Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135352e302f32342d3234203d3e20383334.roa
File:                     3134352e37392e3135352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          9mGxh26J23NnYv/6aSGkjqriOSCw9XrAlOBDiK1Uz7E=
Subject key identifier:   65:BA:D2:5C:55:C8:8B:E1:5B:F3:53:03:76:4D:D8:61:C7:48:DE:6A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       70ADD9C8E1A95B036BD1ED6A0056B502875538FF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135352e302f32342d3234203d3e20383334.roa
Signing time:             Sat 12 Jul 2025 08:02:22 +0000
ROA not before:           Sat 12 Jul 2025 07:57:22 +0000
ROA not after:            Sat 11 Jul 2026 08:02:22 +0000
asID:                     834
IP address blocks:        145.79.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:ad:d9:c8:e1:a9:5b:03:6b:d1:ed:6a:00:56:b5:02:87:55:38:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 12 07:57:22 2025 GMT
            Not After : Jul 11 08:02:22 2026 GMT
        Subject: CN=65BAD25C55C88BE15BF35303764DD861C748DE6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d7:d0:65:5e:7b:09:44:6a:32:6a:d3:ef:dc:
                    6c:46:d6:22:b3:0b:fd:82:72:10:25:5e:be:8f:81:
                    99:6e:a3:0f:f4:81:65:c4:e7:9f:44:6b:7e:7a:eb:
                    1f:14:4f:fe:62:72:a2:2f:29:41:a1:a6:69:6e:01:
                    5a:d6:db:f0:ca:40:8e:da:a9:c7:0f:28:13:4e:36:
                    87:ae:a8:aa:e3:2d:aa:c2:87:df:39:4a:ca:86:56:
                    c4:2b:08:6e:8c:dd:21:4f:f5:70:22:1a:1b:ee:b2:
                    0d:1a:6a:7f:ad:7f:79:d4:25:cb:d2:18:34:f7:38:
                    b5:8e:37:70:34:66:e9:f8:87:fc:f2:44:aa:e5:84:
                    5e:76:22:d9:22:02:6f:69:bc:64:e2:ea:e8:6f:df:
                    ab:d5:ff:f8:4f:ec:de:f0:31:36:38:53:f3:b1:27:
                    a8:44:05:ad:a7:1f:27:ca:7e:7b:58:e7:5f:2c:e5:
                    4d:de:26:8f:90:95:e4:37:50:9e:c2:7a:da:15:ef:
                    07:f9:45:be:76:0d:3b:94:9b:24:5b:d4:a8:04:c0:
                    a7:44:ef:3e:14:54:1a:55:20:1a:c3:ec:97:cc:1b:
                    e8:cf:59:11:97:f1:1f:b2:ac:96:c4:c2:34:4f:9e:
                    cb:6d:20:68:8a:a3:f2:32:ba:54:1f:88:8d:bc:eb:
                    8b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:BA:D2:5C:55:C8:8B:E1:5B:F3:53:03:76:4D:D8:61:C7:48:DE:6A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:37:83:d5:20:0b:fb:ab:c7:47:67:bb:20:d5:ca:76:43:4d:
         ad:21:83:a3:af:6c:d2:c4:95:0a:b6:9e:85:05:95:9a:56:3e:
         fc:64:bb:e4:a3:3e:33:eb:d7:15:59:76:bb:a6:be:e6:c8:06:
         a5:46:90:dc:aa:66:03:af:95:14:84:7c:50:9f:62:09:68:08:
         ad:3b:bf:34:ee:0a:ef:4d:67:3d:51:a4:b5:3b:0e:19:74:d5:
         6b:64:22:87:1c:38:11:4a:46:19:17:aa:b5:2a:e8:f2:2d:60:
         1f:4f:08:56:a8:0a:69:23:c7:96:80:57:bd:4a:9b:e7:b1:47:
         fd:04:d6:6b:02:0b:07:2d:aa:82:5f:44:10:39:d1:b8:f9:86:
         cd:00:21:1a:ee:e7:e6:bb:d8:60:be:5e:a9:5e:d4:0e:0e:45:
         49:74:9e:1e:c8:e9:00:88:83:fa:3c:18:95:fc:3b:06:ac:0b:
         03:20:ec:e4:af:0f:a9:93:8b:f9:d2:36:24:69:69:a2:19:db:
         d3:07:c4:95:d6:b4:e9:3d:d8:84:de:da:c1:8f:83:52:ca:29:
         21:b4:23:57:b0:f5:97:f7:e2:d6:83:59:35:be:1b:e1:dc:2e:
         1c:d8:da:10:6c:18:1b:a1:a1:c7:ab:b0:b4:a7:1b:16:b0:17:
         64:fc:77:7d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcK3ZyOGpWwNr0e1qAFa1AodVOP8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTIwNzU3MjJaFw0yNjA3MTEwODAyMjJaMDMxMTAvBgNV
BAMTKDY1QkFEMjVDNTVDODhCRTE1QkYzNTMwMzc2NEREODYxQzc0OERFNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC519BlXnsJRGoyatPv3GxG1iKz
C/2CchAlXr6PgZluow/0gWXE559Ea3566x8UT/5icqIvKUGhpmluAVrW2/DKQI7a
qccPKBNONoeuqKrjLarCh985SsqGVsQrCG6M3SFP9XAiGhvusg0aan+tf3nUJcvS
GDT3OLWON3A0Zun4h/zyRKrlhF52ItkiAm9pvGTi6uhv36vV//hP7N7wMTY4U/Ox
J6hEBa2nHyfKfntY518s5U3eJo+QleQ3UJ7CetoV7wf5Rb52DTuUmyRb1KgEwKdE
7z4UVBpVIBrD7JfMG+jPWRGX8R+yrJbEwjRPnsttIGiKo/IyulQfiI2864tbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZbrSXFXIi+Fb81MDdk3YYcdI3mowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM1
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT5sw
DQYJKoZIhvcNAQELBQADggEBACw3g9UgC/urx0dnuyDVynZDTa0hg6OvbNLElQq2
noUFlZpWPvxku+SjPjPr1xVZdrumvubIBqVGkNyqZgOvlRSEfFCfYgloCK07vzTu
Cu9NZz1RpLU7Dhl01WtkIoccOBFKRhkXqrUq6PItYB9PCFaoCmkjx5aAV71Km+ex
R/0E1msCCwctqoJfRBA50bj5hs0AIRru5+a72GC+Xqle1A4ORUl0nh7I6QCIg/o8
GJX8OwasCwMg7OSvD6mTi/nSNiRpaaIZ29MHxJXWtOk92ITe2sGPg1LKKSG0I1ew
9Zf34taDWTW+G+HcLhzY2hBsGBuhocersLSnGxawF2T8d30=
-----END CERTIFICATE-----