Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131392e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3131392e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          J//A17IgH7nEnEucQZUl6Bhb2gROoMIXbVlWjnT9OgY=
Subject key identifier:   20:EE:A3:E5:36:53:97:01:76:1C:20:45:EF:AC:00:81:7F:5D:1D:A8
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       18892DAB568271F410FC6A63096598E125BFB2DF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131392e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:03 +0000
ROA not before:           Thu 21 Aug 2025 06:34:03 +0000
ROA not after:            Thu 20 Aug 2026 06:39:03 +0000
asID:                     2914
IP address blocks:        145.79.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:89:2d:ab:56:82:71:f4:10:fc:6a:63:09:65:98:e1:25:bf:b2:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:03 2025 GMT
            Not After : Aug 20 06:39:03 2026 GMT
        Subject: CN=20EEA3E536539701761C2045EFAC00817F5D1DA8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:38:4b:fa:b1:78:dd:ef:18:52:1f:7a:a2:09:
                    be:0a:b4:2a:a6:43:0c:0c:ea:b4:80:54:55:21:66:
                    09:3a:7a:ad:9a:1b:9b:0a:a5:7a:8d:43:1c:e7:c2:
                    1f:ba:45:0e:29:93:11:76:c1:2d:57:47:0f:d4:49:
                    52:63:eb:b9:9a:1f:42:ec:81:f3:73:b7:14:62:16:
                    e5:e7:9a:96:79:a6:a3:84:e7:f2:99:de:49:f8:1c:
                    64:d8:f9:1e:7f:8c:78:4f:f9:5d:ac:83:a5:71:cd:
                    d4:89:05:de:e6:0b:10:66:d6:7a:fc:fa:62:db:7b:
                    1b:49:6d:b9:06:a1:5e:6f:a1:f1:38:f1:fd:ca:89:
                    d5:08:4c:76:80:3e:5a:43:ad:ae:33:f5:8b:b9:50:
                    96:3f:b7:63:2b:6c:e6:70:0b:9f:98:25:ec:05:8a:
                    ef:f1:fd:68:9b:b5:96:38:8d:9c:a8:ad:ef:48:7b:
                    e7:86:50:ef:f6:c8:a7:2e:56:50:57:cd:a0:5b:f0:
                    94:50:7f:c9:4d:b5:4c:e6:0b:16:9d:ce:0d:a7:48:
                    bf:fb:c9:20:c3:8f:bb:c8:3b:d8:f6:8b:cb:49:30:
                    3e:59:7c:8d:7e:e9:62:44:f9:e4:37:ed:bd:27:63:
                    8b:6d:5a:0a:9d:54:45:f0:79:d1:e1:9f:ec:57:df:
                    0e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:EE:A3:E5:36:53:97:01:76:1C:20:45:EF:AC:00:81:7F:5D:1D:A8
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131392e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:55:4e:37:cc:cb:51:88:6f:3d:5a:3c:72:76:fe:d3:a0:2b:
         5f:d0:f4:76:94:eb:1d:20:55:24:87:ec:a9:4e:1e:08:d7:52:
         27:d3:f1:64:58:01:6d:fe:a0:a2:a9:71:01:f8:96:fd:75:73:
         b6:a9:a1:2d:2e:c1:b6:e3:47:05:68:ac:c8:66:85:78:be:fd:
         66:2d:bd:63:56:d8:a8:24:67:a8:ef:c4:55:e8:9c:15:3c:93:
         c2:14:97:dd:ff:dd:89:90:a9:77:15:54:14:c7:cf:e4:68:93:
         5d:93:f9:f6:ef:32:32:22:66:a0:47:a4:c7:a0:94:d2:c1:46:
         a4:55:fb:53:e3:71:63:1f:e2:7f:18:fb:53:d2:59:91:a4:55:
         25:86:26:a0:34:19:ad:19:cd:6e:b1:f4:d6:c3:d0:8c:2c:4c:
         3c:57:4a:12:82:82:30:aa:40:32:f8:b6:2e:94:21:a9:98:ea:
         a2:1e:3f:ff:eb:cf:c7:e4:3c:cd:d7:31:f9:e5:68:15:45:f9:
         3a:00:d3:4e:d5:6b:38:ec:51:06:3d:5f:7a:e2:c0:da:b5:c2:
         cb:6b:88:b6:19:32:25:e6:48:06:c5:a9:9d:06:35:d1:88:7f:
         bb:37:3d:93:0a:e9:60:27:fa:f9:47:75:ba:05:4f:7d:ce:33:
         4c:b3:76:8b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGIktq1aCcfQQ/GpjCWWY4SW/st8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MDNaFw0yNjA4MjAwNjM5MDNaMDMxMTAvBgNV
BAMTKDIwRUVBM0U1MzY1Mzk3MDE3NjFDMjA0NUVGQUMwMDgxN0Y1RDFEQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0OEv6sXjd7xhSH3qiCb4KtCqm
QwwM6rSAVFUhZgk6eq2aG5sKpXqNQxznwh+6RQ4pkxF2wS1XRw/USVJj67maH0Ls
gfNztxRiFuXnmpZ5pqOE5/KZ3kn4HGTY+R5/jHhP+V2sg6VxzdSJBd7mCxBm1nr8
+mLbextJbbkGoV5vofE48f3KidUITHaAPlpDra4z9Yu5UJY/t2MrbOZwC5+YJewF
iu/x/WibtZY4jZyore9Ie+eGUO/2yKcuVlBXzaBb8JRQf8lNtUzmCxadzg2nSL/7
ySDDj7vIO9j2i8tJMD5ZfI1+6WJE+eQ37b0nY4ttWgqdVEXwedHhn+xX3w5/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIO6j5TZTlwF2HCBF76wAgX9dHagwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMx
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
dzANBgkqhkiG9w0BAQsFAAOCAQEAXFVON8zLUYhvPVo8cnb+06ArX9D0dpTrHSBV
JIfsqU4eCNdSJ9PxZFgBbf6goqlxAfiW/XVztqmhLS7BtuNHBWisyGaFeL79Zi29
Y1bYqCRnqO/EVeicFTyTwhSX3f/diZCpdxVUFMfP5GiTXZP59u8yMiJmoEekx6CU
0sFGpFX7U+NxYx/ifxj7U9JZkaRVJYYmoDQZrRnNbrH01sPQjCxMPFdKEoKCMKpA
Mvi2LpQhqZjqoh4//+vPx+Q8zdcx+eVoFUX5OgDTTtVrOOxRBj1feuLA2rXCy2uI
thkyJeZIBsWpnQY10Yh/uzc9kwrpYCf6+Ud1ugVPfc4zTLN2iw==
-----END CERTIFICATE-----