Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3132322e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3132322e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          i0ae8rmUVQ1eGryIfl/Dxzv8m+WaYFHbfMxHchb92uo=
Subject key identifier:   76:89:F8:43:4E:E7:A4:C7:D7:83:A1:BD:37:AF:28:07:29:BA:1C:BB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3EF293E57B81198C3F04DFE30B8386A00B667CB6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3132322e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:02 +0000
ROA not before:           Thu 21 Aug 2025 06:34:02 +0000
ROA not after:            Thu 20 Aug 2026 06:39:02 +0000
asID:                     2914
IP address blocks:        145.79.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:f2:93:e5:7b:81:19:8c:3f:04:df:e3:0b:83:86:a0:0b:66:7c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:02 2025 GMT
            Not After : Aug 20 06:39:02 2026 GMT
        Subject: CN=7689F8434EE7A4C7D783A1BD37AF280729BA1CBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:dc:9b:39:d2:97:b8:e4:04:4c:f8:26:0c:d5:
                    1d:2f:09:49:75:f3:09:02:d7:f8:55:9c:d0:a9:d9:
                    4d:25:1e:92:95:f8:05:0c:19:52:3f:98:53:9a:08:
                    2d:f5:05:6b:f9:69:bd:d2:f1:dd:42:7f:be:ee:c9:
                    aa:7d:59:e3:b9:23:c9:76:d3:11:3b:a6:d0:36:56:
                    76:0b:58:94:db:fc:e4:84:6d:c4:53:fc:c6:29:fa:
                    02:65:cd:43:45:20:19:82:4a:43:4b:6a:38:22:f1:
                    eb:a5:f0:88:d1:f8:cf:d7:0c:dc:58:13:16:e9:8b:
                    e9:1d:d3:81:c2:53:ba:8d:7e:96:d8:d2:a2:61:d9:
                    b2:24:84:99:3d:24:b7:26:c9:f2:33:4e:ba:8e:13:
                    4d:81:21:99:4e:eb:0d:1d:e2:a4:e1:cd:22:2b:97:
                    82:ac:13:da:fb:b3:50:8e:f9:3f:a7:05:d3:9d:f7:
                    35:55:8f:b3:61:f2:5b:00:50:83:44:83:1a:84:1e:
                    e4:4c:b7:27:36:33:53:74:9b:19:fa:49:a8:c3:28:
                    2f:22:e2:df:49:26:6e:0e:a1:bb:6d:b0:2e:2e:12:
                    90:4e:9e:d7:52:6f:6d:54:e0:29:6c:a3:e7:f0:c9:
                    2a:8b:d1:13:fe:35:37:18:37:b2:23:24:b8:4d:f1:
                    0c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:89:F8:43:4E:E7:A4:C7:D7:83:A1:BD:37:AF:28:07:29:BA:1C:BB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3132322e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:fa:c9:3b:23:91:bb:63:e9:1c:3c:ca:49:70:b0:f2:68:1b:
         85:77:fc:43:92:45:86:d6:58:fb:b1:60:37:fd:d1:8e:2a:9f:
         5f:d5:98:a6:3d:19:9c:d4:d5:0d:6e:cc:f3:4b:12:bf:bf:7e:
         43:22:c2:fc:09:3a:99:07:e6:30:c2:5a:a6:fe:dd:a6:a1:57:
         ff:19:98:d3:8f:aa:6c:4a:d1:d4:6b:10:d4:cb:d9:fb:f0:61:
         9f:e7:c6:25:49:1c:0f:28:ff:52:d4:e9:cd:fa:5b:8e:ff:9b:
         2e:18:5a:19:b3:11:28:37:4b:1a:ff:cf:dc:98:b9:ca:27:a1:
         34:24:80:a7:03:73:43:60:b3:85:bd:ca:54:08:ef:4e:33:e3:
         cb:0e:7d:ea:c5:92:51:d3:29:de:01:e4:b3:e1:c0:60:a2:36:
         96:77:a8:83:41:2e:f7:2e:3e:4c:fa:c4:3a:2f:a5:8c:aa:3f:
         89:3b:0c:4e:f3:77:25:08:fa:64:02:fc:ed:53:d2:7b:b6:5f:
         a0:18:57:a6:49:ee:31:b8:38:5c:ad:8e:9d:ac:c3:8e:52:50:
         af:b3:68:b0:bd:15:3d:ce:93:45:96:18:12:ee:28:8a:c0:cf:
         95:e4:15:54:50:16:2d:bb:97:f8:94:8e:7b:00:6d:b5:15:d7:
         83:fd:e3:b0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPvKT5XuBGYw/BN/jC4OGoAtmfLYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MDJaFw0yNjA4MjAwNjM5MDJaMDMxMTAvBgNV
BAMTKDc2ODlGODQzNEVFN0E0QzdENzgzQTFCRDM3QUYyODA3MjlCQTFDQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD3Js50pe45ARM+CYM1R0vCUl1
8wkC1/hVnNCp2U0lHpKV+AUMGVI/mFOaCC31BWv5ab3S8d1Cf77uyap9WeO5I8l2
0xE7ptA2VnYLWJTb/OSEbcRT/MYp+gJlzUNFIBmCSkNLajgi8eul8IjR+M/XDNxY
Exbpi+kd04HCU7qNfpbY0qJh2bIkhJk9JLcmyfIzTrqOE02BIZlO6w0d4qThzSIr
l4KsE9r7s1CO+T+nBdOd9zVVj7Nh8lsAUINEgxqEHuRMtyc2M1N0mxn6SajDKC8i
4t9JJm4OobttsC4uEpBOntdSb21U4Clso+fwySqL0RP+NTcYN7IjJLhN8QxvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdon4Q07npMfXg6G9N68oBym6HLswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMy
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
ejANBgkqhkiG9w0BAQsFAAOCAQEAOPrJOyORu2PpHDzKSXCw8mgbhXf8Q5JFhtZY
+7FgN/3RjiqfX9WYpj0ZnNTVDW7M80sSv79+QyLC/Ak6mQfmMMJapv7dpqFX/xmY
04+qbErR1GsQ1MvZ+/Bhn+fGJUkcDyj/UtTpzfpbjv+bLhhaGbMRKDdLGv/P3Ji5
yiehNCSApwNzQ2Czhb3KVAjvTjPjyw596sWSUdMp3gHks+HAYKI2lneog0Eu9y4+
TPrEOi+ljKo/iTsMTvN3JQj6ZAL87VPSe7ZfoBhXpknuMbg4XK2OnazDjlJQr7No
sL0VPc6TRZYYEu4oisDPleQVVFAWLbuX+JSOewBttRXXg/3jsA==
-----END CERTIFICATE-----