Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130342e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3130342e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          YpIbHWIjh//utzRtHfQBDuW6/FWBNrHwq1h5Xh6ndhM=
Subject key identifier:   72:19:6A:F1:FB:C6:67:5E:B2:B0:87:5D:4B:CF:52:52:07:7F:1B:9E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       47C4A9855CCDFD413F019BE9909647C376E3EBE8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130342e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:12 +0000
ROA not before:           Thu 21 Aug 2025 06:34:12 +0000
ROA not after:            Thu 20 Aug 2026 06:39:12 +0000
asID:                     2914
IP address blocks:        145.79.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:c4:a9:85:5c:cd:fd:41:3f:01:9b:e9:90:96:47:c3:76:e3:eb:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:12 2025 GMT
            Not After : Aug 20 06:39:12 2026 GMT
        Subject: CN=72196AF1FBC6675EB2B0875D4BCF5252077F1B9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:de:94:08:48:68:30:93:13:f0:f7:85:f5:7f:
                    23:89:59:54:54:ae:bd:47:37:fd:37:7d:86:0c:90:
                    73:15:28:7c:9d:75:40:45:4b:a6:64:37:de:8e:d1:
                    4b:f6:18:9f:25:27:0b:cc:56:07:cd:7b:3c:83:a2:
                    5f:09:09:e9:ef:a9:ea:41:26:99:49:2a:fb:9b:ec:
                    ff:f7:95:08:cf:6c:7c:ba:64:2a:30:1d:cd:69:26:
                    80:47:21:f0:86:4b:03:65:14:40:73:e9:e7:1f:72:
                    14:5e:b4:fd:e8:ba:1c:a5:15:92:03:33:54:9f:06:
                    09:b3:93:d0:6b:bb:8a:df:a4:df:67:25:01:b2:db:
                    8b:80:5d:51:f3:ce:80:5c:09:a7:11:c7:e6:be:23:
                    f8:41:95:d1:a9:c0:50:86:f7:d2:7b:3f:1d:e2:d5:
                    de:13:c5:b0:2a:14:5f:bf:41:87:d0:fe:5b:8d:0d:
                    a5:61:71:c9:86:65:62:02:ab:9d:6d:58:9e:32:4b:
                    4d:a8:d1:27:a3:68:d4:67:4b:9a:14:bc:73:be:4d:
                    2a:f8:ab:98:76:4d:92:b0:42:10:59:bf:0b:db:f2:
                    ca:a9:7c:3f:7c:23:1a:57:28:f2:98:df:b3:c5:4e:
                    1d:31:d6:94:fa:c7:3e:3b:9c:2c:f3:a9:8b:f9:0a:
                    6e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:19:6A:F1:FB:C6:67:5E:B2:B0:87:5D:4B:CF:52:52:07:7F:1B:9E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130342e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:81:af:ef:05:e7:83:47:0d:16:b0:28:ca:2d:98:7e:04:71:
         2f:e7:13:39:8d:e4:34:e5:71:2f:10:0e:11:36:11:7c:55:e3:
         e8:3e:02:40:ae:02:4c:f7:ca:21:cc:c6:1d:3b:00:ca:0d:c9:
         bf:3b:d4:87:fd:e4:3c:51:52:04:ae:7c:8c:7a:bf:7e:8d:3a:
         70:4f:ac:76:7d:c2:0f:6e:9a:63:92:0d:09:82:55:6d:de:ab:
         84:4f:8a:8f:c4:b4:8b:a7:46:99:6b:65:ad:b7:51:99:55:76:
         11:39:bd:19:f7:31:f6:a7:9e:0d:77:da:9d:ba:7f:77:a1:37:
         90:9b:90:22:45:33:54:cc:49:71:9b:16:07:96:e2:57:49:68:
         ab:f4:f8:73:73:53:81:45:9b:58:ed:50:a5:9a:18:f5:92:37:
         97:50:c8:d8:20:8c:16:e7:c9:a9:b4:f9:99:21:10:00:09:b6:
         68:57:8b:ac:62:fe:9a:24:84:26:be:d8:60:7b:60:2f:99:8f:
         6b:eb:f1:ea:6c:dd:32:95:89:2a:6c:d2:73:9d:12:3a:f0:27:
         d0:2f:e8:20:c7:85:5b:80:45:75:5e:5e:02:86:70:49:a0:84:
         42:0e:f7:60:1b:09:21:a4:b7:0a:4b:c9:47:9e:2f:05:0e:40:
         20:b1:c2:80
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUR8SphVzN/UE/AZvpkJZHw3bj6+gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MTJaFw0yNjA4MjAwNjM5MTJaMDMxMTAvBgNV
BAMTKDcyMTk2QUYxRkJDNjY3NUVCMkIwODc1RDRCQ0Y1MjUyMDc3RjFCOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy3pQISGgwkxPw94X1fyOJWVRU
rr1HN/03fYYMkHMVKHyddUBFS6ZkN96O0Uv2GJ8lJwvMVgfNezyDol8JCenvqepB
JplJKvub7P/3lQjPbHy6ZCowHc1pJoBHIfCGSwNlFEBz6ecfchRetP3ouhylFZID
M1SfBgmzk9Bru4rfpN9nJQGy24uAXVHzzoBcCacRx+a+I/hBldGpwFCG99J7Px3i
1d4TxbAqFF+/QYfQ/luNDaVhccmGZWICq51tWJ4yS02o0SejaNRnS5oUvHO+TSr4
q5h2TZKwQhBZvwvb8sqpfD98IxpXKPKY37PFTh0x1pT6xz47nCzzqYv5Cm6vAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUchlq8fvGZ16ysIddS89SUgd/G54wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMw
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
aDANBgkqhkiG9w0BAQsFAAOCAQEAaYGv7wXng0cNFrAoyi2YfgRxL+cTOY3kNOVx
LxAOETYRfFXj6D4CQK4CTPfKIczGHTsAyg3JvzvUh/3kPFFSBK58jHq/fo06cE+s
dn3CD26aY5INCYJVbd6rhE+Kj8S0i6dGmWtlrbdRmVV2ETm9Gfcx9qeeDXfanbp/
d6E3kJuQIkUzVMxJcZsWB5biV0loq/T4c3NTgUWbWO1QpZoY9ZI3l1DI2CCMFufJ
qbT5mSEQAAm2aFeLrGL+miSEJr7YYHtgL5mPa+vx6mzdMpWJKmzSc50SOvAn0C/o
IMeFW4BFdV5eAoZwSaCEQg73YBsJIaS3CkvJR54vBQ5AILHCgA==
-----END CERTIFICATE-----