Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2039333034.roa
File:                     3134352e37392e3137322e302f32322d3234203d3e2039333034.roa (raw, json)
Hash identifier:          WMCB5NxITpuy06flCb7mPnlTwsUSKXEC98Nw9AiZvyY=
Subject key identifier:   6C:2B:7A:A4:C8:08:B9:AE:A1:7F:A9:09:CC:01:D4:66:99:98:1E:CA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       69A6B8D3C907E7F6A8557F05FDF5799B152372AC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2039333034.roa
Signing time:             Tue 03 Jun 2025 20:00:37 +0000
ROA not before:           Tue 03 Jun 2025 19:55:37 +0000
ROA not after:            Tue 02 Jun 2026 20:00:37 +0000
asID:                     9304
IP address blocks:        145.79.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:a6:b8:d3:c9:07:e7:f6:a8:55:7f:05:fd:f5:79:9b:15:23:72:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  3 19:55:37 2025 GMT
            Not After : Jun  2 20:00:37 2026 GMT
        Subject: CN=6C2B7AA4C808B9AEA17FA909CC01D46699981ECA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6d:bb:c2:fd:8e:63:da:d4:a8:ce:22:72:2b:
                    66:64:f2:e1:7f:74:aa:ce:7c:a7:78:9a:18:c8:ed:
                    7a:ba:78:2d:d7:f3:a6:39:a2:30:e8:7d:12:c6:3c:
                    2c:ef:f0:dc:f6:0e:e7:12:6e:47:e1:f3:9f:90:66:
                    0e:9b:c6:58:9c:54:59:32:20:b2:36:de:8e:58:58:
                    de:28:e4:fd:74:d5:d2:43:3f:6b:cf:ef:2a:a5:1c:
                    a3:de:70:ab:f5:fc:9a:e5:89:49:70:36:74:b2:44:
                    e6:89:63:dc:1b:cb:4f:94:ed:55:e8:38:cb:a1:c8:
                    66:0d:71:1d:17:29:7d:a9:a0:90:e9:bd:25:89:fb:
                    0c:51:2d:93:01:2f:15:30:a2:e8:7f:d0:b1:18:1b:
                    81:8c:3d:2d:c9:ef:df:11:6d:02:6c:df:8a:eb:a5:
                    69:21:21:5a:46:10:eb:c5:f2:07:e8:b0:d0:9c:56:
                    3c:c5:c8:e5:a4:c8:1c:73:8d:7b:16:e9:42:f5:00:
                    f0:6e:d7:91:29:31:9a:d5:c4:39:3b:c1:d4:c1:d3:
                    e7:6f:48:a4:68:48:e3:81:0e:94:59:f0:06:b4:c0:
                    6d:96:ea:cb:30:3c:6e:66:e1:1f:99:27:14:37:17:
                    cf:a4:db:1f:2d:d0:ad:c5:24:b4:3c:9d:fb:39:09:
                    98:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:2B:7A:A4:C8:08:B9:AE:A1:7F:A9:09:CC:01:D4:66:99:98:1E:CA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:98:07:f0:7d:70:ef:84:50:0b:b6:03:b9:49:a9:86:7f:de:
         55:21:07:2e:a0:c1:09:ae:d0:52:3d:a2:8a:e6:c6:5d:07:e9:
         97:11:1d:1a:ca:56:57:8f:54:e3:5b:8b:e2:88:54:fa:3b:ee:
         1d:3f:af:09:e8:0b:36:96:bf:0a:e0:4d:9c:47:db:16:bd:e3:
         82:e1:5d:a4:29:14:29:1e:36:7d:05:74:c9:74:99:df:79:12:
         bf:21:9d:c1:bc:a8:24:69:77:1c:03:f5:06:6b:bc:75:ad:c3:
         b8:e4:87:2b:9d:b4:f5:71:ab:0d:1c:7c:2a:e6:9f:db:64:8e:
         2c:d7:81:3e:8b:aa:62:3f:20:70:9d:44:a3:7c:68:2a:62:0c:
         e6:7f:0e:b9:4a:9f:27:1f:29:79:99:7e:d4:af:13:52:96:54:
         c8:66:9e:ec:34:bb:4b:64:ce:64:9f:59:78:38:89:9a:c2:9c:
         9f:61:43:fa:87:c2:73:71:43:59:29:97:8e:a9:ef:80:50:a6:
         f5:09:96:ec:f2:25:ec:df:40:34:f4:f8:2e:3a:ba:2b:f3:70:
         55:6d:9a:56:37:37:da:92:0a:07:5f:41:b5:4d:49:bd:49:bf:
         c7:3d:a1:04:87:9a:65:4a:fd:88:b3:22:d3:60:8a:88:84:a0:
         0e:d0:2b:69
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUaaa408kH5/aoVX8F/fV5mxUjcqwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA2MDMxOTU1MzdaFw0yNjA2MDIyMDAwMzdaMDMxMTAvBgNV
BAMTKDZDMkI3QUE0QzgwOEI5QUVBMTdGQTkwOUNDMDFENDY2OTk5ODFFQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJbbvC/Y5j2tSoziJyK2Zk8uF/
dKrOfKd4mhjI7Xq6eC3X86Y5ojDofRLGPCzv8Nz2DucSbkfh85+QZg6bxlicVFky
ILI23o5YWN4o5P101dJDP2vP7yqlHKPecKv1/JrliUlwNnSyROaJY9wby0+U7VXo
OMuhyGYNcR0XKX2poJDpvSWJ+wxRLZMBLxUwouh/0LEYG4GMPS3J798RbQJs34rr
pWkhIVpGEOvF8gfosNCcVjzFyOWkyBxzjXsW6UL1APBu15EpMZrVxDk7wdTB0+dv
SKRoSOOBDpRZ8Aa0wG2W6sswPG5m4R+ZJxQ3F8+k2x8t0K3FJLQ8nfs5CZirAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbCt6pMgIua6hf6kJzAHUZpmYHsowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM3
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApFP
rDANBgkqhkiG9w0BAQsFAAOCAQEAMJgH8H1w74RQC7YDuUmphn/eVSEHLqDBCa7Q
Uj2iiubGXQfplxEdGspWV49U41uL4ohU+jvuHT+vCegLNpa/CuBNnEfbFr3jguFd
pCkUKR42fQV0yXSZ33kSvyGdwbyoJGl3HAP1Bmu8da3DuOSHK5209XGrDRx8Kuaf
22SOLNeBPouqYj8gcJ1Eo3xoKmIM5n8OuUqfJx8peZl+1K8TUpZUyGae7DS7S2TO
ZJ9ZeDiJmsKcn2FD+ofCc3FDWSmXjqnvgFCm9QmW7PIl7N9ANPT4Ljq6K/NwVW2a
Vjc32pIKB19BtU1JvUm/xz2hBIeaZUr9iLMi02CKiISgDtAraQ==
-----END CERTIFICATE-----