Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e39362e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e39362e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          AnYK7UZi/5zDzhLQ4syqLvmDIyRm1HNNhJEMUfUcErw=
Subject key identifier:   B1:A7:5E:76:34:D0:F1:76:65:9F:A2:10:85:E6:9B:F2:70:93:EB:DE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0244C2208684CA789AD2B49AAC1E9508F51F2E71
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e39362e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 21 Aug 2025 06:39:18 +0000
ROA not before:           Thu 21 Aug 2025 06:34:18 +0000
ROA not after:            Thu 20 Aug 2026 06:39:18 +0000
asID:                     2914
IP address blocks:        145.79.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:44:c2:20:86:84:ca:78:9a:d2:b4:9a:ac:1e:95:08:f5:1f:2e:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 21 06:34:18 2025 GMT
            Not After : Aug 20 06:39:18 2026 GMT
        Subject: CN=B1A75E7634D0F176659FA21085E69BF27093EBDE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:7b:2c:a8:2e:d9:30:b0:b2:e4:73:33:18:8f:
                    8b:f6:51:d9:d4:e7:46:21:af:1f:56:ec:3d:d9:f9:
                    90:6c:c3:86:f0:31:2e:49:fc:66:e0:17:fa:66:56:
                    1c:96:a9:8e:21:a2:33:fd:85:77:9f:24:34:c4:9d:
                    7b:12:b6:ab:e2:d2:2b:a4:d4:a2:3e:ba:40:f1:e9:
                    3d:3d:cb:e9:bf:82:05:41:4b:83:9e:f9:3d:9c:67:
                    c2:90:21:bc:98:b9:23:b3:23:5e:e4:16:af:c4:40:
                    b0:bf:54:de:19:fc:df:4f:d4:99:a9:a8:c9:2e:6e:
                    f1:c3:ae:f3:0d:dd:bc:be:be:cc:8c:d2:70:37:d8:
                    58:f0:35:76:ca:25:b4:77:0c:1a:c8:33:f1:a0:e1:
                    67:3a:0d:47:35:a2:96:1c:b2:33:2b:b4:b1:a3:aa:
                    0e:27:53:5b:c7:38:10:0e:76:cb:a6:30:c5:aa:50:
                    76:7a:31:92:c7:d0:f4:09:e3:c3:82:5f:f6:e4:e6:
                    74:e8:3d:95:7a:9a:63:40:cb:ce:f9:70:08:08:4d:
                    f8:ce:df:0c:e1:62:a8:75:e3:fa:8f:9a:22:8c:72:
                    56:f9:ad:be:37:82:60:53:06:d2:bf:b3:77:65:a1:
                    eb:44:5e:51:a2:6b:28:a0:12:a3:c3:35:7e:16:12:
                    60:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A7:5E:76:34:D0:F1:76:65:9F:A2:10:85:E6:9B:F2:70:93:EB:DE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e39362e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:1d:a4:49:75:38:06:49:f7:e6:69:9f:56:fa:3b:ef:11:f4:
         31:e5:97:9b:84:30:eb:f8:b7:a5:6c:39:de:81:bf:4f:d0:10:
         bd:bc:76:02:b8:55:6b:90:2d:cc:a7:86:92:74:e0:46:0d:f5:
         91:15:99:0a:6b:1e:46:fe:2a:94:75:e5:9c:a2:8e:7a:8e:6d:
         f6:3b:7a:a7:67:ed:cb:f1:23:5e:44:c5:00:17:62:42:5e:55:
         20:66:04:c1:16:5f:59:e3:02:2b:45:d4:e3:c6:74:72:ae:7c:
         07:c0:97:81:bf:a7:54:ff:19:ae:67:05:c3:ec:fe:97:d2:a8:
         4a:8a:e1:dc:4a:af:99:55:d7:9d:0a:1c:e6:a7:48:70:67:20:
         9b:8f:ad:c7:c3:2f:56:21:84:32:3a:f5:cb:2e:66:32:8d:3f:
         7d:c0:0b:20:f6:0d:5c:1b:03:bd:a0:6b:e2:92:a6:76:c8:3e:
         4b:b4:39:59:61:b1:d4:46:82:10:79:f5:74:34:15:d2:2a:31:
         cf:66:3c:c9:8f:21:de:fc:eb:7b:56:47:cf:34:3f:de:89:84:
         d9:44:cb:19:34:e2:ae:c8:c7:99:7e:61:73:9a:83:d1:1d:36:
         39:bf:73:e2:bc:c9:e2:b3:e2:16:3a:29:97:b9:be:9c:dc:b1:
         d9:2a:10:0e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAkTCIIaEynia0rSarB6VCPUfLnEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjEwNjM0MThaFw0yNjA4MjAwNjM5MThaMDMxMTAvBgNV
BAMTKEIxQTc1RTc2MzREMEYxNzY2NTlGQTIxMDg1RTY5QkYyNzA5M0VCREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaeyyoLtkwsLLkczMYj4v2UdnU
50Yhrx9W7D3Z+ZBsw4bwMS5J/GbgF/pmVhyWqY4hojP9hXefJDTEnXsStqvi0iuk
1KI+ukDx6T09y+m/ggVBS4Oe+T2cZ8KQIbyYuSOzI17kFq/EQLC/VN4Z/N9P1Jmp
qMkubvHDrvMN3by+vsyM0nA32FjwNXbKJbR3DBrIM/Gg4Wc6DUc1opYcsjMrtLGj
qg4nU1vHOBAOdsumMMWqUHZ6MZLH0PQJ48OCX/bk5nToPZV6mmNAy875cAgITfjO
3wzhYqh14/qPmiKMclb5rb43gmBTBtK/s3dloetEXlGiayigEqPDNX4WEmB5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUsadedjTQ8XZln6IQheab8nCT694wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzOTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT2Aw
DQYJKoZIhvcNAQELBQADggEBAHEdpEl1OAZJ9+Zpn1b6O+8R9DHll5uEMOv4t6Vs
Od6Bv0/QEL28dgK4VWuQLcynhpJ04EYN9ZEVmQprHkb+KpR15ZyijnqObfY7eqdn
7cvxI15ExQAXYkJeVSBmBMEWX1njAitF1OPGdHKufAfAl4G/p1T/Ga5nBcPs/pfS
qEqK4dxKr5lV150KHOanSHBnIJuPrcfDL1YhhDI69csuZjKNP33ACyD2DVwbA72g
a+KSpnbIPku0OVlhsdRGghB59XQ0FdIqMc9mPMmPId7863tWR880P96JhNlEyxk0
4q7Ix5l+YXOag9EdNjm/c+K8yeKz4hY6KZe5vpzcsdkqEA4=
-----END CERTIFICATE-----