Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131302e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3131302e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          TYl3xXHrCI8ZhBTR02U2bGz0B2VfdzJoCXnULtoLYAQ=
Subject key identifier:   81:62:4A:E0:79:F8:71:83:C7:74:76:0E:9D:1F:A0:FF:FB:9C:EF:3C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       274355ADF3746C96F63C54004F80688E0B059CC9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131302e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:09 +0000
ROA not before:           Thu 21 Aug 2025 06:34:09 +0000
ROA not after:            Thu 20 Aug 2026 06:39:09 +0000
asID:                     2914
IP address blocks:        145.79.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:43:55:ad:f3:74:6c:96:f6:3c:54:00:4f:80:68:8e:0b:05:9c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:09 2025 GMT
            Not After : Aug 20 06:39:09 2026 GMT
        Subject: CN=81624AE079F87183C774760E9D1FA0FFFB9CEF3C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:84:be:f7:9e:95:6b:67:dd:af:41:ef:b9:c7:
                    76:52:ef:7f:9b:84:e1:e9:80:12:69:73:ee:1c:d0:
                    7c:95:e6:9a:3d:78:a5:2b:29:55:f2:4e:26:3e:eb:
                    84:c2:2f:13:48:54:5c:d9:d6:31:2e:92:36:2f:bc:
                    fe:5b:86:5a:56:31:ef:2f:6b:a1:ba:60:1c:d2:3b:
                    af:39:7e:ac:0d:dc:5d:b0:27:9e:ce:79:43:72:41:
                    8b:f3:cc:e1:a7:8c:2e:f7:f2:fe:4f:22:aa:50:c4:
                    cf:d2:c1:b4:50:4c:3a:74:dc:32:f6:20:90:b8:ef:
                    6b:00:64:a6:58:65:9b:d1:ee:78:19:82:36:ca:ab:
                    90:22:6d:30:d5:b3:3e:80:82:c5:cf:0d:18:ca:49:
                    ac:1a:5e:5f:86:39:84:7c:b5:55:c0:02:b3:6b:2e:
                    6b:9c:94:90:10:42:ca:86:53:c4:a8:37:b8:01:b2:
                    c9:93:a7:60:a0:53:07:14:b6:bb:a2:0f:48:1e:94:
                    b6:0b:46:a7:b8:d5:ab:0e:c0:7a:8d:60:f2:ba:81:
                    1a:2c:8e:3f:78:c7:4b:ff:5d:0d:66:36:74:75:64:
                    4b:5d:4d:2c:2e:dc:ac:49:f3:32:69:d3:b8:51:29:
                    2e:9b:71:92:35:85:4d:e2:36:fd:3c:bc:77:9b:c6:
                    3e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:62:4A:E0:79:F8:71:83:C7:74:76:0E:9D:1F:A0:FF:FB:9C:EF:3C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131302e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:c8:67:1a:69:3d:99:e1:12:71:0e:89:70:b9:9d:27:46:50:
         d0:c0:04:f0:68:8e:af:e3:4c:e6:89:e8:4c:99:3c:23:6b:f8:
         56:7a:20:0e:05:c7:ea:92:7d:a8:0b:35:de:8c:ce:5b:ea:87:
         3c:ab:a1:a6:ec:7f:4d:8a:97:fe:df:5d:3d:61:91:6c:c9:b1:
         2a:0c:ce:84:80:d1:b0:8b:fd:b0:ca:0c:56:26:35:76:10:5f:
         cf:c0:8a:d0:68:c1:b5:75:ba:ca:21:37:b2:f9:e3:b3:78:8c:
         b3:86:c2:01:d2:c2:86:ec:52:2a:21:71:c3:0b:9a:71:07:75:
         da:c7:69:05:9d:5d:22:16:94:a8:8f:71:42:1a:55:87:29:ac:
         de:50:98:e5:c2:ea:d2:f5:1a:0b:34:cb:97:67:2c:d5:3d:d3:
         8a:73:54:27:d7:71:cb:f5:c3:8e:82:58:e4:4b:b9:f8:f8:27:
         4a:52:3b:f5:f5:3f:a9:02:c8:45:9f:c9:36:44:f5:e7:a3:06:
         9e:90:37:85:5e:f6:f8:a1:40:b3:12:ce:7f:7b:48:98:56:e5:
         ee:eb:59:5e:c8:27:58:0c:43:2e:90:e9:f8:77:d0:0c:b5:d2:
         e0:1a:04:ab:2e:61:c5:16:84:74:90:eb:48:fc:03:55:44:e8:
         5d:34:a5:3a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJ0NVrfN0bJb2PFQAT4BojgsFnMkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MDlaFw0yNjA4MjAwNjM5MDlaMDMxMTAvBgNV
BAMTKDgxNjI0QUUwNzlGODcxODNDNzc0NzYwRTlEMUZBMEZGRkI5Q0VGM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfhL73npVrZ92vQe+5x3ZS73+b
hOHpgBJpc+4c0HyV5po9eKUrKVXyTiY+64TCLxNIVFzZ1jEukjYvvP5bhlpWMe8v
a6G6YBzSO685fqwN3F2wJ57OeUNyQYvzzOGnjC738v5PIqpQxM/SwbRQTDp03DL2
IJC472sAZKZYZZvR7ngZgjbKq5AibTDVsz6AgsXPDRjKSawaXl+GOYR8tVXAArNr
LmuclJAQQsqGU8SoN7gBssmTp2CgUwcUtruiD0gelLYLRqe41asOwHqNYPK6gRos
jj94x0v/XQ1mNnR1ZEtdTSwu3KxJ8zJp07hRKS6bcZI1hU3iNv08vHebxj6rAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgWJK4Hn4cYPHdHYOnR+g//uc7zwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMx
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
bjANBgkqhkiG9w0BAQsFAAOCAQEAJchnGmk9meEScQ6JcLmdJ0ZQ0MAE8GiOr+NM
5onoTJk8I2v4VnogDgXH6pJ9qAs13ozOW+qHPKuhpux/TYqX/t9dPWGRbMmxKgzO
hIDRsIv9sMoMViY1dhBfz8CK0GjBtXW6yiE3svnjs3iMs4bCAdLChuxSKiFxwwua
cQd12sdpBZ1dIhaUqI9xQhpVhyms3lCY5cLq0vUaCzTLl2cs1T3TinNUJ9dxy/XD
joJY5Eu5+PgnSlI79fU/qQLIRZ/JNkT156MGnpA3hV72+KFAsxLOf3tImFbl7utZ
XsgnWAxDLpDp+HfQDLXS4BoEqy5hxRaEdJDrSPwDVUToXTSlOg==
-----END CERTIFICATE-----