Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36372e302f32342d3234203d3e203332303433.roa
File:                     3134352e37392e36372e302f32342d3234203d3e203332303433.roa (raw, json)
Hash identifier:          8pPTZ1gt6+HxEszLp80jFpr0Mwra+X9KEUHtjfnz2V4=
Subject key identifier:   EF:40:1D:66:22:25:FF:8C:80:F0:74:6F:3B:9B:42:8E:2A:6D:B3:9C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1E38A468463D066E8CAC6682118712369553E2EF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36372e302f32342d3234203d3e203332303433.roa
Signing time:             Wed 09 Jul 2025 10:50:55 +0000
ROA not before:           Wed 09 Jul 2025 10:45:55 +0000
ROA not after:            Wed 08 Jul 2026 10:50:55 +0000
asID:                     32043
IP address blocks:        145.79.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:38:a4:68:46:3d:06:6e:8c:ac:66:82:11:87:12:36:95:53:e2:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul  9 10:45:55 2025 GMT
            Not After : Jul  8 10:50:55 2026 GMT
        Subject: CN=EF401D662225FF8C80F0746F3B9B428E2A6DB39C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cc:24:0d:f8:4a:b5:4b:68:4a:96:93:a6:25:
                    62:60:7b:c0:c9:b5:fd:94:b2:60:24:e4:24:e1:8e:
                    b8:62:d6:00:93:ef:ba:da:38:9f:9d:48:85:b4:fc:
                    45:ee:fd:7e:4d:7f:7c:a2:7f:99:3b:f1:6e:91:d8:
                    bd:40:cd:83:6a:3a:bd:a9:74:71:c2:db:99:3c:5f:
                    93:5b:d7:9d:22:7a:f2:73:bf:93:8c:f0:ad:3b:a9:
                    cf:de:40:a7:44:79:d0:7a:79:59:b0:92:94:26:fc:
                    2f:7a:56:3c:92:08:8a:02:83:13:ba:6f:e2:4e:2e:
                    07:51:de:1f:01:9f:da:72:a4:62:56:18:69:c7:5e:
                    b0:c1:85:62:5d:c5:3d:f2:8e:11:16:fd:ec:cf:8e:
                    0d:ac:b2:a3:71:b5:c4:ca:60:c4:a1:94:90:97:1f:
                    eb:83:8a:91:23:bd:1f:98:fa:17:34:3c:41:aa:51:
                    9c:d6:11:fb:6b:91:58:74:cc:ad:21:ea:d3:bd:ef:
                    c1:e1:00:d2:25:28:61:a5:05:c8:45:84:37:76:4e:
                    36:ba:2b:7c:8a:56:e9:68:b3:89:58:44:85:d9:5a:
                    6f:9d:15:21:cb:85:7b:a0:9f:29:6f:1d:72:c6:af:
                    1b:37:de:8d:c1:d0:28:96:04:6f:1f:92:7a:48:55:
                    01:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:40:1D:66:22:25:FF:8C:80:F0:74:6F:3B:9B:42:8E:2A:6D:B3:9C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36372e302f32342d3234203d3e203332303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:a3:f1:b6:c8:b8:7d:b8:a1:93:18:b7:b5:14:c2:34:21:ca:
         73:0a:ee:5c:b3:2c:f4:81:91:f9:c4:83:18:b8:60:42:8b:b3:
         a6:51:79:5b:a0:bb:b4:5e:49:5e:b5:96:31:ef:a0:8e:c6:7c:
         e5:52:41:e4:b0:4b:51:6d:db:9f:ba:50:09:4d:f2:a2:d7:b6:
         88:c5:2d:f6:11:09:cc:12:bd:f0:3d:cb:17:33:0f:be:0e:28:
         7f:04:ca:e9:0c:12:c3:f1:2a:d3:50:9a:83:ce:bc:13:4b:10:
         d7:20:6f:72:2e:65:5d:40:7e:fd:57:63:ab:7f:6e:4b:1c:31:
         00:a5:98:72:04:fa:46:15:f8:05:1c:23:16:ee:6c:4c:f7:e3:
         40:44:2a:52:68:a4:3e:03:f8:4a:e6:51:43:a6:b2:6d:32:71:
         30:e1:00:26:69:70:ca:96:24:7f:36:31:e8:79:68:fb:6c:a7:
         6e:ee:85:f0:95:7a:e9:34:3e:bd:51:a3:f7:3e:c3:b9:b6:58:
         9a:36:b0:1b:01:bf:1e:19:2c:d3:ed:4d:2a:2c:89:cf:bf:16:
         2b:cd:d6:fd:25:1a:98:1b:a7:9b:3e:fe:92:a9:04:dd:2f:02:
         f1:df:3d:5b:c4:57:a6:a4:28:e8:3c:13:70:1e:4a:9b:4b:33:
         1a:de:fd:76
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHjikaEY9Bm6MrGaCEYcSNpVT4u8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MDkxMDQ1NTVaFw0yNjA3MDgxMDUwNTVaMDMxMTAvBgNV
BAMTKEVGNDAxRDY2MjIyNUZGOEM4MEYwNzQ2RjNCOUI0MjhFMkE2REIzOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzCQN+Eq1S2hKlpOmJWJge8DJ
tf2UsmAk5CThjrhi1gCT77raOJ+dSIW0/EXu/X5Nf3yif5k78W6R2L1AzYNqOr2p
dHHC25k8X5Nb150ievJzv5OM8K07qc/eQKdEedB6eVmwkpQm/C96VjySCIoCgxO6
b+JOLgdR3h8Bn9pypGJWGGnHXrDBhWJdxT3yjhEW/ezPjg2ssqNxtcTKYMShlJCX
H+uDipEjvR+Y+hc0PEGqUZzWEftrkVh0zK0h6tO978HhANIlKGGlBchFhDd2Tja6
K3yKVulos4lYRIXZWm+dFSHLhXugnylvHXLGrxs33o3B0CiWBG8fknpIVQFdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU70AdZiIl/4yA8HRvO5tCjipts5wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNjM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMjMwMzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
QzANBgkqhkiG9w0BAQsFAAOCAQEAdqPxtsi4fbihkxi3tRTCNCHKcwruXLMs9IGR
+cSDGLhgQouzplF5W6C7tF5JXrWWMe+gjsZ85VJB5LBLUW3bn7pQCU3yote2iMUt
9hEJzBK98D3LFzMPvg4ofwTK6QwSw/Eq01Cag868E0sQ1yBvci5lXUB+/Vdjq39u
SxwxAKWYcgT6RhX4BRwjFu5sTPfjQEQqUmikPgP4SuZRQ6aybTJxMOEAJmlwypYk
fzYx6Hlo+2ynbu6F8JV66TQ+vVGj9z7DubZYmjawGwG/Hhks0+1NKiyJz78WK83W
/SUamBunmz7+kqkE3S8C8d89W8RXpqQo6DwTcB5Km0szGt79dg==
-----END CERTIFICATE-----