Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e34342e302f32322d3234203d3e2037303239.roa
File:                     3134352e37392e34342e302f32322d3234203d3e2037303239.roa (raw, json)
Hash identifier:          eX+boffqU+lAM+XHwQiLF8JkPwrDEs/XGIEqn5KWl7o=
Subject key identifier:   B9:30:4E:4C:E2:F1:4F:54:B7:A0:0F:95:0C:FA:4F:06:80:E8:E2:88
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       16BD60740EE7353541846507EB072F15A4C6DD47
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e34342e302f32322d3234203d3e2037303239.roa
Signing time:             Wed 25 Jun 2025 18:11:03 +0000
ROA not before:           Wed 25 Jun 2025 18:06:03 +0000
ROA not after:            Wed 24 Jun 2026 18:11:03 +0000
asID:                     7029
IP address blocks:        145.79.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:bd:60:74:0e:e7:35:35:41:84:65:07:eb:07:2f:15:a4:c6:dd:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 25 18:06:03 2025 GMT
            Not After : Jun 24 18:11:03 2026 GMT
        Subject: CN=B9304E4CE2F14F54B7A00F950CFA4F0680E8E288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:ee:f2:d9:4d:36:91:dd:40:e4:fb:d6:57:5d:
                    19:fb:17:76:09:2d:9d:a9:47:d7:08:70:4a:92:e8:
                    1d:4e:9a:b0:21:f2:bb:6a:a4:43:f6:bd:bf:f5:3b:
                    b3:15:43:90:7b:50:ef:33:bf:f8:89:1d:e1:5f:c9:
                    1a:34:ad:41:ac:35:79:4f:78:ad:fa:46:c7:49:ab:
                    2c:0c:86:11:f8:c9:c9:18:91:14:d4:49:1e:16:50:
                    89:cf:6f:fc:fa:bc:12:f0:e3:cf:e3:58:f7:17:b2:
                    76:96:36:d1:f0:a8:4c:c3:a2:c8:81:cd:a6:90:57:
                    a8:2f:d2:b8:0d:68:4d:cb:19:d0:6e:2a:6a:64:1e:
                    d4:0c:80:1b:8b:eb:f5:b7:d3:c0:79:74:00:b9:15:
                    4b:08:b0:5a:67:fb:8a:b8:b4:4e:70:2e:a2:b4:27:
                    4e:5c:e7:29:01:ad:42:7f:d2:ed:fe:39:43:0e:1e:
                    74:1a:65:2a:e0:1f:3d:b2:64:6c:47:1a:46:cf:7e:
                    bc:c9:f1:c1:a5:9f:2d:35:1b:52:d4:de:fc:76:f4:
                    cc:18:18:16:b6:eb:6d:5c:b3:48:55:57:5f:3d:d7:
                    e1:b7:b9:e7:c4:39:50:7b:af:d6:52:da:45:1c:41:
                    1f:03:47:56:45:79:8b:70:d7:27:59:38:99:c0:00:
                    41:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:30:4E:4C:E2:F1:4F:54:B7:A0:0F:95:0C:FA:4F:06:80:E8:E2:88
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e34342e302f32322d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:c9:59:6d:66:28:71:12:8d:69:f1:b2:94:ae:5b:00:33:90:
         a1:10:a4:4e:27:44:2c:84:c3:b8:f8:f3:1f:1a:2c:72:ff:5a:
         71:c6:b7:f0:2e:f5:d3:92:cc:cd:8c:b8:29:7e:3a:25:24:91:
         70:f2:f0:6b:7e:32:23:c0:62:40:84:87:03:cb:7a:ef:1f:3d:
         e5:82:b7:86:69:46:f2:08:65:dc:bf:54:dd:74:f6:80:9c:54:
         05:03:03:35:bd:03:27:3e:56:01:ee:b1:2c:ec:ee:ef:ce:a2:
         13:6c:15:b2:cb:90:ab:6f:e5:7a:a2:84:12:62:80:9c:1d:6b:
         cd:a1:a4:31:af:95:1f:e4:43:95:d4:9f:a2:a0:c2:11:53:d2:
         7b:69:02:1a:3a:41:9d:4e:fd:f2:11:80:7b:05:54:75:35:6f:
         9d:1c:c3:95:84:5f:ca:df:38:d2:5d:fc:8d:a0:02:bf:0b:a2:
         d0:b5:ca:c7:51:58:86:e1:5c:b1:a1:eb:ea:64:8a:33:d2:2c:
         61:0c:2b:ef:bf:c9:0f:90:bf:19:26:73:92:a8:42:70:91:fc:
         36:ce:c0:ac:f2:91:5c:94:32:b6:b5:98:b4:60:ab:e3:d3:57:
         6d:58:ea:da:71:48:4f:58:c7:dd:ba:90:d7:7f:7c:54:cb:17:
         3c:42:11:5b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFr1gdA7nNTVBhGUH6wcvFaTG3UcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA2MjUxODA2MDNaFw0yNjA2MjQxODExMDNaMDMxMTAvBgNV
BAMTKEI5MzA0RTRDRTJGMTRGNTRCN0EwMEY5NTBDRkE0RjA2ODBFOEUyODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp7vLZTTaR3UDk+9ZXXRn7F3YJ
LZ2pR9cIcEqS6B1OmrAh8rtqpEP2vb/1O7MVQ5B7UO8zv/iJHeFfyRo0rUGsNXlP
eK36RsdJqywMhhH4yckYkRTUSR4WUInPb/z6vBLw48/jWPcXsnaWNtHwqEzDosiB
zaaQV6gv0rgNaE3LGdBuKmpkHtQMgBuL6/W308B5dAC5FUsIsFpn+4q4tE5wLqK0
J05c5ykBrUJ/0u3+OUMOHnQaZSrgHz2yZGxHGkbPfrzJ8cGlny01G1LU3vx29MwY
GBa2621cs0hVV1891+G3uefEOVB7r9ZS2kUcQR8DR1ZFeYtw1ydZOJnAAEFJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUuTBOTOLxT1S3oA+VDPpPBoDo4ogwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNDM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzczMDMyMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKRTyww
DQYJKoZIhvcNAQELBQADggEBACzJWW1mKHESjWnxspSuWwAzkKEQpE4nRCyEw7j4
8x8aLHL/WnHGt/Au9dOSzM2MuCl+OiUkkXDy8Gt+MiPAYkCEhwPLeu8fPeWCt4Zp
RvIIZdy/VN109oCcVAUDAzW9Ayc+VgHusSzs7u/OohNsFbLLkKtv5XqihBJigJwd
a82hpDGvlR/kQ5XUn6KgwhFT0ntpAho6QZ1O/fIRgHsFVHU1b50cw5WEX8rfONJd
/I2gAr8LotC1ysdRWIbhXLGh6+pkijPSLGEMK++/yQ+Qvxkmc5KoQnCR/DbOwKzy
kVyUMra1mLRgq+PTV21Y6tpxSE9Yx926kNd/fFTLFzxCEVs=
-----END CERTIFICATE-----