Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130312e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3130312e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          gU1JlNKrlKzlnrm/gSi5W2oUoggKX9vUFKsFzRkZYq0=
Subject key identifier:   12:A7:66:FE:13:B9:F4:40:BC:02:02:34:1F:0C:5B:0E:A5:01:00:C0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       18980E83AFFD9DE4B141A967813E48FC91F4CA85
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130312e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:14 +0000
ROA not before:           Thu 21 Aug 2025 06:34:14 +0000
ROA not after:            Thu 20 Aug 2026 06:39:14 +0000
asID:                     2914
IP address blocks:        145.79.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:98:0e:83:af:fd:9d:e4:b1:41:a9:67:81:3e:48:fc:91:f4:ca:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:14 2025 GMT
            Not After : Aug 20 06:39:14 2026 GMT
        Subject: CN=12A766FE13B9F440BC0202341F0C5B0EA50100C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:73:fb:22:e7:47:9d:82:4c:84:7e:b6:32:7b:
                    24:6c:6f:48:6a:5a:9c:7b:e9:0c:26:0b:64:e1:83:
                    89:be:45:03:76:eb:4b:23:a2:17:e5:f5:6a:59:23:
                    6c:de:e7:aa:bf:ad:ef:a9:41:7d:52:4f:31:df:8b:
                    af:fd:28:73:a5:82:a2:ed:c4:f0:08:b2:bb:82:0d:
                    f6:96:a7:dc:ae:74:30:80:e5:f4:7d:bf:c4:c2:68:
                    e8:cf:1b:f9:0d:b1:cc:d9:c3:1b:41:a6:93:6d:bc:
                    80:e7:75:25:61:f1:15:02:e0:3b:9f:55:dc:df:94:
                    32:40:a3:5b:80:de:95:4e:e7:79:8f:49:5b:ed:f7:
                    7e:7e:24:98:6a:03:dd:01:76:ed:6c:fc:24:a4:57:
                    50:dc:ed:59:31:41:b3:c7:ba:ba:c6:3b:32:c7:12:
                    f5:d2:97:43:aa:80:7d:dd:9c:21:cf:97:58:66:29:
                    eb:4b:6f:2b:e3:af:8a:37:ac:44:a9:b6:1f:ef:b7:
                    61:98:8d:79:3d:89:56:b9:6a:65:be:d8:f9:f0:2e:
                    c3:63:ad:d1:d6:f4:73:c7:8b:e2:e3:e8:99:6d:52:
                    e1:99:01:37:c7:43:06:c8:35:b5:09:73:d7:3c:80:
                    a2:b4:a1:8a:e1:08:33:76:2e:bf:a5:9d:a9:bb:1d:
                    1c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:A7:66:FE:13:B9:F4:40:BC:02:02:34:1F:0C:5B:0E:A5:01:00:C0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130312e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:f4:6c:46:f1:c4:d3:74:8e:7c:9e:ea:4b:de:f4:50:e9:55:
         f5:38:da:22:98:c2:be:a0:2d:db:75:b2:be:72:98:29:53:13:
         46:c9:6d:ec:d5:e4:94:67:59:fb:90:21:f5:6d:2b:1e:d8:e0:
         8a:6d:46:27:ec:fd:25:6d:f9:89:de:1b:0f:dc:d1:b3:ce:e7:
         c0:05:a8:df:59:24:3d:70:c2:17:33:f8:36:3a:e7:2c:03:97:
         d6:6d:59:d7:29:55:38:89:33:78:1b:1e:a0:88:0b:61:c9:e7:
         41:32:35:3a:d3:c5:8b:b8:a1:52:31:97:7e:60:eb:57:e7:2e:
         6e:63:82:f1:6e:bf:5c:57:c1:e5:89:fa:cc:61:32:93:dd:a7:
         53:42:82:3d:2c:76:48:34:ad:11:27:15:aa:a0:41:73:f1:28:
         66:e9:48:0e:db:46:c2:74:61:8f:1e:df:31:14:7b:bc:60:37:
         3b:ad:ef:aa:af:dd:19:64:5b:17:25:09:d4:72:cd:b4:8f:dc:
         f1:f5:45:3a:f7:4a:d4:c8:54:55:e0:f2:b1:1b:4b:66:f5:ca:
         69:70:d9:bd:81:80:97:7b:e4:3a:d9:12:61:47:28:c7:ce:aa:
         7d:db:c4:d7:fb:ef:24:81:82:15:a3:72:d1:93:0e:eb:37:9e:
         41:de:d0:23
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGJgOg6/9neSxQalngT5I/JH0yoUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MTRaFw0yNjA4MjAwNjM5MTRaMDMxMTAvBgNV
BAMTKDEyQTc2NkZFMTNCOUY0NDBCQzAyMDIzNDFGMEM1QjBFQTUwMTAwQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+c/si50edgkyEfrYyeyRsb0hq
Wpx76QwmC2Thg4m+RQN260sjohfl9WpZI2ze56q/re+pQX1STzHfi6/9KHOlgqLt
xPAIsruCDfaWp9yudDCA5fR9v8TCaOjPG/kNsczZwxtBppNtvIDndSVh8RUC4Duf
VdzflDJAo1uA3pVO53mPSVvt935+JJhqA90Bdu1s/CSkV1Dc7VkxQbPHurrGOzLH
EvXSl0OqgH3dnCHPl1hmKetLbyvjr4o3rESpth/vt2GYjXk9iVa5amW+2PnwLsNj
rdHW9HPHi+Lj6JltUuGZATfHQwbINbUJc9c8gKK0oYrhCDN2Lr+lnam7HRzZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUEqdm/hO59EC8AgI0HwxbDqUBAMAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMw
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
ZTANBgkqhkiG9w0BAQsFAAOCAQEAUvRsRvHE03SOfJ7qS970UOlV9TjaIpjCvqAt
23WyvnKYKVMTRslt7NXklGdZ+5Ah9W0rHtjgim1GJ+z9JW35id4bD9zRs87nwAWo
31kkPXDCFzP4NjrnLAOX1m1Z1ylVOIkzeBseoIgLYcnnQTI1OtPFi7ihUjGXfmDr
V+cubmOC8W6/XFfB5Yn6zGEyk92nU0KCPSx2SDStEScVqqBBc/EoZulIDttGwnRh
jx7fMRR7vGA3O63vqq/dGWRbFyUJ1HLNtI/c8fVFOvdK1MhUVeDysRtLZvXKaXDZ
vYGAl3vkOtkSYUcox86qfdvE1/vvJIGCFaNy0ZMO6zeeQd7QIw==
-----END CERTIFICATE-----