Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3139312e302f32342d3234203d3e2039333034.roa
File:                     3134352e37392e3139312e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          FHDFv4mVjwFDp9PraxyFqk08V6kcCbU53YGLUCyUkPY=
Subject key identifier:   71:77:47:F1:54:04:2C:E6:FA:67:31:5C:D7:AB:0D:9A:9F:D6:96:5D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       664BA4CABD2381B132C2890A1F5BA235050D7269
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3139312e302f32342d3234203d3e2039333034.roa
Signing time:             Thu 10 Jul 2025 08:06:09 +0000
ROA not before:           Thu 10 Jul 2025 08:01:09 +0000
ROA not after:            Thu 09 Jul 2026 08:06:09 +0000
asID:                     9304
IP address blocks:        145.79.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:4b:a4:ca:bd:23:81:b1:32:c2:89:0a:1f:5b:a2:35:05:0d:72:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 10 08:01:09 2025 GMT
            Not After : Jul  9 08:06:09 2026 GMT
        Subject: CN=717747F154042CE6FA67315CD7AB0D9A9FD6965D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:75:b6:f0:a8:35:fb:c6:de:f2:3c:e7:09:05:
                    d0:88:29:94:77:d9:e6:7f:df:f7:9b:80:fe:88:2a:
                    ff:27:f9:06:89:d1:0d:7c:f1:e1:99:01:cd:f1:c9:
                    1d:3e:bd:a8:c7:0f:ff:ef:6b:5c:fb:90:fb:99:34:
                    6e:6a:36:38:21:48:64:25:ec:80:74:5f:e5:61:2e:
                    e1:ec:d2:1f:d7:ea:a2:77:02:00:d5:98:67:43:2c:
                    9d:c0:7c:5e:a5:09:0b:4a:6b:75:b8:9b:0e:0b:0d:
                    99:88:e2:e0:52:b8:d1:e1:a0:d4:31:e4:5a:17:b0:
                    43:ee:95:1d:87:c0:f8:89:5f:6c:c8:be:19:29:50:
                    f5:69:37:a3:2d:8a:ab:90:7d:d3:66:68:d5:61:9b:
                    f9:f9:ef:48:d5:6b:ba:b8:e5:48:07:28:a2:b4:0d:
                    3f:78:a4:bf:6a:be:da:50:10:31:0b:a3:36:88:bb:
                    30:7b:7a:bb:02:ae:01:93:3b:16:9f:48:60:07:f1:
                    f2:a6:03:be:64:44:9e:33:b2:f8:f8:26:db:89:d5:
                    23:08:43:1c:56:80:ea:bb:02:78:21:c6:b8:79:2a:
                    70:50:44:f0:f7:dc:c2:f3:b9:97:4b:f2:73:64:c4:
                    8a:34:ee:a2:51:a0:65:89:5b:3a:74:fb:6d:8b:44:
                    0e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:77:47:F1:54:04:2C:E6:FA:67:31:5C:D7:AB:0D:9A:9F:D6:96:5D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3139312e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ef:10:28:23:9a:18:41:94:27:d1:63:bb:7f:35:e0:3c:e7:
         8f:5e:cd:d0:07:67:d8:db:9e:aa:75:9e:0a:cf:6e:a8:02:f7:
         fe:9c:94:e7:b2:39:fd:c6:9f:52:a7:70:c6:4c:5f:81:02:d4:
         3b:1d:6c:de:da:5f:87:d6:12:f6:af:26:77:33:50:2d:4c:1d:
         34:6d:d6:ff:c8:45:f1:47:a8:b5:f5:88:c6:f1:46:44:39:5b:
         0c:76:fa:aa:3e:c1:f7:d0:2e:68:62:50:85:63:2f:13:71:4b:
         0b:4c:d8:26:54:db:d0:35:99:6b:a6:39:55:c3:b8:70:84:0a:
         59:d0:36:1b:a9:98:81:0f:4c:12:23:25:39:31:b2:be:41:03:
         ce:12:5c:4f:d3:de:f1:f7:75:bd:f0:43:83:1b:9f:c0:72:55:
         be:84:4f:f5:9c:b3:ed:f2:c9:40:5a:0a:f4:0b:f3:98:3b:dd:
         2d:ad:a1:ed:28:67:3b:4b:b4:be:56:9e:8f:f6:8a:af:76:62:
         3b:bd:86:bd:5a:85:a8:22:cd:a2:21:4e:aa:bc:de:81:a1:7c:
         9f:d7:32:4b:ca:15:16:9a:98:20:02:6a:4a:f2:eb:db:0c:bd:
         68:35:41:70:79:70:4b:f3:a3:05:68:06:4d:06:60:c7:db:af:
         db:ca:cb:f0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZkukyr0jgbEywokKH1uiNQUNcmkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTAwODAxMDlaFw0yNjA3MDkwODA2MDlaMDMxMTAvBgNV
BAMTKDcxNzc0N0YxNTQwNDJDRTZGQTY3MzE1Q0Q3QUIwRDlBOUZENjk2NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWdbbwqDX7xt7yPOcJBdCIKZR3
2eZ/3/ebgP6IKv8n+QaJ0Q188eGZAc3xyR0+vajHD//va1z7kPuZNG5qNjghSGQl
7IB0X+VhLuHs0h/X6qJ3AgDVmGdDLJ3AfF6lCQtKa3W4mw4LDZmI4uBSuNHhoNQx
5FoXsEPulR2HwPiJX2zIvhkpUPVpN6MtiquQfdNmaNVhm/n570jVa7q45UgHKKK0
DT94pL9qvtpQEDELozaIuzB7ersCrgGTOxafSGAH8fKmA75kRJ4zsvj4JtuJ1SMI
QxxWgOq7Anghxrh5KnBQRPD33MLzuZdL8nNkxIo07qJRoGWJWzp0+22LRA5HAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcXdH8VQELOb6ZzFc16sNmp/Wll0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM5
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
vzANBgkqhkiG9w0BAQsFAAOCAQEAW+8QKCOaGEGUJ9Fju3814Dznj17N0Adn2Nue
qnWeCs9uqAL3/pyU57I5/cafUqdwxkxfgQLUOx1s3tpfh9YS9q8mdzNQLUwdNG3W
/8hF8UeotfWIxvFGRDlbDHb6qj7B99AuaGJQhWMvE3FLC0zYJlTb0DWZa6Y5VcO4
cIQKWdA2G6mYgQ9MEiMlOTGyvkEDzhJcT9Pe8fd1vfBDgxufwHJVvoRP9Zyz7fLJ
QFoK9AvzmDvdLa2h7ShnO0u0vlaej/aKr3ZiO72GvVqFqCLNoiFOqrzegaF8n9cy
S8oVFpqYIAJqSvLr2wy9aDVBcHlwS/OjBWgGTQZgx9uv28rL8A==
-----END CERTIFICATE-----