Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131362e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3131362e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          20ISrcTC1D8jQVYVLIWRzRLcharyj5Fi1tSf+VBdHyI=
Subject key identifier:   98:DD:E6:82:01:49:F2:A0:D3:80:DB:67:E0:7E:41:DE:78:A4:89:D7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       422571C663E3D4E57EB7CE9B911DAF574EFEE658
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131362e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:05 +0000
ROA not before:           Thu 21 Aug 2025 06:34:05 +0000
ROA not after:            Thu 20 Aug 2026 06:39:05 +0000
asID:                     2914
IP address blocks:        145.79.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:25:71:c6:63:e3:d4:e5:7e:b7:ce:9b:91:1d:af:57:4e:fe:e6:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:05 2025 GMT
            Not After : Aug 20 06:39:05 2026 GMT
        Subject: CN=98DDE6820149F2A0D380DB67E07E41DE78A489D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d4:d6:ed:67:14:ce:e8:29:a2:f7:8e:dc:3e:
                    a5:19:26:26:8b:d9:f4:4f:0d:b9:18:c2:09:2f:21:
                    b8:b6:96:79:00:32:d6:2f:64:d3:4e:b1:1f:97:66:
                    f4:4d:1c:1b:26:60:1e:ac:3f:4f:9b:92:c7:fc:38:
                    3c:0a:eb:7b:7c:c3:0b:19:db:f0:c1:84:b7:15:e7:
                    67:d5:5d:bf:a0:b9:d7:fa:3f:82:e1:08:d7:45:8a:
                    d5:fc:da:5d:44:2c:2d:07:4e:e9:54:4a:10:12:5c:
                    3c:92:51:8f:35:9c:c6:7e:85:d8:6d:82:45:e8:2b:
                    41:39:e5:3c:93:d1:a6:1e:a1:ab:aa:c8:ac:c0:99:
                    c4:1e:99:55:3e:f9:fd:25:b4:12:12:d0:b4:35:5b:
                    13:83:0d:2b:7d:e3:ac:3b:e8:78:30:9d:ff:86:49:
                    52:73:7e:29:b5:bf:71:58:74:9e:36:80:cd:9d:f7:
                    81:e3:df:eb:50:04:01:de:a2:22:a8:5b:21:67:32:
                    24:2a:e0:6a:8e:d8:92:2c:a0:62:78:03:cf:eb:68:
                    18:ec:28:07:29:f8:00:81:7e:7e:4e:c3:c0:02:22:
                    2f:35:8f:40:62:2c:00:86:d1:d8:00:0e:e5:a1:f9:
                    87:23:e3:70:7f:21:67:d8:20:1d:2d:12:84:20:a4:
                    88:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:DD:E6:82:01:49:F2:A0:D3:80:DB:67:E0:7E:41:DE:78:A4:89:D7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131362e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:60:66:5b:1d:66:29:ce:44:04:77:c0:5b:27:a5:78:9b:38:
         0f:e0:49:cb:8e:f3:af:bc:e3:53:98:2c:63:13:3e:3c:d0:40:
         8c:f2:bd:42:8b:64:a7:0f:1c:e2:83:fd:d4:8b:78:9b:37:20:
         ea:10:33:60:df:da:d9:12:27:a1:55:34:56:b2:fe:f5:3e:e0:
         bd:33:6e:0e:c6:d1:d9:c5:e0:d6:3e:ba:69:98:8b:45:24:5c:
         c2:b1:dd:74:a3:5e:51:be:36:ca:73:44:f0:de:a2:fb:ea:1c:
         fe:f5:24:39:03:19:f8:ee:94:83:48:80:5f:a8:2b:06:07:69:
         75:06:42:9a:8a:69:78:00:aa:8e:b1:ab:f1:2e:b9:d4:30:dc:
         68:43:3d:74:15:9f:0b:80:8b:57:dd:c1:3b:cf:cf:b3:1a:33:
         0e:19:e7:e1:fa:a2:83:8f:d0:a8:a1:24:72:17:b6:c1:00:37:
         a5:6b:4e:81:e5:b0:e1:58:56:b0:32:2a:5c:cf:b4:6b:87:ad:
         0f:30:c9:7f:e9:f5:87:d6:84:10:e3:8a:c8:dc:40:1d:65:6f:
         c5:da:4d:4d:78:08:eb:0c:5d:85:9a:4d:5d:f6:c9:cf:37:c5:
         6a:ce:5a:b9:5f:99:71:a9:ee:c1:c3:a7:7d:80:fb:7e:b4:6a:
         53:49:04:29
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQiVxxmPj1OV+t86bkR2vV07+5lgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MDVaFw0yNjA4MjAwNjM5MDVaMDMxMTAvBgNV
BAMTKDk4RERFNjgyMDE0OUYyQTBEMzgwREI2N0UwN0U0MURFNzhBNDg5RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY1NbtZxTO6Cmi947cPqUZJiaL
2fRPDbkYwgkvIbi2lnkAMtYvZNNOsR+XZvRNHBsmYB6sP0+bksf8ODwK63t8wwsZ
2/DBhLcV52fVXb+gudf6P4LhCNdFitX82l1ELC0HTulUShASXDySUY81nMZ+hdht
gkXoK0E55TyT0aYeoauqyKzAmcQemVU++f0ltBIS0LQ1WxODDSt946w76Hgwnf+G
SVJzfim1v3FYdJ42gM2d94Hj3+tQBAHeoiKoWyFnMiQq4GqO2JIsoGJ4A8/raBjs
KAcp+ACBfn5Ow8ACIi81j0BiLACG0dgADuWh+Ycj43B/IWfYIB0tEoQgpIg5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmN3mggFJ8qDTgNtn4H5B3nikidcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMx
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
dDANBgkqhkiG9w0BAQsFAAOCAQEALmBmWx1mKc5EBHfAWyeleJs4D+BJy47zr7zj
U5gsYxM+PNBAjPK9Qotkpw8c4oP91It4mzcg6hAzYN/a2RInoVU0VrL+9T7gvTNu
DsbR2cXg1j66aZiLRSRcwrHddKNeUb42ynNE8N6i++oc/vUkOQMZ+O6Ug0iAX6gr
BgdpdQZCmoppeACqjrGr8S651DDcaEM9dBWfC4CLV93BO8/PsxozDhnn4fqig4/Q
qKEkche2wQA3pWtOgeWw4VhWsDIqXM+0a4etDzDJf+n1h9aEEOOKyNxAHWVvxdpN
TXgI6wxdhZpNXfbJzzfFas5auV+ZcanuwcOnfYD7frRqU0kEKQ==
-----END CERTIFICATE-----