Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3132352e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3132352e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          iOgtKqWdts5fFST4o4mNDXDsogyRiZbltuV0ttZDSXI=
Subject key identifier:   9E:34:18:15:D5:AE:B5:5B:96:BB:03:8D:EA:57:E7:2F:71:C7:62:B2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0FB022A0733861CA6B2EFCFD27CFE4A9213E899C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3132352e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 14 Oct 2025 06:57:43 +0000
ROA not before:           Tue 14 Oct 2025 06:52:43 +0000
ROA not after:            Tue 13 Oct 2026 06:57:43 +0000
asID:                     2914
IP address blocks:        145.79.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:b0:22:a0:73:38:61:ca:6b:2e:fc:fd:27:cf:e4:a9:21:3e:89:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 14 06:52:43 2025 GMT
            Not After : Oct 13 06:57:43 2026 GMT
        Subject: CN=9E341815D5AEB55B96BB038DEA57E72F71C762B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:22:19:2f:25:33:72:7e:d8:8d:f7:4c:b8:20:
                    f2:4f:40:27:6d:4d:03:d0:f0:7d:89:dc:fc:dc:2d:
                    9c:56:ff:cc:d5:22:2f:6f:2f:8d:12:dc:58:32:c9:
                    fe:3e:62:1b:0f:5e:31:27:93:a7:17:de:2f:f2:ec:
                    79:aa:f0:7a:c8:3c:6f:49:bc:c1:a6:1b:96:e6:ac:
                    64:3e:26:e1:46:44:82:c0:2f:7f:8a:59:08:8e:88:
                    68:35:15:5d:1f:ec:65:e3:a0:f3:28:b3:9a:c3:b3:
                    28:2d:94:89:33:f0:ec:2b:60:f3:10:63:6b:e6:d3:
                    7e:ce:04:bc:8f:c4:c3:5a:93:97:30:33:45:82:21:
                    d4:9a:b5:41:60:dd:08:69:11:28:55:39:d0:55:d2:
                    cc:8d:f5:28:be:e7:7b:39:48:ec:fe:7c:06:7d:31:
                    2f:25:ec:e5:e6:7c:62:f8:30:e4:d1:be:49:80:88:
                    ed:84:41:e8:9e:bc:71:2b:e1:fc:5d:ee:9d:e6:e4:
                    8a:40:48:12:88:56:a0:c9:cf:d6:55:f3:52:bb:04:
                    c4:a3:57:e9:eb:a3:b3:41:f9:90:57:dd:1b:70:a2:
                    1b:b4:b1:d2:17:40:15:d5:ea:b0:bd:a9:fb:53:fa:
                    5c:2c:3b:fc:5b:fa:79:40:ca:71:89:cf:d2:60:b0:
                    88:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:34:18:15:D5:AE:B5:5B:96:BB:03:8D:EA:57:E7:2F:71:C7:62:B2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3132352e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:43:b3:78:89:05:95:f5:ba:67:2d:9a:84:64:73:87:f7:68:
         3d:ee:c0:bf:f2:74:2b:ea:7b:c0:6e:9c:03:bb:ec:4e:e2:66:
         b0:80:50:ba:f1:43:67:83:15:3a:e7:8f:98:8d:f7:67:ad:df:
         d9:90:55:0e:16:49:65:c4:42:86:10:f5:f0:aa:21:cc:5e:f1:
         98:66:e5:6d:e3:07:bf:1c:c6:01:b1:c0:2c:e5:7a:8e:ae:bb:
         e2:1e:fb:63:e8:60:27:de:5e:05:84:82:ee:fb:24:b0:0b:36:
         c2:49:94:2c:8c:5c:02:eb:1c:4a:fb:53:d6:91:66:92:01:93:
         1c:7a:6f:b9:81:33:e8:49:13:f8:5d:27:97:d3:95:7b:98:79:
         d6:14:6c:bb:87:86:a4:af:f7:e4:c6:c3:51:c1:de:93:fa:08:
         38:b6:9d:e1:28:30:b2:c1:a0:dd:9e:5b:06:2f:af:41:9b:88:
         53:66:97:82:22:0a:f0:ab:ee:71:f4:ab:7e:fd:74:92:37:01:
         56:31:d5:4e:be:5a:bf:8d:85:d8:72:f9:97:9a:8e:94:a5:ab:
         eb:dd:9e:ef:f2:53:42:a4:c4:55:3c:f3:c1:ce:ff:f7:59:52:
         b2:93:e8:86:c5:e9:11:fa:12:fb:f3:cd:fe:1d:33:71:29:ce:
         e2:00:8c:e4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUD7AioHM4YcprLvz9J8/kqSE+iZwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMTQwNjUyNDNaFw0yNjEwMTMwNjU3NDNaMDMxMTAvBgNV
BAMTKDlFMzQxODE1RDVBRUI1NUI5NkJCMDM4REVBNTdFNzJGNzFDNzYyQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAIhkvJTNyftiN90y4IPJPQCdt
TQPQ8H2J3PzcLZxW/8zVIi9vL40S3Fgyyf4+YhsPXjEnk6cX3i/y7Hmq8HrIPG9J
vMGmG5bmrGQ+JuFGRILAL3+KWQiOiGg1FV0f7GXjoPMos5rDsygtlIkz8OwrYPMQ
Y2vm037OBLyPxMNak5cwM0WCIdSatUFg3QhpEShVOdBV0syN9Si+53s5SOz+fAZ9
MS8l7OXmfGL4MOTRvkmAiO2EQeievHEr4fxd7p3m5IpASBKIVqDJz9ZV81K7BMSj
V+nro7NB+ZBX3Rtwohu0sdIXQBXV6rC9qftT+lwsO/xb+nlAynGJz9JgsIh7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnjQYFdWutVuWuwON6lfnL3HHYrIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMy
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
fTANBgkqhkiG9w0BAQsFAAOCAQEAWkOzeIkFlfW6Zy2ahGRzh/doPe7Av/J0K+p7
wG6cA7vsTuJmsIBQuvFDZ4MVOuePmI33Z63f2ZBVDhZJZcRChhD18KohzF7xmGbl
beMHvxzGAbHALOV6jq674h77Y+hgJ95eBYSC7vsksAs2wkmULIxcAuscSvtT1pFm
kgGTHHpvuYEz6EkT+F0nl9OVe5h51hRsu4eGpK/35MbDUcHek/oIOLad4SgwssGg
3Z5bBi+vQZuIU2aXgiIK8KvucfSrfv10kjcBVjHVTr5av42F2HL5l5qOlKWr692e
7/JTQqTEVTzzwc7/91lSspPohsXpEfoS+/PN/h0zcSnO4gCM5A==
-----END CERTIFICATE-----