Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3235332e302f32342d3234203d3e2035303635.roa
File:                     3134332e32302e3235332e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          DjZGdYmD3Zb+hEKX9m6jJWQge3SBcQod8uQovP5JHj4=
Subject key identifier:   79:98:B3:0B:C8:86:0D:57:E7:43:61:0D:86:B6:47:E2:36:A1:4A:DF
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       5C1F66C832D999B8B2D1F7FC6BF8987754366189
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3235332e302f32342d3234203d3e2035303635.roa
Signing time:             Tue 06 May 2025 06:35:35 +0000
ROA not before:           Tue 06 May 2025 06:30:35 +0000
ROA not after:            Tue 05 May 2026 06:35:35 +0000
asID:                     5065
IP address blocks:        143.20.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 12:07:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:1f:66:c8:32:d9:99:b8:b2:d1:f7:fc:6b:f8:98:77:54:36:61:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  6 06:30:35 2025 GMT
            Not After : May  5 06:35:35 2026 GMT
        Subject: CN=7998B30BC8860D57E743610D86B647E236A14ADF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e2:85:3b:35:c0:a5:0f:b3:7b:e2:6d:92:9e:
                    fa:9d:91:9e:b8:fa:5a:1a:48:5c:20:3e:7b:ba:f3:
                    6b:1d:4c:b9:23:e3:96:c5:50:b7:60:95:3a:6a:01:
                    b4:84:f8:5e:da:56:76:85:c4:3c:40:25:c5:ed:d2:
                    86:29:18:96:44:86:b2:71:be:c0:c0:1a:6c:1b:a9:
                    e8:76:9d:bb:76:7e:f2:6d:be:dc:1e:8a:6d:1a:3b:
                    e0:44:e9:ac:d8:11:9f:73:c7:7a:90:c1:8d:ef:00:
                    fe:09:32:cd:e6:25:4d:7a:72:ef:6c:83:3f:fd:2d:
                    d7:61:22:99:e0:a8:66:e3:50:15:7f:93:bc:2b:25:
                    41:f4:46:4b:b8:6b:9c:fd:ba:88:06:6c:5b:aa:fc:
                    54:c3:c1:e9:75:ec:a3:34:00:95:9b:7f:d3:7c:ed:
                    73:62:ee:40:b8:6b:f1:22:d0:31:ae:ec:b2:0e:18:
                    5f:9d:57:54:fd:08:fc:b6:f3:50:2d:f1:fb:60:b3:
                    0c:eb:a8:31:ed:1e:ba:c9:d5:58:c4:da:64:65:dd:
                    c6:c4:86:1c:4f:16:aa:0e:f6:b7:6d:3e:ab:db:72:
                    3d:10:28:1b:9c:d9:2d:7a:4e:d2:3c:36:1f:03:37:
                    fc:a7:6b:26:0a:bb:95:c8:74:88:8e:d8:24:8f:6d:
                    55:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:98:B3:0B:C8:86:0D:57:E7:43:61:0D:86:B6:47:E2:36:A1:4A:DF
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3235332e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:b9:a7:07:32:ba:b0:ed:25:fe:ea:bd:6c:c5:ac:36:f0:01:
         ff:83:49:15:74:8b:c0:05:79:a9:62:16:97:5d:4a:41:a6:48:
         b8:3e:6a:3f:fd:f6:75:ad:e7:cd:df:e9:de:51:9f:1d:5d:7f:
         cd:41:98:c8:11:73:c9:6b:02:ba:82:74:22:0b:e0:6a:ba:50:
         2e:83:c2:96:64:45:10:3a:83:29:fb:9d:d0:a0:90:75:42:86:
         f3:83:06:7d:1f:5f:20:f9:d4:b8:bb:1f:36:44:fb:b8:06:bd:
         84:75:47:1f:bf:c4:8a:0a:2b:35:8a:33:b3:bc:9f:d6:fd:20:
         91:09:ad:b5:6e:cc:06:74:51:f4:2b:b1:a0:8c:da:16:b5:ed:
         27:78:9d:06:07:fe:af:db:e5:42:b8:91:93:56:59:d6:57:1a:
         90:f9:58:d1:1b:07:18:d9:4a:42:17:34:e5:ca:68:8e:37:24:
         47:47:f3:74:f3:a4:9b:47:50:d9:6e:26:8e:2b:c7:fb:51:fd:
         53:83:ec:2c:40:e2:9e:c6:a4:4e:7f:d0:84:b4:cb:76:a0:0f:
         d9:52:27:b9:96:98:1d:f3:cf:66:13:cc:96:c8:38:ae:96:b4:
         74:1b:3d:e1:50:3e:9f:90:62:9a:ce:7a:a6:24:b0:b8:64:17:
         e5:ac:74:b4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXB9myDLZmbiy0ff8a/iYd1Q2YYkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MDYwNjMwMzVaFw0yNjA1MDUwNjM1MzVaMDMxMTAvBgNV
BAMTKDc5OThCMzBCQzg4NjBENTdFNzQzNjEwRDg2QjY0N0UyMzZBMTRBREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq4oU7NcClD7N74m2SnvqdkZ64
+loaSFwgPnu682sdTLkj45bFULdglTpqAbSE+F7aVnaFxDxAJcXt0oYpGJZEhrJx
vsDAGmwbqeh2nbt2fvJtvtweim0aO+BE6azYEZ9zx3qQwY3vAP4JMs3mJU16cu9s
gz/9LddhIpngqGbjUBV/k7wrJUH0Rku4a5z9uogGbFuq/FTDwel17KM0AJWbf9N8
7XNi7kC4a/Ei0DGu7LIOGF+dV1T9CPy281At8ftgswzrqDHtHrrJ1VjE2mRl3cbE
hhxPFqoO9rdtPqvbcj0QKBuc2S16TtI8Nh8DN/ynayYKu5XIdIiO2CSPbVXBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeZizC8iGDVfnQ2ENhrZH4jahSt8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjM1
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8U
/TANBgkqhkiG9w0BAQsFAAOCAQEAFbmnBzK6sO0l/uq9bMWsNvAB/4NJFXSLwAV5
qWIWl11KQaZIuD5qP/32da3nzd/p3lGfHV1/zUGYyBFzyWsCuoJ0IgvgarpQLoPC
lmRFEDqDKfud0KCQdUKG84MGfR9fIPnUuLsfNkT7uAa9hHVHH7/EigorNYozs7yf
1v0gkQmttW7MBnRR9CuxoIzaFrXtJ3idBgf+r9vlQriRk1ZZ1lcakPlY0RsHGNlK
Qhc05cpojjckR0fzdPOkm0dQ2W4mjivH+1H9U4PsLEDinsakTn/QhLTLdqAP2VIn
uZaYHfPPZhPMlsg4rpa0dBs94VA+n5Bims56piSwuGQX5ax0tA==
-----END CERTIFICATE-----