Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130372e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3130372e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          8RUTBLz7mzPz+Ff6bz2pUsqwv11hGCPjkPr2OoCTSts=
Subject key identifier:   73:87:A7:B9:DC:D0:9B:02:78:4F:F9:9C:4C:AB:83:36:4E:45:2D:50
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       12ADF0FC7D6C8AA1C0084E873A0C8761C6256310
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130372e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:11 +0000
ROA not before:           Thu 21 Aug 2025 06:34:11 +0000
ROA not after:            Thu 20 Aug 2026 06:39:11 +0000
asID:                     2914
IP address blocks:        145.79.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:ad:f0:fc:7d:6c:8a:a1:c0:08:4e:87:3a:0c:87:61:c6:25:63:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:11 2025 GMT
            Not After : Aug 20 06:39:11 2026 GMT
        Subject: CN=7387A7B9DCD09B02784FF99C4CAB83364E452D50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:af:d0:f0:54:c5:2c:db:b5:47:39:85:d6:ad:
                    b6:02:6b:61:eb:bf:27:d6:38:93:fb:1b:d1:d1:65:
                    1e:b3:06:94:2a:40:49:73:4c:71:0a:ef:51:59:96:
                    77:38:f1:54:c1:3b:22:50:40:ab:aa:31:55:68:a5:
                    4e:b9:05:89:f7:12:30:19:32:87:4c:06:ca:44:38:
                    78:17:6e:37:22:62:46:4a:5d:3d:50:bf:43:9e:a1:
                    53:7c:38:e9:45:53:a8:b3:21:cf:41:d4:b8:8c:ce:
                    6d:30:30:e4:6f:c9:51:e1:48:85:1d:1e:7f:b7:26:
                    64:b9:5b:cd:35:aa:43:8b:ce:26:00:02:28:ca:b8:
                    f6:8d:39:35:e4:63:7a:b2:e1:95:79:cf:24:e2:49:
                    53:b6:32:a7:43:5e:47:ec:26:e9:3d:96:89:69:22:
                    b8:0c:f1:95:1b:fe:8a:7b:ea:7f:94:09:eb:f5:5f:
                    48:b9:20:58:8f:cf:61:d2:29:16:7e:55:c3:87:26:
                    df:6d:3d:eb:8b:0f:35:d6:29:2b:e1:02:0f:97:1c:
                    83:11:cf:11:7b:7f:a7:5e:0d:4e:4c:77:a3:57:ea:
                    75:19:ac:20:ef:bd:9c:2b:ad:03:6a:25:76:68:2e:
                    f2:db:51:96:21:40:6c:cf:c4:ff:b2:c6:34:f6:0b:
                    bb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:87:A7:B9:DC:D0:9B:02:78:4F:F9:9C:4C:AB:83:36:4E:45:2D:50
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130372e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:08:90:4e:17:3e:81:f4:55:e6:26:f7:20:5b:65:fa:9f:79:
         bc:41:0a:45:07:7f:fc:3a:78:1c:d6:07:14:61:0d:52:da:76:
         0d:d0:f1:0a:15:26:1d:37:97:da:f0:9e:c5:df:5e:84:d0:89:
         27:4d:04:f4:4d:cc:7d:62:eb:a1:5d:c5:4e:eb:f2:51:73:b8:
         a6:72:1c:57:d1:05:e1:9c:0c:f6:ad:fb:4b:73:28:d1:05:63:
         c9:e1:3c:67:f7:a9:93:3e:21:d6:af:c1:ba:8c:10:80:da:96:
         1c:d6:0b:a6:99:5d:d5:0b:78:a0:7b:3f:f1:d9:06:30:4b:15:
         3b:7b:69:61:a1:8b:a4:be:40:90:7b:1a:e4:63:e2:4c:32:8b:
         cb:93:9a:09:21:a0:51:15:4b:f5:df:5c:c8:b7:26:26:5f:41:
         44:bf:4f:47:9c:fa:7d:f4:d7:1e:d7:2b:95:4f:e1:b1:63:b3:
         ef:be:5f:c3:39:ed:2b:f9:04:54:2b:f4:47:1c:ff:43:f5:ea:
         f6:07:5c:19:17:1f:9e:40:4b:ef:29:c5:d0:d2:47:d6:c0:3b:
         b0:0d:fe:9d:97:98:9e:d3:a2:eb:ef:43:86:0e:79:b2:5e:d1:
         d8:c9:5b:b6:a1:c7:06:6e:f5:83:4e:b2:f1:04:37:d5:20:d4:
         05:55:d1:d5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEq3w/H1siqHACE6HOgyHYcYlYxAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MTFaFw0yNjA4MjAwNjM5MTFaMDMxMTAvBgNV
BAMTKDczODdBN0I5RENEMDlCMDI3ODRGRjk5QzRDQUI4MzM2NEU0NTJENTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChr9DwVMUs27VHOYXWrbYCa2Hr
vyfWOJP7G9HRZR6zBpQqQElzTHEK71FZlnc48VTBOyJQQKuqMVVopU65BYn3EjAZ
ModMBspEOHgXbjciYkZKXT1Qv0OeoVN8OOlFU6izIc9B1LiMzm0wMORvyVHhSIUd
Hn+3JmS5W801qkOLziYAAijKuPaNOTXkY3qy4ZV5zyTiSVO2MqdDXkfsJuk9lolp
IrgM8ZUb/op76n+UCev1X0i5IFiPz2HSKRZ+VcOHJt9tPeuLDzXWKSvhAg+XHIMR
zxF7f6deDU5Md6NX6nUZrCDvvZwrrQNqJXZoLvLbUZYhQGzPxP+yxjT2C7tVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUc4enudzQmwJ4T/mcTKuDNk5FLVAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMw
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
azANBgkqhkiG9w0BAQsFAAOCAQEANgiQThc+gfRV5ib3IFtl+p95vEEKRQd//Dp4
HNYHFGENUtp2DdDxChUmHTeX2vCexd9ehNCJJ00E9E3MfWLroV3FTuvyUXO4pnIc
V9EF4ZwM9q37S3Mo0QVjyeE8Z/epkz4h1q/BuowQgNqWHNYLppld1Qt4oHs/8dkG
MEsVO3tpYaGLpL5AkHsa5GPiTDKLy5OaCSGgURVL9d9cyLcmJl9BRL9PR5z6ffTX
HtcrlU/hsWOz775fwzntK/kEVCv0Rxz/Q/Xq9gdcGRcfnkBL7ynF0NJH1sA7sA3+
nZeYntOi6+9Dhg55sl7R2MlbtqHHBm71g06y8QQ31SDUBVXR1Q==
-----END CERTIFICATE-----