Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38382e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e38382e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          t8Q/zoXGBRSfNpcIomw/e9/vMN5o477BuvZYEvgY4Kg=
Subject key identifier:   60:2D:76:B8:23:17:34:98:DD:8E:3C:E6:DE:9D:05:F2:9E:8B:D5:FE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       68F7B47B63ABD67111A6F22492F9F8C93BD277DC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38382e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:21 +0000
ROA not before:           Thu 21 Aug 2025 06:34:21 +0000
ROA not after:            Thu 20 Aug 2026 06:39:21 +0000
asID:                     2914
IP address blocks:        145.79.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f7:b4:7b:63:ab:d6:71:11:a6:f2:24:92:f9:f8:c9:3b:d2:77:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:21 2025 GMT
            Not After : Aug 20 06:39:21 2026 GMT
        Subject: CN=602D76B823173498DD8E3CE6DE9D05F29E8BD5FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:1c:8f:e7:4d:0e:07:a0:d0:3b:26:78:7e:a6:
                    d5:96:a8:1e:f5:a9:8e:8a:f4:8f:fa:25:9c:63:be:
                    ad:e7:28:56:3a:94:ea:1d:54:fd:52:69:9d:55:a1:
                    8d:60:39:54:24:c5:47:f6:61:2a:ca:a1:7f:6b:f3:
                    e7:dd:41:3f:1e:4d:f9:53:03:89:e2:92:a9:a5:af:
                    76:10:dd:b6:2f:14:60:ca:dd:a9:69:bc:4a:95:cb:
                    e6:4f:e0:24:c4:c7:56:39:8f:9f:22:ad:65:c8:0c:
                    96:46:90:fb:20:f6:9d:e7:27:7d:3c:2a:4a:1e:3c:
                    5b:2b:a1:c2:11:58:0c:a1:42:7d:cc:76:fc:a3:ff:
                    26:a2:8b:f5:75:88:a8:58:63:3e:a8:3f:32:b0:38:
                    af:05:15:c5:66:45:9f:7a:3d:cf:10:7d:c3:23:7c:
                    d1:2e:3e:ef:0e:5b:11:66:ba:b8:c8:61:20:a1:3a:
                    3b:92:f2:35:dc:84:d5:a7:6f:08:fa:d4:24:27:43:
                    b7:ee:b1:ad:96:01:32:ac:55:78:32:12:ea:3c:f8:
                    6f:c1:06:22:35:4c:89:fe:df:b2:4e:ff:7b:3d:73:
                    0b:3e:a5:f2:a4:d5:7c:f7:e2:93:c8:94:4f:87:95:
                    d1:b0:0e:c2:ac:90:81:9d:e2:58:0c:b3:fa:b5:10:
                    3e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:2D:76:B8:23:17:34:98:DD:8E:3C:E6:DE:9D:05:F2:9E:8B:D5:FE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38382e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:78:b0:64:1c:78:fc:33:1d:66:aa:75:59:cc:d7:4e:22:f3:
         6c:35:32:a6:54:b9:c7:09:22:4c:e2:10:98:b3:45:6b:4a:16:
         a4:a3:93:64:cb:4c:25:44:1f:07:7b:b3:9a:6f:b8:16:6c:ca:
         b5:1f:db:87:e4:49:0b:67:86:6f:f8:44:9f:95:03:36:b0:e7:
         dd:86:61:7c:55:2c:be:65:df:28:16:6e:a5:8e:dd:ef:8c:2b:
         56:9c:f0:0e:2e:c2:8b:d5:96:4c:40:4c:21:04:17:e6:4b:18:
         53:f3:1e:ad:4e:ea:79:0d:d7:c4:6a:26:32:fb:95:cd:6b:b0:
         05:d5:bb:4d:6c:cd:52:5f:6e:b3:85:42:e8:f1:8e:1f:94:d6:
         35:58:52:c5:ca:0b:63:39:48:e6:3a:b7:c0:d6:ae:7a:b4:d2:
         3b:3b:50:ab:45:73:92:d3:8a:11:58:e8:9c:d9:04:d9:be:a2:
         2e:94:80:25:59:a5:17:ee:96:f0:42:66:c9:3b:bb:cb:c8:aa:
         65:80:31:2b:4e:66:10:5d:44:ca:02:b6:a9:35:e1:c1:2a:15:
         b8:29:ea:60:e4:b1:43:e7:45:5b:d6:db:5f:b1:5c:c0:d0:39:
         78:ef:2c:4a:a3:40:c1:9c:a4:c2:48:56:11:a5:8e:bd:f7:46:
         bd:48:f1:ef
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUaPe0e2Or1nERpvIkkvn4yTvSd9wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MjFaFw0yNjA4MjAwNjM5MjFaMDMxMTAvBgNV
BAMTKDYwMkQ3NkI4MjMxNzM0OThERDhFM0NFNkRFOUQwNUYyOUU4QkQ1RkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZHI/nTQ4HoNA7Jnh+ptWWqB71
qY6K9I/6JZxjvq3nKFY6lOodVP1SaZ1VoY1gOVQkxUf2YSrKoX9r8+fdQT8eTflT
A4nikqmlr3YQ3bYvFGDK3alpvEqVy+ZP4CTEx1Y5j58irWXIDJZGkPsg9p3nJ308
KkoePFsrocIRWAyhQn3Mdvyj/yaii/V1iKhYYz6oPzKwOK8FFcVmRZ96Pc8QfcMj
fNEuPu8OWxFmurjIYSChOjuS8jXchNWnbwj61CQnQ7fusa2WATKsVXgyEuo8+G/B
BiI1TIn+37JO/3s9cws+pfKk1Xz34pPIlE+HldGwDsKskIGd4lgMs/q1ED5lAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUYC12uCMXNJjdjjzm3p0F8p6L1f4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzODM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT1gw
DQYJKoZIhvcNAQELBQADggEBAE14sGQcePwzHWaqdVnM104i82w1MqZUuccJIkzi
EJizRWtKFqSjk2TLTCVEHwd7s5pvuBZsyrUf24fkSQtnhm/4RJ+VAzaw592GYXxV
LL5l3ygWbqWO3e+MK1ac8A4uwovVlkxATCEEF+ZLGFPzHq1O6nkN18RqJjL7lc1r
sAXVu01szVJfbrOFQujxjh+U1jVYUsXKC2M5SOY6t8DWrnq00js7UKtFc5LTihFY
6JzZBNm+oi6UgCVZpRfulvBCZsk7u8vIqmWAMStOZhBdRMoCtqk14cEqFbgp6mDk
sUPnRVvW21+xXMDQOXjvLEqjQMGcpMJIVhGljr33Rr1I8e8=
-----END CERTIFICATE-----