Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3139302e302f32342d3234203d3e2039333034.roa
File:                     3134352e37392e3139302e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          wMSh5skGGkHLzB7F9xuVDdHub5Bi/J+zaxywHMt6B4Y=
Subject key identifier:   51:47:40:29:40:CD:5E:06:89:8F:4B:6B:C2:B0:CC:87:C0:7A:12:14
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       18B170B1D1DD5C6B5602B022862CFBD024B17843
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3139302e302f32342d3234203d3e2039333034.roa
Signing time:             Thu 10 Jul 2025 08:06:18 +0000
ROA not before:           Thu 10 Jul 2025 08:01:18 +0000
ROA not after:            Thu 09 Jul 2026 08:06:18 +0000
asID:                     9304
IP address blocks:        145.79.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:b1:70:b1:d1:dd:5c:6b:56:02:b0:22:86:2c:fb:d0:24:b1:78:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 10 08:01:18 2025 GMT
            Not After : Jul  9 08:06:18 2026 GMT
        Subject: CN=5147402940CD5E06898F4B6BC2B0CC87C07A1214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7d:80:b1:93:0a:ae:c3:84:db:7e:ef:56:57:
                    f9:00:aa:8d:27:37:46:4c:52:97:3c:3c:6e:e2:47:
                    48:22:e9:eb:02:31:40:c5:6f:c8:63:2e:c3:f9:35:
                    fc:71:e5:e3:73:65:dd:47:b3:32:d4:20:45:5a:8e:
                    3e:68:14:8c:39:47:f7:3f:24:4d:20:15:db:81:b2:
                    0a:42:82:83:48:75:aa:94:eb:63:51:40:f7:ea:5d:
                    f1:cd:bc:dd:09:b2:f4:52:74:e2:6c:3f:65:d4:5e:
                    e0:b1:d6:18:79:29:41:c6:a5:7d:ae:ca:0c:19:1a:
                    b0:2a:1d:ee:cd:aa:dd:f2:a7:a5:c4:c4:9c:8e:5d:
                    3c:41:f0:cd:6e:3d:58:cf:77:13:75:0d:1c:88:a1:
                    5d:a6:84:54:7c:45:83:a9:61:3d:a4:fa:e0:86:cc:
                    02:84:92:ea:ec:22:a5:d1:d2:78:80:d0:8d:a8:e2:
                    d4:79:b3:98:67:51:0e:5d:94:35:0c:28:d8:f3:43:
                    ad:ce:83:e0:7f:73:f3:f1:fc:4f:1f:9e:36:8a:6e:
                    4c:86:54:7b:4d:d1:e2:a5:e0:da:fe:cd:30:ce:73:
                    f5:2d:fd:01:c8:56:89:1e:ed:7b:88:c4:5d:99:13:
                    14:60:ae:2f:93:93:e4:99:54:fb:88:62:73:68:c0:
                    2c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:47:40:29:40:CD:5E:06:89:8F:4B:6B:C2:B0:CC:87:C0:7A:12:14
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3139302e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:4b:48:1e:b0:fb:9c:49:2e:29:d9:7a:ce:55:cc:b5:af:82:
         5e:a8:68:d3:65:c8:9a:5e:ca:08:8f:a0:22:57:93:80:11:49:
         63:58:f4:75:f3:87:b0:3f:83:a3:5b:83:ab:d7:ab:83:14:66:
         57:d6:c8:cf:45:a5:18:bb:6f:d1:c8:de:5e:9e:f2:f2:76:7d:
         18:73:f6:81:f3:97:e0:21:2d:12:44:44:dd:fb:f2:4f:d6:ca:
         c2:95:90:6c:05:21:01:7c:75:68:cc:b7:89:42:53:74:19:36:
         1e:1c:d9:96:09:ff:5f:fc:50:39:4f:e0:94:a0:99:28:1f:6d:
         96:a0:7f:f8:bf:55:44:eb:2d:7b:b1:f8:e9:04:1f:4c:9b:a8:
         07:6b:a5:5d:42:c1:5f:18:72:00:77:00:a7:47:15:0d:22:1c:
         69:8f:e2:d9:90:c7:08:3a:89:91:54:0a:95:ec:bf:78:fe:23:
         84:24:f2:2e:e3:5a:92:3a:46:4f:47:29:ca:d0:92:5e:6b:b1:
         f1:4b:f1:f2:0e:93:99:54:df:7d:69:06:06:be:19:29:59:93:
         dc:d6:fd:2a:4e:d5:dd:9c:2e:f6:9c:95:e3:bd:1b:96:8a:84:
         d0:a7:dc:ea:99:db:5b:03:50:bb:5c:eb:5d:ef:4a:11:bd:c8:
         2f:ec:f9:a0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGLFwsdHdXGtWArAihiz70CSxeEMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTAwODAxMThaFw0yNjA3MDkwODA2MThaMDMxMTAvBgNV
BAMTKDUxNDc0MDI5NDBDRDVFMDY4OThGNEI2QkMyQjBDQzg3QzA3QTEyMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHfYCxkwquw4Tbfu9WV/kAqo0n
N0ZMUpc8PG7iR0gi6esCMUDFb8hjLsP5Nfxx5eNzZd1HszLUIEVajj5oFIw5R/c/
JE0gFduBsgpCgoNIdaqU62NRQPfqXfHNvN0JsvRSdOJsP2XUXuCx1hh5KUHGpX2u
ygwZGrAqHe7Nqt3yp6XExJyOXTxB8M1uPVjPdxN1DRyIoV2mhFR8RYOpYT2k+uCG
zAKEkursIqXR0niA0I2o4tR5s5hnUQ5dlDUMKNjzQ63Og+B/c/Px/E8fnjaKbkyG
VHtN0eKl4Nr+zTDOc/Ut/QHIVoke7XuIxF2ZExRgri+Tk+SZVPuIYnNowCx9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUUdAKUDNXgaJj0trwrDMh8B6EhQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM5
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
vjANBgkqhkiG9w0BAQsFAAOCAQEAQUtIHrD7nEkuKdl6zlXMta+CXqho02XIml7K
CI+gIleTgBFJY1j0dfOHsD+Do1uDq9ergxRmV9bIz0WlGLtv0cjeXp7y8nZ9GHP2
gfOX4CEtEkRE3fvyT9bKwpWQbAUhAXx1aMy3iUJTdBk2HhzZlgn/X/xQOU/glKCZ
KB9tlqB/+L9VROste7H46QQfTJuoB2ulXULBXxhyAHcAp0cVDSIcaY/i2ZDHCDqJ
kVQKley/eP4jhCTyLuNakjpGT0cpytCSXmux8Uvx8g6TmVTffWkGBr4ZKVmT3Nb9
Kk7V3Zwu9pyV470bloqE0Kfc6pnbWwNQu1zrXe9KEb3IL+z5oA==
-----END CERTIFICATE-----