Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2032383536.roa
File:                     3134352e37392e3137322e302f32322d3234203d3e2032383536.roa (raw, json)
Hash identifier:          mpAos3wqJ7eXdBz6sBkUDcLK3d4jqXQeEzFtqfyN1eE=
Subject key identifier:   80:1A:52:35:CF:5D:3C:25:36:0F:89:B7:1C:FA:E0:4E:49:06:25:A5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       238F22373D83A4E486EBDCDC162F2A427A8DFC1B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2032383536.roa
Signing time:             Wed 16 Jul 2025 09:31:54 +0000
ROA not before:           Wed 16 Jul 2025 09:26:54 +0000
ROA not after:            Wed 15 Jul 2026 09:31:54 +0000
asID:                     2856
IP address blocks:        145.79.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:8f:22:37:3d:83:a4:e4:86:eb:dc:dc:16:2f:2a:42:7a:8d:fc:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 16 09:26:54 2025 GMT
            Not After : Jul 15 09:31:54 2026 GMT
        Subject: CN=801A5235CF5D3C25360F89B71CFAE04E490625A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:66:16:49:9d:49:76:c1:a1:8d:4d:36:83:1a:
                    9d:df:57:cd:cd:e2:a1:2d:85:a0:35:36:e0:76:41:
                    4d:88:6d:f8:e1:9d:2e:7f:8b:51:38:58:53:09:c7:
                    f7:da:de:04:ec:14:3c:e7:ab:ea:06:ae:3d:2a:d9:
                    53:13:f6:11:49:e6:07:0e:74:48:0f:a8:20:1e:03:
                    b0:1c:8b:a6:20:48:9e:94:a4:cf:0f:51:48:05:43:
                    56:35:40:62:06:04:04:af:14:1f:95:42:39:61:10:
                    5c:14:df:41:27:73:fc:12:9e:f3:95:2f:74:d3:d6:
                    dd:7f:07:9a:85:f0:09:ac:19:d8:aa:cb:a9:e6:bf:
                    b9:a2:62:bb:18:29:97:fd:90:a3:74:a4:71:5f:39:
                    4c:e5:4f:ed:33:84:00:79:79:54:7a:1e:64:cc:c4:
                    40:4f:c7:16:8b:bd:e3:c6:2f:94:b1:d3:78:c8:ad:
                    4b:a3:df:f4:ce:31:b5:d8:4a:02:ea:3f:f2:2c:66:
                    98:97:ff:87:2d:aa:7e:09:7c:81:d7:5c:ff:2b:c2:
                    8d:ad:37:dc:01:9e:3a:09:f2:b3:49:f0:72:1b:27:
                    88:82:69:9b:3f:81:e6:f5:ea:88:4f:ba:48:6a:4f:
                    dd:6a:22:8d:56:c2:4c:85:87:5a:76:80:58:cd:71:
                    9a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:1A:52:35:CF:5D:3C:25:36:0F:89:B7:1C:FA:E0:4E:49:06:25:A5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2032383536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:38:a3:12:fd:59:a1:ff:37:9f:a2:63:f7:ea:74:d2:e9:e0:
         2b:df:8d:ef:be:53:cc:0d:23:a1:0d:2a:1e:ca:4f:ef:72:c0:
         39:f4:b6:3c:9e:e8:c4:4c:ab:40:6d:1d:76:bf:3a:b1:26:e8:
         fb:eb:cc:df:6d:99:ee:0c:eb:75:ea:01:32:66:ea:df:a1:e2:
         96:51:ce:82:d6:93:c9:6d:ac:08:ae:f6:e4:40:c4:77:a7:d0:
         96:9f:23:65:f7:85:cf:08:d6:f2:f1:2e:e7:fa:e8:c1:09:31:
         95:4e:c6:c7:36:e4:41:bf:40:34:2b:e2:4b:14:79:1b:46:c3:
         57:99:67:5f:71:b3:4b:2b:c1:5b:4d:dc:01:ab:36:ba:f8:7c:
         22:0e:7e:96:6d:17:38:f4:9d:6c:94:b2:ba:7e:ef:7b:d6:e5:
         fc:77:56:f3:50:90:50:41:7e:56:2f:22:74:49:e1:86:df:fc:
         10:b5:96:f9:cc:53:65:d4:47:c0:e4:0e:f9:0f:93:94:5f:38:
         2b:6c:88:92:06:d4:b2:a6:f5:91:c8:b8:fb:01:e3:39:b1:6e:
         87:78:d8:3c:d5:6c:40:64:6e:28:52:bb:68:67:c4:89:4c:72:
         f6:dd:ce:f3:f1:c9:2b:8e:56:24:ab:c9:08:3c:4b:a9:d9:d7:
         cc:94:88:20
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUI48iNz2DpOSG69zcFi8qQnqN/BswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTYwOTI2NTRaFw0yNjA3MTUwOTMxNTRaMDMxMTAvBgNV
BAMTKDgwMUE1MjM1Q0Y1RDNDMjUzNjBGODlCNzFDRkFFMDRFNDkwNjI1QTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXZhZJnUl2waGNTTaDGp3fV83N
4qEthaA1NuB2QU2IbfjhnS5/i1E4WFMJx/fa3gTsFDznq+oGrj0q2VMT9hFJ5gcO
dEgPqCAeA7Aci6YgSJ6UpM8PUUgFQ1Y1QGIGBASvFB+VQjlhEFwU30Enc/wSnvOV
L3TT1t1/B5qF8AmsGdiqy6nmv7miYrsYKZf9kKN0pHFfOUzlT+0zhAB5eVR6HmTM
xEBPxxaLvePGL5Sx03jIrUuj3/TOMbXYSgLqP/IsZpiX/4ctqn4JfIHXXP8rwo2t
N9wBnjoJ8rNJ8HIbJ4iCaZs/geb16ohPukhqT91qIo1WwkyFh1p2gFjNcZr3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgBpSNc9dPCU2D4m3HPrgTkkGJaUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM3
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjM4MzUzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApFP
rDANBgkqhkiG9w0BAQsFAAOCAQEAhDijEv1Zof83n6Jj9+p00ungK9+N775TzA0j
oQ0qHspP73LAOfS2PJ7oxEyrQG0ddr86sSbo++vM322Z7gzrdeoBMmbq36HillHO
gtaTyW2sCK725EDEd6fQlp8jZfeFzwjW8vEu5/rowQkxlU7GxzbkQb9ANCviSxR5
G0bDV5lnX3GzSyvBW03cAas2uvh8Ig5+lm0XOPSdbJSyun7ve9bl/HdW81CQUEF+
Vi8idEnhht/8ELWW+cxTZdRHwOQO+Q+TlF84K2yIkgbUsqb1kci4+wHjObFuh3jY
PNVsQGRuKFK7aGfEiUxy9t3O8/HJK45WJKvJCDxLqdnXzJSIIA==
-----END CERTIFICATE-----