Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131342e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3131342e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          54KS0QeRYvvRd2JuBnwuu7PAoCCupiEDO71kcrEQQbY=
Subject key identifier:   0B:93:A4:00:BE:B8:B2:BE:99:58:9A:45:00:05:D9:D2:03:13:2C:80
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       022D7AD6215550BCF49AB99565C78DAD1E893ED8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131342e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:07 +0000
ROA not before:           Thu 21 Aug 2025 06:34:07 +0000
ROA not after:            Thu 20 Aug 2026 06:39:07 +0000
asID:                     2914
IP address blocks:        145.79.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:2d:7a:d6:21:55:50:bc:f4:9a:b9:95:65:c7:8d:ad:1e:89:3e:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:07 2025 GMT
            Not After : Aug 20 06:39:07 2026 GMT
        Subject: CN=0B93A400BEB8B2BE99589A450005D9D203132C80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:39:50:d5:53:64:68:ff:7b:ad:9f:8e:66:89:
                    20:de:4e:13:9e:aa:80:82:b5:ad:7d:ec:81:49:20:
                    2e:87:f6:9e:68:05:ce:b6:cc:af:e6:bc:d4:4e:8d:
                    14:a5:72:cd:9a:fe:e5:dc:2a:f1:5b:dc:f2:73:bc:
                    26:73:2e:eb:d9:c5:31:ae:2c:ae:53:4e:46:2f:5c:
                    86:86:4e:f5:90:99:7e:7d:a8:2d:27:9e:f3:41:3a:
                    91:ae:5d:07:d8:8b:31:6c:74:33:2f:43:bd:a5:32:
                    dc:6a:4a:cc:fd:b2:c1:69:4d:21:c6:c3:d5:34:f3:
                    fb:5e:1d:4d:c5:ac:da:ee:5b:04:55:c6:58:d5:f6:
                    6e:e3:f0:27:4f:2d:53:fb:95:b5:cd:74:85:70:74:
                    3b:f1:36:4f:5f:2d:32:fe:a5:70:3d:34:e9:0a:c2:
                    6e:29:6f:00:3d:eb:e0:68:25:a8:63:2c:f9:ce:4b:
                    59:63:e6:4d:3e:71:45:d7:91:35:05:cf:df:b2:6b:
                    97:39:c2:fa:1e:c6:45:90:a9:dc:a5:bf:28:54:85:
                    65:66:0d:d1:a3:92:56:e9:97:da:43:31:5a:5d:93:
                    bd:9a:d7:bc:e7:a2:37:8d:0f:f3:6a:87:ac:ad:d8:
                    48:28:d8:bd:ad:fc:a6:78:ab:27:50:61:a5:a7:5b:
                    08:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:93:A4:00:BE:B8:B2:BE:99:58:9A:45:00:05:D9:D2:03:13:2C:80
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131342e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:89:31:a3:fa:26:66:0c:23:e7:f8:ba:a7:6e:d5:90:48:e1:
         ff:53:1b:c1:15:82:c5:94:60:9b:d4:2c:de:1b:3a:40:29:cd:
         d5:d3:be:2a:99:a0:d8:b9:4f:75:e0:f6:8c:3d:e2:52:78:c8:
         ef:44:7a:22:fa:ca:5a:a3:52:c0:71:f2:7f:5f:85:b2:cd:70:
         c2:aa:f7:a7:1b:7b:b4:4d:ff:e0:87:a6:9c:79:2d:4d:4d:3f:
         5c:4a:cb:cc:94:93:e6:0d:86:26:7c:aa:c4:81:c1:85:00:64:
         04:d0:3c:97:71:80:18:df:c9:a3:d1:a1:a2:a3:ad:2e:62:e7:
         1b:94:6d:bc:e9:01:8d:15:9a:20:7f:c3:ca:33:5e:06:f1:b6:
         97:04:54:de:5d:1e:b5:ef:5b:d9:3c:97:21:7d:67:df:ad:82:
         aa:18:db:33:3d:2e:84:d0:cd:e1:0c:33:68:48:52:b6:35:e1:
         ad:5f:f2:0a:f8:bf:b2:83:50:6b:98:08:3e:d0:af:32:80:c6:
         3e:96:2e:05:bd:09:b5:9c:8b:03:91:d2:d1:4e:23:1a:95:e4:
         58:f9:5c:83:a3:9c:8d:78:a4:a3:8b:d9:9c:ae:16:56:80:17:
         65:51:35:6a:b3:c8:45:75:c7:b0:6c:67:09:b3:e7:d4:06:9f:
         9f:6d:21:ab
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAi161iFVULz0mrmVZceNrR6JPtgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MDdaFw0yNjA4MjAwNjM5MDdaMDMxMTAvBgNV
BAMTKDBCOTNBNDAwQkVCOEIyQkU5OTU4OUE0NTAwMDVEOUQyMDMxMzJDODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBOVDVU2Ro/3utn45miSDeThOe
qoCCta197IFJIC6H9p5oBc62zK/mvNROjRSlcs2a/uXcKvFb3PJzvCZzLuvZxTGu
LK5TTkYvXIaGTvWQmX59qC0nnvNBOpGuXQfYizFsdDMvQ72lMtxqSsz9ssFpTSHG
w9U08/teHU3FrNruWwRVxljV9m7j8CdPLVP7lbXNdIVwdDvxNk9fLTL+pXA9NOkK
wm4pbwA96+BoJahjLPnOS1lj5k0+cUXXkTUFz9+ya5c5wvoexkWQqdylvyhUhWVm
DdGjklbpl9pDMVpdk72a17znojeND/Nqh6yt2Ego2L2t/KZ4qydQYaWnWwjZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUC5OkAL64sr6ZWJpFAAXZ0gMTLIAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMx
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
cjANBgkqhkiG9w0BAQsFAAOCAQEAm4kxo/omZgwj5/i6p27VkEjh/1MbwRWCxZRg
m9Qs3hs6QCnN1dO+Kpmg2LlPdeD2jD3iUnjI70R6IvrKWqNSwHHyf1+Fss1wwqr3
pxt7tE3/4IemnHktTU0/XErLzJST5g2GJnyqxIHBhQBkBNA8l3GAGN/Jo9GhoqOt
LmLnG5RtvOkBjRWaIH/DyjNeBvG2lwRU3l0ete9b2TyXIX1n362CqhjbMz0uhNDN
4QwzaEhStjXhrV/yCvi/soNQa5gIPtCvMoDGPpYuBb0JtZyLA5HS0U4jGpXkWPlc
g6OcjXiko4vZnK4WVoAXZVE1arPIRXXHsGxnCbPn1Aafn20hqw==
-----END CERTIFICATE-----