Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36362e302f32342d3234203d3e203332303433.roa
File:                     3134352e37392e36362e302f32342d3234203d3e203332303433.roa (raw, json)
Hash identifier:          jBxHXhONeU1O2tC+CzNnK036uvZqrH3NhXDqVzokWTI=
Subject key identifier:   6E:19:B9:DC:AD:82:69:8E:A9:59:8C:29:BA:14:3C:CD:08:F4:60:3B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1ECCAF318DD46D4B7A8246A5EB5EEAA000BD1D94
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36362e302f32342d3234203d3e203332303433.roa
Signing time:             Wed 09 Jul 2025 10:50:33 +0000
ROA not before:           Wed 09 Jul 2025 10:45:33 +0000
ROA not after:            Wed 08 Jul 2026 10:50:33 +0000
asID:                     32043
IP address blocks:        145.79.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:cc:af:31:8d:d4:6d:4b:7a:82:46:a5:eb:5e:ea:a0:00:bd:1d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul  9 10:45:33 2025 GMT
            Not After : Jul  8 10:50:33 2026 GMT
        Subject: CN=6E19B9DCAD82698EA9598C29BA143CCD08F4603B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8e:cf:00:17:ac:d4:9d:15:57:a9:a1:6b:1f:
                    da:a8:44:3e:a6:d3:79:1f:69:6e:3b:a6:7a:ce:00:
                    a1:9f:04:95:1d:c3:1f:b6:1f:8c:21:26:b5:80:88:
                    55:86:9e:23:4a:00:7a:a1:7a:e3:90:33:2f:88:be:
                    ec:93:d2:0b:a2:f2:a3:a7:ba:0d:1a:d9:70:a9:02:
                    1c:8b:28:12:48:0b:cd:51:ac:82:d1:ea:64:82:2a:
                    7d:0c:13:fd:f3:2d:5e:bf:55:e2:98:18:83:32:dd:
                    02:06:5f:3e:92:8e:5c:0a:e7:2c:d2:14:59:4b:5c:
                    fe:55:62:47:2b:4e:27:57:af:82:49:f4:ee:e3:01:
                    56:ae:76:2a:2b:89:aa:40:35:d4:ad:8b:6a:a5:b3:
                    02:0e:55:b9:e7:af:99:e1:79:85:d3:58:59:6b:48:
                    0f:c4:27:d6:13:0b:0a:2e:2a:f7:2d:cf:e6:7e:39:
                    8b:24:1a:76:f0:1b:94:d3:b9:ac:96:d5:73:2b:d3:
                    f0:76:05:1c:4a:f4:e6:32:7e:d5:21:4e:49:08:df:
                    e5:07:43:f1:50:fe:3a:02:7e:0d:97:85:d7:8d:3a:
                    40:ef:e7:73:26:b5:bb:65:c4:6a:54:1e:5c:7e:5c:
                    25:fa:b5:b8:c7:ee:c2:6f:fd:14:73:df:92:7c:a2:
                    58:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:19:B9:DC:AD:82:69:8E:A9:59:8C:29:BA:14:3C:CD:08:F4:60:3B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36362e302f32342d3234203d3e203332303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:74:8a:d9:12:48:61:ed:eb:6c:c5:dc:ff:58:67:31:87:a1:
         53:3c:b3:ea:11:5f:5f:93:79:b6:59:dd:f6:b3:67:c3:c4:aa:
         76:aa:eb:35:32:d3:ed:03:1b:a0:35:00:20:76:bc:a4:1d:03:
         b7:fe:3c:2a:ab:20:10:1d:7b:ae:52:46:f5:ff:bc:67:b3:2e:
         cf:26:0a:95:88:b9:20:74:a1:a0:87:f6:d1:25:36:80:f9:0d:
         1c:ed:bb:d0:06:24:35:34:01:34:16:9d:f9:e0:35:b1:2d:f2:
         2a:a4:1c:35:77:34:10:8d:13:39:16:e4:a0:85:5e:c3:7c:83:
         3b:d8:85:99:ad:78:86:49:a5:d8:44:8e:69:b9:42:e2:05:9c:
         0e:76:3a:fc:83:04:b6:4a:8a:8c:12:fb:03:ca:07:d4:a9:b6:
         49:e0:d6:f4:07:53:69:1e:57:5f:8c:2f:a3:10:e3:96:06:f7:
         21:69:58:ff:82:49:b0:04:16:8d:59:c6:28:21:54:f6:31:ea:
         06:fc:d6:3e:21:d4:80:4b:bd:be:b7:8c:83:60:b1:52:e7:f9:
         a7:7d:9c:2f:26:52:04:ac:df:b1:ef:16:3f:2d:18:8f:08:32:
         e4:a4:ed:38:c3:6f:a1:c7:ac:de:12:43:fb:31:dd:e6:22:68:
         bb:df:1d:3e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHsyvMY3UbUt6gkal617qoAC9HZQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MDkxMDQ1MzNaFw0yNjA3MDgxMDUwMzNaMDMxMTAvBgNV
BAMTKDZFMTlCOURDQUQ4MjY5OEVBOTU5OEMyOUJBMTQzQ0NEMDhGNDYwM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCljs8AF6zUnRVXqaFrH9qoRD6m
03kfaW47pnrOAKGfBJUdwx+2H4whJrWAiFWGniNKAHqheuOQMy+IvuyT0gui8qOn
ug0a2XCpAhyLKBJIC81RrILR6mSCKn0ME/3zLV6/VeKYGIMy3QIGXz6SjlwK5yzS
FFlLXP5VYkcrTidXr4JJ9O7jAVaudioriapANdSti2qlswIOVbnnr5nheYXTWFlr
SA/EJ9YTCwouKvctz+Z+OYskGnbwG5TTuayW1XMr0/B2BRxK9OYyftUhTkkI3+UH
Q/FQ/joCfg2XhdeNOkDv53MmtbtlxGpUHlx+XCX6tbjH7sJv/RRz35J8oliFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbhm53K2CaY6pWYwpuhQ8zQj0YDswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNjM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMjMwMzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
QjANBgkqhkiG9w0BAQsFAAOCAQEAlnSK2RJIYe3rbMXc/1hnMYehUzyz6hFfX5N5
tlnd9rNnw8SqdqrrNTLT7QMboDUAIHa8pB0Dt/48KqsgEB17rlJG9f+8Z7MuzyYK
lYi5IHShoIf20SU2gPkNHO270AYkNTQBNBad+eA1sS3yKqQcNXc0EI0TORbkoIVe
w3yDO9iFma14hkml2ESOablC4gWcDnY6/IMEtkqKjBL7A8oH1Km2SeDW9AdTaR5X
X4wvoxDjlgb3IWlY/4JJsAQWjVnGKCFU9jHqBvzWPiHUgEu9vreMg2CxUuf5p32c
LyZSBKzfse8WPy0Yjwgy5KTtOMNvoces3hJD+zHd5iJou98dPg==
-----END CERTIFICATE-----