Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37362e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e37362e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          2u944ajKk7yArHBCpNC14WFEbXOcbSKN2mRZUqDdVk4=
Subject key identifier:   2C:6E:A6:5D:B6:61:2F:F7:4D:7B:97:40:C5:6B:64:9A:44:BB:3E:42
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       27A766B8FF65CC3378C1AF8F8516350E917FC39F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37362e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:24 +0000
ROA not before:           Thu 21 Aug 2025 06:34:24 +0000
ROA not after:            Thu 20 Aug 2026 06:39:24 +0000
asID:                     2914
IP address blocks:        145.79.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:a7:66:b8:ff:65:cc:33:78:c1:af:8f:85:16:35:0e:91:7f:c3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:24 2025 GMT
            Not After : Aug 20 06:39:24 2026 GMT
        Subject: CN=2C6EA65DB6612FF74D7B9740C56B649A44BB3E42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:41:2b:e5:53:f8:33:4d:29:a0:26:fe:76:c8:
                    b0:ae:5d:c1:81:12:48:a3:32:53:36:20:77:e8:f3:
                    d0:1a:05:d3:fb:b1:31:be:af:36:a9:70:b2:b0:7c:
                    eb:fd:2d:21:b3:91:e7:5f:fe:dd:52:4e:1c:af:21:
                    32:ef:ef:73:86:85:6d:8a:35:c0:8b:b0:6b:fe:51:
                    31:51:7d:49:16:cf:08:83:af:05:59:f7:da:9d:3d:
                    24:16:4f:4d:1f:92:bc:e1:5b:fe:a3:74:39:87:1b:
                    55:65:3b:bf:7c:8a:65:45:66:ec:ab:33:0b:01:f9:
                    fe:ca:39:23:c5:25:eb:52:27:0f:2a:cc:cb:4b:8d:
                    ce:09:67:8c:a9:e6:3f:5b:d3:45:e5:39:a1:66:7b:
                    54:0d:76:00:4b:78:64:af:55:12:11:69:47:07:bc:
                    6f:2d:4c:8f:3a:9c:3a:23:24:f4:76:52:66:27:bc:
                    7b:57:09:e3:94:1e:ed:72:c1:c9:f9:4b:b5:ae:38:
                    fb:e1:aa:e6:5f:05:30:90:a5:cf:b6:b0:d9:28:6d:
                    de:bd:f0:b4:55:1b:3d:0b:2c:20:3d:71:af:e6:1c:
                    a8:8f:c0:1d:43:26:a2:f3:a9:4e:f4:5c:5d:97:cb:
                    27:e1:4c:9e:1d:79:5b:bf:71:73:4e:57:a4:3b:e3:
                    7a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:6E:A6:5D:B6:61:2F:F7:4D:7B:97:40:C5:6B:64:9A:44:BB:3E:42
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37362e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:24:e7:44:34:37:7c:33:61:f2:8a:af:b0:74:0a:cf:0c:7f:
         84:bd:cf:fb:92:76:c3:3e:97:dd:61:3f:f7:c8:2c:2e:87:16:
         f1:63:9d:60:ad:80:38:e6:5e:b0:2b:04:a8:41:c3:1e:4a:18:
         83:23:aa:ca:ef:88:48:29:e4:86:ba:9d:3e:d2:1d:88:f5:21:
         39:f3:a5:51:64:68:29:90:4a:cc:39:7f:13:1d:97:6a:43:4d:
         6c:27:43:f1:92:e7:26:92:ac:47:16:ac:80:83:c2:e5:75:41:
         40:94:2c:94:da:da:78:29:18:dd:79:1e:39:15:26:f3:f9:1b:
         63:52:3a:d1:82:6c:ac:51:5c:50:12:aa:f5:47:1e:6d:03:75:
         99:e6:49:0d:60:81:03:e6:5a:49:05:54:0b:96:98:a0:c2:ab:
         c4:c3:d8:4b:bc:16:12:d2:60:5e:9e:36:54:41:fe:ce:d8:ed:
         36:fb:80:b7:a5:62:46:82:38:9b:dd:7a:70:24:a6:6e:7e:62:
         13:a0:c0:ef:b2:8f:67:28:96:33:fa:c8:0e:f6:7a:58:03:71:
         97:27:be:2c:6e:98:9b:68:79:1c:a0:11:10:d4:a1:7b:4d:62:
         27:ff:dd:e1:1e:9d:1c:f0:6e:99:19:00:7a:ea:79:6a:f6:71:
         08:a1:79:c5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJ6dmuP9lzDN4wa+PhRY1DpF/w58wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MjRaFw0yNjA4MjAwNjM5MjRaMDMxMTAvBgNV
BAMTKDJDNkVBNjVEQjY2MTJGRjc0RDdCOTc0MEM1NkI2NDlBNDRCQjNFNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpQSvlU/gzTSmgJv52yLCuXcGB
EkijMlM2IHfo89AaBdP7sTG+rzapcLKwfOv9LSGzkedf/t1SThyvITLv73OGhW2K
NcCLsGv+UTFRfUkWzwiDrwVZ99qdPSQWT00fkrzhW/6jdDmHG1VlO798imVFZuyr
MwsB+f7KOSPFJetSJw8qzMtLjc4JZ4yp5j9b00XlOaFme1QNdgBLeGSvVRIRaUcH
vG8tTI86nDojJPR2UmYnvHtXCeOUHu1ywcn5S7WuOPvhquZfBTCQpc+2sNkobd69
8LRVGz0LLCA9ca/mHKiPwB1DJqLzqU70XF2XyyfhTJ4deVu/cXNOV6Q743q3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQULG6mXbZhL/dNe5dAxWtkmkS7PkIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT0ww
DQYJKoZIhvcNAQELBQADggEBABok50Q0N3wzYfKKr7B0Cs8Mf4S9z/uSdsM+l91h
P/fILC6HFvFjnWCtgDjmXrArBKhBwx5KGIMjqsrviEgp5Ia6nT7SHYj1ITnzpVFk
aCmQSsw5fxMdl2pDTWwnQ/GS5yaSrEcWrICDwuV1QUCULJTa2ngpGN15HjkVJvP5
G2NSOtGCbKxRXFASqvVHHm0DdZnmSQ1ggQPmWkkFVAuWmKDCq8TD2Eu8FhLSYF6e
NlRB/s7Y7Tb7gLelYkaCOJvdenAkpm5+YhOgwO+yj2coljP6yA72elgDcZcnvixu
mJtoeRygERDUoXtNYif/3eEenRzwbpkZAHrqeWr2cQihecU=
-----END CERTIFICATE-----