Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38302e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e38302e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          xZpMXM0mRKXIC/Ki1IhVxu0rs2kfPUiP+u9aaeOSfWg=
Subject key identifier:   76:7D:58:11:BA:6D:09:FD:F9:1A:A7:C3:41:C4:42:BC:1D:5E:09:76
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       68EC3176050EED3877D7AFD868DC71C8FA714B6D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38302e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:23 +0000
ROA not before:           Thu 21 Aug 2025 06:34:23 +0000
ROA not after:            Thu 20 Aug 2026 06:39:23 +0000
asID:                     2914
IP address blocks:        145.79.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:ec:31:76:05:0e:ed:38:77:d7:af:d8:68:dc:71:c8:fa:71:4b:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:23 2025 GMT
            Not After : Aug 20 06:39:23 2026 GMT
        Subject: CN=767D5811BA6D09FDF91AA7C341C442BC1D5E0976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:66:bd:62:a4:9f:ba:27:56:6a:3c:8e:4a:25:
                    9d:68:9c:4e:4a:f6:57:71:71:b5:ec:0d:86:40:88:
                    cb:22:ea:8a:95:93:86:7c:0e:9e:aa:f4:9a:84:54:
                    5c:fe:ab:3d:a2:43:cd:0e:11:c7:5b:1a:03:22:f4:
                    01:91:c4:07:f4:ab:0a:79:bb:67:51:e0:10:76:04:
                    d5:cd:3e:81:e8:00:6e:aa:69:52:14:8e:00:a9:c0:
                    f0:16:be:83:d8:81:be:92:c2:a6:6f:44:f4:cf:68:
                    e9:67:ed:27:7a:e0:0f:90:65:de:5f:86:4d:d9:07:
                    5b:58:82:a0:1e:b8:59:52:66:31:41:7f:dc:c4:34:
                    87:9b:e1:91:b1:6b:96:f6:d8:d4:34:ab:37:f4:0b:
                    cd:c4:13:54:84:e7:79:c6:83:6c:ec:39:3d:2c:23:
                    41:7f:10:a2:6a:06:c0:11:10:e5:bc:2b:78:8b:cb:
                    a1:87:4b:e7:22:a7:9d:16:4e:79:06:e3:86:78:05:
                    a5:db:f1:1e:9c:02:c3:eb:d9:c6:da:63:47:b9:32:
                    e0:bc:95:b5:e2:28:c1:ab:97:82:fd:4b:75:cf:2a:
                    1e:2b:ad:3f:93:d4:0f:63:6f:60:09:c2:fb:f8:4e:
                    91:b3:ee:15:7c:f6:f8:f2:3b:bd:eb:7a:30:77:c4:
                    f7:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:7D:58:11:BA:6D:09:FD:F9:1A:A7:C3:41:C4:42:BC:1D:5E:09:76
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38302e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:11:6d:9b:28:ae:50:cc:a1:74:85:fe:ae:b8:68:a7:88:88:
         05:9d:50:02:d3:43:c2:e1:5f:d6:30:a7:4b:43:e9:7a:80:9b:
         53:d4:bd:c8:ba:14:bc:8a:3c:50:15:0e:11:6f:9c:49:15:06:
         59:ce:48:f2:81:a2:f7:8e:6a:df:21:a6:bc:e6:4c:8b:85:70:
         db:2f:1a:9c:b5:07:63:fa:52:cd:2c:93:3e:ae:0f:01:09:1d:
         0a:32:cf:3b:c8:e4:d5:ac:f9:fb:a4:71:15:6b:45:b7:de:77:
         38:19:50:f1:f7:eb:6c:4d:5e:0b:dc:79:47:05:7d:7d:a1:94:
         e7:c3:e4:a2:e3:ee:ab:b1:7d:9c:22:60:03:c6:e9:1b:52:a0:
         1d:a6:5a:40:db:5a:3e:29:6e:68:bb:3a:47:2f:f7:39:84:36:
         23:32:e1:b9:83:11:63:1e:dd:e9:f0:56:cd:81:e3:ef:e6:d7:
         e7:ed:50:47:d8:8e:fd:de:0b:9c:ed:e9:86:78:d6:a1:6c:02:
         a2:ec:7b:58:be:6c:10:1f:d1:c7:79:55:39:46:3e:78:d6:c5:
         1a:34:1e:49:b6:08:c9:f5:0a:f6:08:ff:1a:95:ce:e6:a6:30:
         06:23:13:4a:e0:ba:e6:9d:fc:f7:b2:3f:fe:8e:ae:d4:0c:f3:
         09:de:78:09
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUaOwxdgUO7Th316/YaNxxyPpxS20wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MjNaFw0yNjA4MjAwNjM5MjNaMDMxMTAvBgNV
BAMTKDc2N0Q1ODExQkE2RDA5RkRGOTFBQTdDMzQxQzQ0MkJDMUQ1RTA5NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyZr1ipJ+6J1ZqPI5KJZ1onE5K
9ldxcbXsDYZAiMsi6oqVk4Z8Dp6q9JqEVFz+qz2iQ80OEcdbGgMi9AGRxAf0qwp5
u2dR4BB2BNXNPoHoAG6qaVIUjgCpwPAWvoPYgb6SwqZvRPTPaOln7Sd64A+QZd5f
hk3ZB1tYgqAeuFlSZjFBf9zENIeb4ZGxa5b22NQ0qzf0C83EE1SE53nGg2zsOT0s
I0F/EKJqBsAREOW8K3iLy6GHS+cip50WTnkG44Z4BaXb8R6cAsPr2cbaY0e5MuC8
lbXiKMGrl4L9S3XPKh4rrT+T1A9jb2AJwvv4TpGz7hV89vjyO73rejB3xPd7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUdn1YEbptCf35GqfDQcRCvB1eCXYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzODMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT1Aw
DQYJKoZIhvcNAQELBQADggEBAEERbZsorlDMoXSF/q64aKeIiAWdUALTQ8LhX9Yw
p0tD6XqAm1PUvci6FLyKPFAVDhFvnEkVBlnOSPKBoveOat8hprzmTIuFcNsvGpy1
B2P6Us0skz6uDwEJHQoyzzvI5NWs+fukcRVrRbfedzgZUPH362xNXgvceUcFfX2h
lOfD5KLj7quxfZwiYAPG6RtSoB2mWkDbWj4pbmi7Okcv9zmENiMy4bmDEWMe3enw
Vs2B4+/m1+ftUEfYjv3eC5zt6YZ41qFsAqLse1i+bBAf0cd5VTlGPnjWxRo0Hkm2
CMn1CvYI/xqVzuamMAYjE0rguuad/PeyP/6OrtQM8wneeAk=
-----END CERTIFICATE-----