Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136332e302f32342d3234203d3e2039333034.roa
File:                     3134352e37392e3136332e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          nKUGMK2woi2EujzO9EjUxrkzoffyLHcFxjuOmZjRkFo=
Subject key identifier:   FB:26:AA:65:12:C3:13:63:44:22:FA:F9:4E:03:7B:97:DA:99:63:46
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3813DCE18759DF93BACD98FED97E61A0D8EC3FE7
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136332e302f32342d3234203d3e2039333034.roa
Signing time:             Thu 03 Jul 2025 20:20:15 +0000
ROA not before:           Thu 03 Jul 2025 20:15:15 +0000
ROA not after:            Thu 02 Jul 2026 20:20:15 +0000
asID:                     9304
IP address blocks:        145.79.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:13:dc:e1:87:59:df:93:ba:cd:98:fe:d9:7e:61:a0:d8:ec:3f:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul  3 20:15:15 2025 GMT
            Not After : Jul  2 20:20:15 2026 GMT
        Subject: CN=FB26AA6512C313634422FAF94E037B97DA996346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:08:49:03:f0:2e:e7:29:57:52:60:be:9d:6e:
                    c4:4a:57:80:9b:c4:40:dd:69:9d:59:cc:26:a1:24:
                    3f:a5:29:34:f2:66:da:d9:2a:4a:8f:7d:cf:2b:39:
                    2a:fb:cc:d2:b6:4a:25:85:87:b7:71:13:24:6b:2d:
                    32:11:fa:60:98:47:7a:79:c1:9b:7c:29:10:47:c9:
                    d7:7f:f7:50:52:11:20:cb:55:d9:c8:d9:89:46:ac:
                    42:d5:a1:34:1a:d8:97:4e:15:4b:78:68:b2:2b:72:
                    d6:bc:3c:60:fd:63:f5:45:03:58:db:99:77:53:9c:
                    b8:a7:d1:fa:04:41:cd:f9:53:69:80:a1:75:67:51:
                    29:7f:41:61:ed:6c:b0:7a:f3:90:42:a9:25:ab:17:
                    14:ee:b9:87:a5:2c:bf:65:98:42:8e:66:92:92:31:
                    eb:8d:7e:56:b1:ed:83:79:c5:20:dd:e3:54:7f:5b:
                    32:b3:6a:53:09:eb:c2:7d:f3:1b:18:7c:39:04:29:
                    5a:e2:32:01:5c:36:f6:3b:f1:67:8f:8e:6a:3b:fc:
                    be:d2:e6:76:ef:ce:3c:5e:a3:e3:96:de:fa:0a:85:
                    44:7d:e8:12:35:99:44:12:93:a7:6f:73:a7:f9:ac:
                    ef:02:70:23:99:9e:95:e8:78:85:41:bf:e7:43:b0:
                    0e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:26:AA:65:12:C3:13:63:44:22:FA:F9:4E:03:7B:97:DA:99:63:46
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136332e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:fe:2b:1c:39:f0:ad:a8:5e:ba:fc:9d:fa:eb:1e:20:9d:db:
         21:a7:8e:ea:4b:c8:9a:89:ce:3b:0e:4c:c0:66:2f:55:c8:de:
         60:81:60:4e:78:af:82:19:4f:4c:ed:ac:9b:31:4b:78:22:a7:
         1b:8f:da:48:11:9d:0a:68:cf:ef:c6:0b:65:b0:16:ad:e2:07:
         32:30:0a:bc:1a:65:93:46:a2:c0:3a:3e:01:53:fd:e0:d6:ee:
         fe:cc:c4:c7:e3:bc:51:1e:63:2d:b5:61:11:87:9f:fd:ea:0f:
         df:59:9c:90:f5:e1:c6:b7:2f:27:46:0e:8f:42:ff:41:16:fb:
         32:f6:c4:02:e6:ef:d7:a5:b6:f6:85:63:5b:bd:4d:84:5d:ec:
         04:2b:a0:6d:fd:21:49:0d:de:66:db:90:7d:6d:74:39:44:e4:
         be:e1:d0:78:cd:6c:f7:81:85:0e:6f:75:96:00:d0:34:37:4a:
         78:f2:8e:4d:64:8b:a1:70:49:8a:8c:8b:09:86:29:56:a0:44:
         bc:c5:2e:a2:f5:77:c0:8a:77:7a:47:ae:39:80:19:fc:f3:72:
         a9:6e:80:3d:5d:af:1b:fc:9d:73:77:73:f1:91:60:59:eb:89:
         c9:dc:ff:ce:a2:eb:ac:80:a7:e5:6d:c3:97:24:89:d4:32:ad:
         fa:63:0b:9e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOBPc4YdZ35O6zZj+2X5hoNjsP+cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MDMyMDE1MTVaFw0yNjA3MDIyMDIwMTVaMDMxMTAvBgNV
BAMTKEZCMjZBQTY1MTJDMzEzNjM0NDIyRkFGOTRFMDM3Qjk3REE5OTYzNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhCEkD8C7nKVdSYL6dbsRKV4Cb
xEDdaZ1ZzCahJD+lKTTyZtrZKkqPfc8rOSr7zNK2SiWFh7dxEyRrLTIR+mCYR3p5
wZt8KRBHydd/91BSESDLVdnI2YlGrELVoTQa2JdOFUt4aLIrcta8PGD9Y/VFA1jb
mXdTnLin0foEQc35U2mAoXVnUSl/QWHtbLB685BCqSWrFxTuuYelLL9lmEKOZpKS
MeuNflax7YN5xSDd41R/WzKzalMJ68J98xsYfDkEKVriMgFcNvY78WePjmo7/L7S
5nbvzjxeo+OW3voKhUR96BI1mUQSk6dvc6f5rO8CcCOZnpXoeIVBv+dDsA4zAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+yaqZRLDE2NEIvr5TgN7l9qZY0YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM2
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
ozANBgkqhkiG9w0BAQsFAAOCAQEAXP4rHDnwraheuvyd+useIJ3bIaeO6kvImonO
Ow5MwGYvVcjeYIFgTnivghlPTO2smzFLeCKnG4/aSBGdCmjP78YLZbAWreIHMjAK
vBplk0aiwDo+AVP94Nbu/szEx+O8UR5jLbVhEYef/eoP31mckPXhxrcvJ0YOj0L/
QRb7MvbEAubv16W29oVjW71NhF3sBCugbf0hSQ3eZtuQfW10OUTkvuHQeM1s94GF
Dm91lgDQNDdKePKOTWSLoXBJioyLCYYpVqBEvMUuovV3wIp3ekeuOYAZ/PNyqW6A
PV2vG/ydc3dz8ZFgWeuJydz/zqLrrICn5W3DlySJ1DKt+mMLng==
-----END CERTIFICATE-----