Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131332e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3131332e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          WpG83pRuwbN5NCqGTXrJhd0l9wKB4SQ6BKI+kCDMHJs=
Subject key identifier:   A5:3A:6F:73:67:A6:E1:7D:F8:EE:D6:44:D3:C8:50:C5:9C:76:06:38
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4543D6AC832933624EDA367EB35F98CA34B940ED
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131332e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:07 +0000
ROA not before:           Thu 21 Aug 2025 06:34:07 +0000
ROA not after:            Thu 20 Aug 2026 06:39:07 +0000
asID:                     2914
IP address blocks:        145.79.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:43:d6:ac:83:29:33:62:4e:da:36:7e:b3:5f:98:ca:34:b9:40:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:07 2025 GMT
            Not After : Aug 20 06:39:07 2026 GMT
        Subject: CN=A53A6F7367A6E17DF8EED644D3C850C59C760638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:f7:6d:2c:8b:13:9b:be:f1:0f:d8:f2:75:0f:
                    3d:50:f3:4f:5f:a2:2e:bc:be:b9:21:df:1c:a5:13:
                    8a:f8:25:a5:87:45:23:3b:5b:d1:da:9f:aa:7e:fc:
                    c4:bd:74:ed:e0:bd:f6:7e:28:6f:74:db:d0:fb:46:
                    d4:73:de:b3:35:90:34:35:5a:81:94:85:65:74:ee:
                    a6:a8:82:20:a6:49:23:76:66:2d:6d:4b:c1:6a:76:
                    a2:df:2e:c3:95:e6:da:ac:c9:73:48:d4:93:b4:fe:
                    87:b6:00:4c:da:4e:0e:8b:52:c8:e1:9d:51:1f:82:
                    28:f7:24:bd:7d:2a:e4:ab:c8:8c:3b:07:a2:8a:1b:
                    3c:44:12:2e:b1:7c:70:22:0b:2b:bd:dc:7e:c7:df:
                    f7:72:1b:ee:ea:45:fe:16:ee:5a:c0:e2:e1:41:8e:
                    9e:c7:35:0c:57:5b:f3:47:41:61:c5:44:7e:f0:e4:
                    48:9e:e6:1c:46:ea:63:57:cd:da:ee:b3:41:49:7f:
                    d6:fb:33:57:92:2e:25:dd:dd:c6:08:4a:6c:f6:41:
                    e0:7d:c1:e3:f9:1b:6c:fb:80:84:78:bd:23:40:f5:
                    a9:76:b9:8a:76:de:4e:4a:ca:8b:66:4e:d1:9a:eb:
                    3b:33:31:be:19:f5:61:1f:5c:34:76:42:2b:44:16:
                    e9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:3A:6F:73:67:A6:E1:7D:F8:EE:D6:44:D3:C8:50:C5:9C:76:06:38
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131332e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:88:54:1d:f8:60:fd:d2:b4:82:31:f0:6c:00:63:8e:57:ba:
         75:b4:4d:92:38:f6:dc:2c:07:32:58:d4:68:fc:e0:34:6e:47:
         a3:c1:84:55:25:fa:67:5c:7d:92:99:b9:00:2e:e7:5d:e8:99:
         59:55:b7:81:50:1f:d5:5c:2d:05:6b:c6:44:14:85:1c:20:a9:
         f4:94:87:0c:86:dc:9a:2c:b2:40:26:43:df:61:e6:ac:73:8d:
         74:03:cc:9d:09:97:1c:8b:da:69:ba:e7:ff:2e:f3:89:68:13:
         8f:1d:8b:6d:36:ce:59:12:9a:ea:04:ac:c5:1c:3b:ba:65:bc:
         a4:37:49:dc:80:07:cb:0b:52:06:e2:8d:4e:de:6c:fb:70:70:
         9e:a4:f5:aa:4d:12:45:ae:c5:2f:00:bc:5b:6f:5b:86:4a:0f:
         a8:93:2b:c7:0f:b3:b1:76:90:bf:2a:f9:e6:6d:f9:16:cc:58:
         55:b5:82:c6:74:c2:a3:ce:94:f0:bb:d9:e2:87:90:ee:62:16:
         a8:75:a0:16:0b:dc:8d:11:87:5a:03:a3:91:f1:84:80:71:9f:
         f4:70:50:10:de:8d:13:81:e0:76:64:fb:9a:cc:d2:fc:f7:c0:
         61:6b:37:d8:87:45:ee:c0:88:43:99:ce:36:e6:d3:7d:dc:d7:
         53:64:da:47
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURUPWrIMpM2JO2jZ+s1+YyjS5QO0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MDdaFw0yNjA4MjAwNjM5MDdaMDMxMTAvBgNV
BAMTKEE1M0E2RjczNjdBNkUxN0RGOEVFRDY0NEQzQzg1MEM1OUM3NjA2MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDr920sixObvvEP2PJ1Dz1Q809f
oi68vrkh3xylE4r4JaWHRSM7W9Han6p+/MS9dO3gvfZ+KG9029D7RtRz3rM1kDQ1
WoGUhWV07qaogiCmSSN2Zi1tS8FqdqLfLsOV5tqsyXNI1JO0/oe2AEzaTg6LUsjh
nVEfgij3JL19KuSryIw7B6KKGzxEEi6xfHAiCyu93H7H3/dyG+7qRf4W7lrA4uFB
jp7HNQxXW/NHQWHFRH7w5Eie5hxG6mNXzdrus0FJf9b7M1eSLiXd3cYISmz2QeB9
weP5G2z7gIR4vSNA9al2uYp23k5KyotmTtGa6zszMb4Z9WEfXDR2QitEFul/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpTpvc2em4X347tZE08hQxZx2BjgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMx
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
cTANBgkqhkiG9w0BAQsFAAOCAQEAAohUHfhg/dK0gjHwbABjjle6dbRNkjj23CwH
MljUaPzgNG5Ho8GEVSX6Z1x9kpm5AC7nXeiZWVW3gVAf1VwtBWvGRBSFHCCp9JSH
DIbcmiyyQCZD32HmrHONdAPMnQmXHIvaabrn/y7ziWgTjx2LbTbOWRKa6gSsxRw7
umW8pDdJ3IAHywtSBuKNTt5s+3BwnqT1qk0SRa7FLwC8W29bhkoPqJMrxw+zsXaQ
vyr55m35FsxYVbWCxnTCo86U8LvZ4oeQ7mIWqHWgFgvcjRGHWgOjkfGEgHGf9HBQ
EN6NE4HgdmT7mszS/PfAYWs32IdF7sCIQ5nONubTfdzXU2TaRw==
-----END CERTIFICATE-----