Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130382e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3130382e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          7zQDmJCDmHxurfr4fiSBV6Ev+1NDKytrABFJOHHS/4c=
Subject key identifier:   B3:E1:72:22:1D:1E:8A:7F:78:2F:8D:09:E0:D6:B4:B6:CF:46:09:8E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       20E3AC34DB1BC2FE8EF54D9BE26EA3754C2A748E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130382e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:10 +0000
ROA not before:           Thu 21 Aug 2025 06:34:10 +0000
ROA not after:            Thu 20 Aug 2026 06:39:10 +0000
asID:                     2914
IP address blocks:        145.79.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:e3:ac:34:db:1b:c2:fe:8e:f5:4d:9b:e2:6e:a3:75:4c:2a:74:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:10 2025 GMT
            Not After : Aug 20 06:39:10 2026 GMT
        Subject: CN=B3E172221D1E8A7F782F8D09E0D6B4B6CF46098E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:6c:76:33:34:f6:83:79:da:45:20:70:d3:23:
                    6a:10:cc:37:ac:e2:f1:7a:3e:a5:2d:a7:63:4d:ef:
                    ac:b5:95:b8:8e:f6:05:0d:53:75:78:ac:a4:1a:57:
                    0f:58:47:e6:83:bf:25:f2:1b:a4:db:5e:dc:2c:ab:
                    2e:12:8e:93:51:fc:3e:3f:fb:d8:a9:32:53:64:1e:
                    c1:aa:a8:e6:02:df:50:aa:c0:6c:0d:75:88:04:e8:
                    d5:01:62:2b:fe:9c:e9:e2:e8:ac:78:43:01:16:58:
                    50:77:92:22:22:3e:45:07:6c:95:ad:5b:64:19:6a:
                    e5:fc:85:cd:3c:3c:3d:80:e7:dc:c8:2f:91:17:5c:
                    59:97:2c:1e:7d:50:5c:64:3e:71:22:34:63:86:82:
                    6b:bd:18:2f:6d:10:73:b1:6b:84:74:65:da:a0:64:
                    b4:c7:14:ea:cd:73:4f:63:05:39:b6:5a:6c:3c:b6:
                    49:34:5d:46:02:15:fd:95:0b:73:0f:fc:dc:d9:85:
                    33:31:f5:a2:ca:01:6c:49:bc:4e:c1:be:1b:91:c8:
                    4b:e7:66:de:b2:4e:7b:cb:a4:d9:d6:b9:59:8c:27:
                    be:3b:f5:c4:37:2a:af:a8:70:82:27:0e:1f:e6:ac:
                    34:0b:f5:fc:40:b9:f4:fd:23:ce:82:1b:22:a1:1d:
                    da:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:E1:72:22:1D:1E:8A:7F:78:2F:8D:09:E0:D6:B4:B6:CF:46:09:8E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3130382e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:a9:61:af:c6:34:a3:ee:6f:ad:01:e6:9f:ef:42:47:4e:8b:
         33:64:8f:fb:73:b0:df:71:b4:da:b3:3d:86:a7:c5:1c:d3:d7:
         4f:c0:ba:58:08:15:fb:f2:16:8e:f5:11:7a:c9:74:e2:9a:e0:
         ac:c6:bc:1d:16:fa:42:13:77:40:ef:cd:f2:a4:b8:1f:30:05:
         d2:81:47:30:cd:5b:f8:83:9c:c7:42:01:f0:eb:6c:1e:02:24:
         0c:57:5d:d7:3e:63:73:ed:08:99:4e:b6:ed:bf:d0:15:2d:5e:
         72:43:ae:ed:cc:27:33:7c:fa:02:9a:78:2c:26:f7:ad:b2:bf:
         cf:36:7b:0a:5b:38:87:ba:9d:53:cb:16:47:a7:1f:55:3f:86:
         5d:da:69:27:83:76:30:20:ae:9b:4d:0c:fc:1c:cb:5d:ff:1c:
         32:35:5c:7c:10:6a:c4:7b:7f:e9:37:28:8d:92:94:d0:db:cb:
         03:0e:81:24:1e:2e:2d:d2:b9:34:94:29:59:63:9a:0f:c2:a6:
         82:22:f0:58:5d:75:aa:29:5c:f5:70:d1:7d:ac:62:bd:72:b6:
         1a:7a:0f:ad:d7:fc:02:8a:2c:2f:f0:cd:1c:84:75:cd:73:c2:
         65:cf:4f:7a:79:b3:62:c2:b2:b7:83:65:85:25:6d:19:76:5b:
         3a:41:20:44
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIOOsNNsbwv6O9U2b4m6jdUwqdI4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MTBaFw0yNjA4MjAwNjM5MTBaMDMxMTAvBgNV
BAMTKEIzRTE3MjIyMUQxRThBN0Y3ODJGOEQwOUUwRDZCNEI2Q0Y0NjA5OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQbHYzNPaDedpFIHDTI2oQzDes
4vF6PqUtp2NN76y1lbiO9gUNU3V4rKQaVw9YR+aDvyXyG6TbXtwsqy4SjpNR/D4/
+9ipMlNkHsGqqOYC31CqwGwNdYgE6NUBYiv+nOni6Kx4QwEWWFB3kiIiPkUHbJWt
W2QZauX8hc08PD2A59zIL5EXXFmXLB59UFxkPnEiNGOGgmu9GC9tEHOxa4R0Zdqg
ZLTHFOrNc09jBTm2Wmw8tkk0XUYCFf2VC3MP/NzZhTMx9aLKAWxJvE7BvhuRyEvn
Zt6yTnvLpNnWuVmMJ7479cQ3Kq+ocIInDh/mrDQL9fxAufT9I86CGyKhHdqtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUs+FyIh0ein94L40J4Na0ts9GCY4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMw
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
bDANBgkqhkiG9w0BAQsFAAOCAQEAf6lhr8Y0o+5vrQHmn+9CR06LM2SP+3Ow33G0
2rM9hqfFHNPXT8C6WAgV+/IWjvUResl04prgrMa8HRb6QhN3QO/N8qS4HzAF0oFH
MM1b+IOcx0IB8OtsHgIkDFdd1z5jc+0ImU627b/QFS1eckOu7cwnM3z6App4LCb3
rbK/zzZ7Cls4h7qdU8sWR6cfVT+GXdppJ4N2MCCum00M/BzLXf8cMjVcfBBqxHt/
6TcojZKU0NvLAw6BJB4uLdK5NJQpWWOaD8KmgiLwWF11qilc9XDRfaxivXK2GnoP
rdf8AoosL/DNHIR1zXPCZc9PenmzYsKyt4NlhSVtGXZbOkEgRA==
-----END CERTIFICATE-----