Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130362e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3130362e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          o7c4GI+N+oSL8laPl4rVcUNPkltjsu4B7wJ1AvjpvlY=
Subject key identifier:   D2:33:E3:DD:5A:82:8F:AC:8A:DA:BC:3E:72:A1:8E:D8:7D:A2:6B:99
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       46234D58AD7BE2AE74586969312D0231024C80BD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130362e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 14 Oct 2025 06:57:36 +0000
ROA not before:           Tue 14 Oct 2025 06:52:36 +0000
ROA not after:            Tue 13 Oct 2026 06:57:36 +0000
asID:                     2914
IP address blocks:        145.79.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:23:4d:58:ad:7b:e2:ae:74:58:69:69:31:2d:02:31:02:4c:80:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 14 06:52:36 2025 GMT
            Not After : Oct 13 06:57:36 2026 GMT
        Subject: CN=D233E3DD5A828FAC8ADABC3E72A18ED87DA26B99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f0:2b:9d:5e:56:2f:03:ed:d5:54:a0:b8:e3:
                    8f:fc:1c:77:60:f8:8a:2d:64:e1:5c:5f:fd:4b:67:
                    90:a6:e7:65:c3:eb:1b:b4:2b:b1:71:74:64:1d:9e:
                    6a:cb:15:1e:64:e8:93:53:5e:00:00:81:f6:25:2a:
                    eb:2e:24:0d:77:c5:a4:47:f9:5c:4d:da:85:42:dc:
                    2d:ba:f1:66:7f:58:d5:45:ce:42:09:43:a9:0c:da:
                    03:f3:95:e4:24:04:9f:e8:cd:77:c7:c1:f9:e1:d3:
                    1f:7a:fe:2d:72:94:b9:cd:7a:05:bc:8f:fd:70:d3:
                    1c:72:f7:57:ed:8e:87:96:7d:4e:6b:3c:5c:93:fb:
                    10:7f:ed:1c:de:ec:35:d5:a3:2c:48:ec:fa:42:b0:
                    a1:1f:85:a2:89:75:46:4e:f9:6a:40:d9:91:44:92:
                    05:44:51:aa:d5:cf:2f:fb:45:dc:96:a2:0d:5f:ed:
                    0d:ab:51:a3:20:17:1a:b5:fa:9a:e0:67:45:f9:e6:
                    81:cf:e1:a3:bd:f8:02:be:be:fb:5f:cb:c6:b9:da:
                    d0:9a:d8:e8:2d:93:a4:ec:63:e7:50:7f:f7:8e:c7:
                    fc:ef:aa:7a:e9:8b:2b:b9:21:94:82:54:db:d2:e6:
                    99:9d:b7:37:78:e5:ae:53:37:da:b6:27:70:86:a8:
                    76:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:33:E3:DD:5A:82:8F:AC:8A:DA:BC:3E:72:A1:8E:D8:7D:A2:6B:99
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130362e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:ec:2d:0f:09:fd:6b:f9:14:b3:53:47:3a:96:9a:64:91:de:
         e7:4d:73:60:85:80:0e:f6:dc:ac:f2:1e:72:66:98:f4:54:51:
         83:9f:b4:3c:fb:f1:30:ab:72:fb:60:54:a9:50:76:37:68:59:
         03:31:de:be:c9:ae:29:69:19:e9:26:87:9d:a9:2c:bb:aa:d9:
         ac:95:47:e9:29:59:94:7b:4c:2c:01:44:81:54:ba:88:42:ae:
         a1:6e:e4:38:3f:33:ae:df:e2:ef:c0:34:19:d8:e7:f1:e7:d2:
         bd:e9:e4:0b:6d:f1:09:3e:17:c3:4a:78:75:38:85:c3:8a:3e:
         93:1e:b8:53:37:d0:b9:e7:7f:0e:4f:3e:e6:9e:97:cc:51:1e:
         71:a5:6b:de:a0:7e:81:bd:15:86:d6:d7:da:af:ee:36:08:59:
         7f:b3:62:46:d9:ea:d6:b8:bd:50:b8:61:ed:b2:1b:b7:ab:70:
         bb:6a:88:0f:b5:d0:f6:a7:ee:cc:ed:b9:b1:56:b7:96:cf:f8:
         b0:07:39:c3:cc:5a:86:0f:40:8a:63:00:8d:cd:cc:1f:e5:1c:
         7c:5d:bd:f0:fd:37:e3:f9:c6:35:cc:78:66:e9:13:80:c1:9e:
         3d:a3:5c:80:6d:5d:b3:27:11:77:fa:36:23:22:56:36:ad:be:
         3c:dd:15:b9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURiNNWK174q50WGlpMS0CMQJMgL0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMTQwNjUyMzZaFw0yNjEwMTMwNjU3MzZaMDMxMTAvBgNV
BAMTKEQyMzNFM0RENUE4MjhGQUM4QURBQkMzRTcyQTE4RUQ4N0RBMjZCOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs8CudXlYvA+3VVKC444/8HHdg
+IotZOFcX/1LZ5Cm52XD6xu0K7FxdGQdnmrLFR5k6JNTXgAAgfYlKusuJA13xaRH
+VxN2oVC3C268WZ/WNVFzkIJQ6kM2gPzleQkBJ/ozXfHwfnh0x96/i1ylLnNegW8
j/1w0xxy91ftjoeWfU5rPFyT+xB/7Rze7DXVoyxI7PpCsKEfhaKJdUZO+WpA2ZFE
kgVEUarVzy/7RdyWog1f7Q2rUaMgFxq1+prgZ0X55oHP4aO9+AK+vvtfy8a52tCa
2Ogtk6TsY+dQf/eOx/zvqnrpiyu5IZSCVNvS5pmdtzd45a5TN9q2J3CGqHZFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0jPj3VqCj6yK2rw+cqGO2H2ia5kwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMw
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
ajANBgkqhkiG9w0BAQsFAAOCAQEAcOwtDwn9a/kUs1NHOpaaZJHe501zYIWADvbc
rPIecmaY9FRRg5+0PPvxMKty+2BUqVB2N2hZAzHevsmuKWkZ6SaHnaksu6rZrJVH
6SlZlHtMLAFEgVS6iEKuoW7kOD8zrt/i78A0Gdjn8efSvenkC23xCT4Xw0p4dTiF
w4o+kx64UzfQued/Dk8+5p6XzFEecaVr3qB+gb0VhtbX2q/uNghZf7NiRtnq1ri9
ULhh7bIbt6twu2qID7XQ9qfuzO25sVa3ls/4sAc5w8xahg9AimMAjc3MH+UcfF29
8P034/nGNcx4ZukTgMGePaNcgG1dsycRd/o2IyJWNq2+PN0VuQ==
-----END CERTIFICATE-----