Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e32392e302f32342d3332203d3e20313431393935.roa
File:                     34352e38302e32392e302f32342d3332203d3e20313431393935.roa (raw, json)
Hash identifier:          ZaVdn4DKlLkLYDuuZZLp7K9pjsA9GwRxThoJ9x7NzZA=
Subject key identifier:   E8:BD:B7:5B:80:EE:29:72:C1:A9:2D:EC:E0:58:7C:08:B0:2B:11:89
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       06947916C98E49DA6B080491C4C89563869EDA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e32392e302f32342d3332203d3e20313431393935.roa
Signing time:             Wed 10 Sep 2025 12:47:33 +0000
ROA not before:           Wed 10 Sep 2025 12:42:33 +0000
ROA not after:            Wed 09 Sep 2026 12:47:33 +0000
asID:                     141995
IP address blocks:        45.80.29.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:94:79:16:c9:8e:49:da:6b:08:04:91:c4:c8:95:63:86:9e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 10 12:42:33 2025 GMT
            Not After : Sep  9 12:47:33 2026 GMT
        Subject: CN=E8BDB75B80EE2972C1A92DECE0587C08B02B1189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e0:30:a1:e7:dc:8c:12:d6:ca:56:f8:13:c7:
                    8d:48:2b:5e:8f:e5:51:34:aa:f9:0e:a3:b6:7d:c8:
                    cc:06:1e:3d:30:ab:4a:24:e6:9f:2d:a2:03:f2:7d:
                    2a:c0:bc:f9:eb:aa:2a:b9:54:9e:08:61:d0:27:f6:
                    06:55:1d:f5:03:42:32:a0:6c:97:f9:02:0a:50:3b:
                    b0:52:28:af:a4:74:17:11:35:eb:f5:2a:3a:62:cf:
                    8d:98:8f:6f:00:60:96:82:60:c1:4a:0a:45:a6:52:
                    61:1c:72:21:e7:89:fc:ad:59:9d:37:b0:8f:c5:c7:
                    29:68:24:d0:91:da:13:de:b7:8f:52:31:5e:5d:d4:
                    57:b9:f9:ba:18:02:a9:3b:52:90:79:1c:08:5f:f3:
                    6e:48:36:66:ac:54:5c:31:6e:65:b6:ff:58:a9:32:
                    0a:f2:24:0f:55:e0:24:d8:1c:97:44:2e:91:d3:0b:
                    36:64:b0:b8:67:68:11:7b:74:96:66:6d:94:45:cd:
                    b7:e9:52:02:5f:c9:a7:d1:6c:d9:ff:23:41:1f:36:
                    d3:4b:bd:cf:04:5b:b5:eb:75:9b:e0:f5:1d:9d:a3:
                    27:1f:b1:73:bf:54:20:30:4c:e0:7e:3c:72:28:ed:
                    f0:e8:80:d9:bc:d8:1b:6f:94:8b:6b:ff:e6:61:c6:
                    6d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:BD:B7:5B:80:EE:29:72:C1:A9:2D:EC:E0:58:7C:08:B0:2B:11:89
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e32392e302f32342d3332203d3e20313431393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:9d:31:31:b9:f3:1d:26:d7:f4:31:41:85:86:3c:86:73:30:
         53:62:e0:81:05:67:da:32:59:16:7d:e1:55:ef:91:03:a6:95:
         89:8f:0a:0e:71:e4:1d:64:c1:c6:3f:7b:f1:0b:c7:79:cc:a2:
         5b:7e:b4:ca:45:cc:1e:f3:a9:7d:86:80:7d:75:80:f6:85:89:
         38:52:db:3a:d3:f8:a4:fa:fb:82:ca:f5:ca:6a:6d:6a:d9:8e:
         2d:14:21:68:b5:39:c7:38:cc:2c:e0:18:5a:ba:b9:d9:bb:db:
         4a:7d:ad:a7:d8:88:a9:aa:05:e6:ca:2c:c4:36:42:f5:9e:39:
         60:62:99:2a:ac:6d:ec:15:c1:61:29:6a:7b:82:3b:b5:07:e3:
         6f:1d:ed:20:c7:31:96:75:2e:fd:08:5d:2e:a7:8b:28:e9:6d:
         8e:da:19:4c:59:8d:f3:48:dd:e8:f7:6f:7e:42:bb:5f:ee:38:
         e5:97:58:5a:b4:f9:0b:63:5e:73:5a:8a:53:5f:e3:7c:2d:0e:
         a8:4e:60:12:f3:99:6e:3c:72:e7:3a:1f:7a:70:db:25:42:9d:
         cb:1d:7d:9e:b8:05:bd:ec:70:30:b0:ec:2f:40:dc:fd:2d:f0:
         24:92:7d:34:ce:5f:cd:19:02:2e:ca:1d:f3:28:5b:67:ef:07:
         29:3f:9a:ae
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgITBpR5FsmOSdprCASRxMiVY4ae2jANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyhhYjJkY2MxNjljOTVmMmIxNGRmMzFkZDI0YTFmNjcwMzRl
YTc3NzljMB4XDTI1MDkxMDEyNDIzM1oXDTI2MDkwOTEyNDczM1owMzExMC8GA1UE
AxMoRThCREI3NUI4MEVFMjk3MkMxQTkyREVDRTA1ODdDMDhCMDJCMTE4OTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMXgMKHn3IwS1spW+BPHjUgrXo/l
UTSq+Q6jtn3IzAYePTCrSiTmny2iA/J9KsC8+euqKrlUnghh0Cf2BlUd9QNCMqBs
l/kCClA7sFIor6R0FxE16/UqOmLPjZiPbwBgloJgwUoKRaZSYRxyIeeJ/K1ZnTew
j8XHKWgk0JHaE963j1IxXl3UV7n5uhgCqTtSkHkcCF/zbkg2ZqxUXDFuZbb/WKky
CvIkD1XgJNgcl0QukdMLNmSwuGdoEXt0lmZtlEXNt+lSAl/Jp9Fs2f8jQR8200u9
zwRbtet1m+D1HZ2jJx+xc79UIDBM4H48cijt8OiA2bzYG2+Ui2v/5mHGbSkCAwEA
AaOCAjswggI3MB0GA1UdDgQWBBTovbdbgO4pcsGpLezgWHwIsCsRiTAfBgNVHSME
GDAWgBSrLcwWnJXysU3zHdJKH2cDTqd3nDAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS9mZTM3MDhhMC02N2Q1LTRhYzItYWJjNC1hMzMyNTkwYjk5
YWYvNC9BQjJEQ0MxNjlDOTVGMkIxNERGMzFERDI0QTFGNjcwMzRFQTc3NzlDLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvcXkzTUZweVY4ckZOOHgzU1NoOW5BMDZu
ZDV3LmNlcjCBqwYIKwYBBQUHAQsEgZ4wgZswgZgGCCsGAQUFBzALhoGLcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9mZTM3MDhhMC02
N2Q1LTRhYzItYWJjNC1hMzMyNTkwYjk5YWYvNC8zNDM1MmUzODMwMmUzMjM5MmUz
MDJmMzIzNDJkMzMzMjIwM2QzZTIwMzEzNDMxMzkzOTM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVAd
MA0GCSqGSIb3DQEBCwUAA4IBAQAonTExufMdJtf0MUGFhjyGczBTYuCBBWfaMlkW
feFV75EDppWJjwoOceQdZMHGP3vxC8d5zKJbfrTKRcwe86l9hoB9dYD2hYk4Uts6
0/ik+vuCyvXKam1q2Y4tFCFotTnHOMws4BhaurnZu9tKfa2n2IipqgXmyizENkL1
njlgYpkqrG3sFcFhKWp7gju1B+NvHe0gxzGWdS79CF0up4so6W2O2hlMWY3zSN3o
929+Qrtf7jjll1hatPkLY15zWopTX+N8LQ6oTmAS85luPHLnOh96cNslQp3LHX2e
uAW97HAwsOwvQNz9LfAkkn00zl/NGQIuyh3zKFtn7wcpP5qu
-----END CERTIFICATE-----