Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37312e302f32342d3234203d3e203332303433.roa
File:                     3134352e37392e37312e302f32342d3234203d3e203332303433.roa (raw, json)
Hash identifier:          ZjHIQVDkAm2+Hk6FPFTdCq8St6hUZaw9QQaHc5gf92I=
Subject key identifier:   10:01:A8:19:3B:65:00:FF:22:77:81:E0:7F:31:C1:B4:F2:3D:80:EE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       01658DE602CEE6160AE9DD56CC98FF1C66625534
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37312e302f32342d3234203d3e203332303433.roa
Signing time:             Wed 09 Jul 2025 10:50:40 +0000
ROA not before:           Wed 09 Jul 2025 10:45:40 +0000
ROA not after:            Wed 08 Jul 2026 10:50:40 +0000
asID:                     32043
IP address blocks:        145.79.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:65:8d:e6:02:ce:e6:16:0a:e9:dd:56:cc:98:ff:1c:66:62:55:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul  9 10:45:40 2025 GMT
            Not After : Jul  8 10:50:40 2026 GMT
        Subject: CN=1001A8193B6500FF227781E07F31C1B4F23D80EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:57:04:0e:77:e6:06:ed:aa:72:16:af:dd:c5:
                    19:3d:e6:53:7a:a5:b8:a7:73:5a:a5:5b:ac:8f:cf:
                    31:57:98:08:d1:66:fd:4c:8a:c2:a7:55:1f:df:9d:
                    9a:2f:7b:9d:c3:24:0f:1c:72:6f:24:71:4f:c6:9c:
                    7e:c0:79:5b:2d:48:02:d2:f7:7f:4a:a5:c5:b4:5d:
                    49:ab:48:1f:47:a1:44:6a:ec:36:11:9c:ce:f3:e5:
                    3e:c8:7d:fe:25:3e:7b:2b:f8:c8:92:4d:2b:11:16:
                    a2:1d:5d:61:b2:55:5a:7a:3b:7c:39:eb:a2:37:ca:
                    f7:ab:19:5c:df:b5:3d:89:5c:f3:f1:fe:13:e8:a2:
                    b7:e7:e5:80:a6:80:93:35:1a:10:75:f2:58:93:91:
                    18:2b:f0:89:d2:5b:d3:21:25:3a:d1:27:55:2f:0e:
                    17:42:6e:eb:2d:c6:62:0b:34:fd:f2:24:73:b3:93:
                    ee:99:05:4a:a2:bd:b2:16:47:47:bd:3e:24:0b:90:
                    24:42:57:f2:63:85:2d:53:f9:19:07:e2:04:63:83:
                    aa:43:7e:8e:92:cc:8a:39:5c:e7:62:d5:ce:28:45:
                    77:f0:71:bf:c5:27:91:fe:c5:80:27:07:8e:22:eb:
                    2b:96:96:7a:a1:d1:bb:af:b0:79:ef:9f:f1:86:90:
                    8f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:01:A8:19:3B:65:00:FF:22:77:81:E0:7F:31:C1:B4:F2:3D:80:EE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37312e302f32342d3234203d3e203332303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:6a:33:6f:ed:d7:62:37:ee:66:d5:73:09:f7:50:57:d8:06:
         a5:49:12:49:30:8f:1d:b4:15:74:ae:fd:cf:e0:f5:f3:40:3b:
         79:09:f9:95:20:5f:e8:53:ff:6e:fd:b0:a4:3e:c9:c0:fc:e6:
         55:8c:05:4e:ab:7a:03:73:33:f2:f0:f9:98:49:7a:92:34:24:
         ea:3d:24:3b:81:e9:86:32:b9:c4:0a:85:77:86:e0:13:f2:f3:
         39:57:9f:c4:17:d0:57:4b:61:07:19:b7:f9:5f:96:3b:13:9f:
         5b:cd:14:93:93:3f:5c:3d:cd:04:ec:0e:9f:3c:5e:bc:e3:01:
         ba:0b:db:b6:be:ea:32:0d:ae:28:e5:48:e6:a0:2e:80:62:48:
         d8:45:98:92:6e:17:77:b0:9c:f6:6a:dc:db:0b:e6:a3:b1:91:
         42:4d:c7:84:15:1e:4c:bf:3b:48:45:5f:b5:57:56:ee:7e:9f:
         03:50:b3:ad:ff:87:ab:d0:f3:6d:aa:7c:c2:a3:54:0d:50:3b:
         40:db:21:ed:f4:e6:95:15:a3:29:38:bf:c3:50:97:d5:be:a8:
         81:7b:35:1e:30:b8:8d:96:80:0d:60:60:af:b5:19:10:35:4a:
         bf:1a:d0:c0:69:82:5f:2f:64:a2:18:6f:d6:30:b4:96:54:e1:
         60:56:0d:42
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAWWN5gLO5hYK6d1WzJj/HGZiVTQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MDkxMDQ1NDBaFw0yNjA3MDgxMDUwNDBaMDMxMTAvBgNV
BAMTKDEwMDFBODE5M0I2NTAwRkYyMjc3ODFFMDdGMzFDMUI0RjIzRDgwRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0VwQOd+YG7apyFq/dxRk95lN6
pbinc1qlW6yPzzFXmAjRZv1MisKnVR/fnZove53DJA8ccm8kcU/GnH7AeVstSALS
939KpcW0XUmrSB9HoURq7DYRnM7z5T7Iff4lPnsr+MiSTSsRFqIdXWGyVVp6O3w5
66I3yverGVzftT2JXPPx/hPoorfn5YCmgJM1GhB18liTkRgr8InSW9MhJTrRJ1Uv
DhdCbustxmILNP3yJHOzk+6ZBUqivbIWR0e9PiQLkCRCV/JjhS1T+RkH4gRjg6pD
fo6SzIo5XOdi1c4oRXfwcb/FJ5H+xYAnB44i6yuWlnqh0buvsHnvn/GGkI8jAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUEAGoGTtlAP8id4HgfzHBtPI9gO4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMjMwMzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
RzANBgkqhkiG9w0BAQsFAAOCAQEAFGozb+3XYjfuZtVzCfdQV9gGpUkSSTCPHbQV
dK79z+D180A7eQn5lSBf6FP/bv2wpD7JwPzmVYwFTqt6A3Mz8vD5mEl6kjQk6j0k
O4HphjK5xAqFd4bgE/LzOVefxBfQV0thBxm3+V+WOxOfW80Uk5M/XD3NBOwOnzxe
vOMBugvbtr7qMg2uKOVI5qAugGJI2EWYkm4Xd7Cc9mrc2wvmo7GRQk3HhBUeTL87
SEVftVdW7n6fA1Czrf+Hq9Dzbap8wqNUDVA7QNsh7fTmlRWjKTi/w1CX1b6ogXs1
HjC4jZaADWBgr7UZEDVKvxrQwGmCXy9kohhv1jC0llThYFYNQg==
-----END CERTIFICATE-----