b1:7b:d1:31:94:d0:
                    d6:2b:5b:90:d2:10:49:7c:a7:9a:b2:36:2b:38:f6:
                    a9:0c:46:c0:40:8c:e6:56:86:3a:23:f7:fb:86:22:
                    3c:46:69:32:90:6b:00:f4:ef:58:74:af:d4:43:de:
                    e7:4e:2b:8a:e7:28:34:93:11:9e:8e:06:4b:98:8b:
                    72:1d:35:e5:6b:69:8e:00:6e:88:f1:00:69:5e:a9:
                    e6:5f:2e:2b:c4:73:f4:9c:73:f9:51:43:49:9c:f5:
                    3f:d3:9b:7d:9f:5d:ed:fd:57:ac:ed:c1:35:db:dc:
                    d9:64:a0:bd:1c:fe:80:13:16:2c:be:ea:78:85:13:
                    7c:b7:3c:d1:e2:65:db:fc:39:e1:86:e3:ad:32:b3:
                    da:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:AE:BA:82:C6:33:F0:10:4F:AA:77:9F:40:A8:CE:40:07:BC:A3:40
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3235312e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:4e:e6:05:15:ae:e4:ac:fa:21:94:c9:40:b7:ab:78:25:15:
         0a:47:c9:80:05:dc:25:09:4a:2f:79:a4:f9:e6:a1:1f:b9:a9:
         8c:db:e5:ca:0b:b3:1d:36:77:a5:d4:50:95:db:6a:f2:b5:4d:
         98:be:7d:cd:44:45:45:62:63:8b:53:0e:43:bb:d9:78:f9:9d:
         16:8a:2d:5a:b3:31:95:1e:f9:95:ee:f2:9f:7a:7a:0d:50:03:
         7c:0f:40:ba:83:6c:d0:fa:a3:8f:2e:cc:6d:fa:ea:b5:e8:43:
         1a:23:de:9f:b9:13:1e:60:46:3a:39:27:a9:32:31:a5:c0:82:
         0e:5c:e5:89:2d:b9:11:24:b7:19:e0:75:81:3c:fd:9c:02:0e:
         da:38:14:04:ac:c0:da:df:40:fe:ff:a1:93:db:f1:e0:2e:52:
         2f:98:46:05:4d:62:81:63:2d:35:d2:9f:ea:c9:b2:86:73:76:
         02:77:12:d1:a0:3b:db:ea:d9:09:9c:35:8b:ab:f9:ea:4e:8f:
         8d:00:33:44:d4:9b:e7:73:7a:e8:49:92:ae:2d:93:76:0a:cd:
         0a:8c:f9:34:24:45:a5:1b:76:73:14:47:d7:5a:ac:29:0c:e7:
         68:53:65:47:98:a8:36:1f:27:87:a6:e0:05:06:e1:0f:f9:bc:
         aa:6b:bd:0a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDwFTdfsTraarBUYGx4FshApvUOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMwMzNaFw0yNjA1MDUwNjM1MzNaMDMxMTAvBgNV
BAMTKDJEQUVCQTgyQzYzM0YwMTA0RkFBNzc5RjQwQThDRTQwMDdCQ0EzNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSGbpBM7z0MG842Y4h9JYN2pO3
HYfGzniUEURjT9zmNEhSiGsjdrIOPwwz6Eeat7rh2+DrgoIuOlvzbH9pms+x1SdW
oQZsCozYjTaf17qTZPNooubnzU5Kds+LjBWVmOcz0cyvOX/bS+BoyuBX6xW6XbF7
0TGU0NYrW5DSEEl8p5qyNis49qkMRsBAjOZWhjoj9/uGIjxGaTKQawD071h0r9RD
3udOK4rnKDSTEZ6OBkuYi3IdNeVraY4AbojxAGleqeZfLivEc/Scc/lRQ0mc9T/T
m32fXe39V6ztwTXb3NlkoL0c/oATFiy+6niFE3y3PNHiZdv8OeGG460ys9oDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULa66gsYz8BBPqnefQKjOQAe8o0AwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjM1
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8U
+zANBgkqhkiG9w0BAQsFAAOCAQEAeE7mBRWu5Kz6IZTJQLereCUVCkfJgAXcJQlK
L3mk+eahH7mpjNvlyguzHTZ3pdRQldtq8rVNmL59zURFRWJji1MOQ7vZePmdFoot
WrMxlR75le7yn3p6DVADfA9AuoNs0Pqjjy7MbfrqtehDGiPen7kTHmBGOjknqTIx
pcCCDlzliS25ESS3GeB1gTz9nAIO2jgUBKzA2t9A/v+hk9vx4C5SL5hGBU1igWMt
NdKf6smyhnN2AncS0aA72+rZCZw1i6v56k6PjQAzRNSb53N66EmSri2TdgrNCoz5
NCRFpRt2cxRH11qsKQznaFNlR5ioNh8nh6bgBQbhD/m8qmu9Cg==
-----END CERTIFICATE-----