Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e3131322e302f32312d3234203d3e2035363530.roa
File:                     3134352e31312e3131322e302f32312d3234203d3e2035363530.roa (raw, json)
Hash identifier:          pSOnNGTmGBubC3KmLMa6jAtQU2oEhLZkynncnyPSJK4=
Subject key identifier:   2E:13:4F:AB:16:86:E9:39:71:EC:6B:3B:8B:34:16:EF:CD:91:95:05
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       14D5E3653285917D68A490D3E2443956D8DC145F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e3131322e302f32312d3234203d3e2035363530.roa
Signing time:             Fri 12 Sep 2025 12:31:17 +0000
ROA not before:           Fri 12 Sep 2025 12:26:17 +0000
ROA not after:            Fri 11 Sep 2026 12:31:17 +0000
asID:                     5650
IP address blocks:        145.11.112.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 00:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:d5:e3:65:32:85:91:7d:68:a4:90:d3:e2:44:39:56:d8:dc:14:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 12 12:26:17 2025 GMT
            Not After : Sep 11 12:31:17 2026 GMT
        Subject: CN=2E134FAB1686E93971EC6B3B8B3416EFCD919505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:c0:02:5f:cf:a9:0f:07:f5:e0:5f:3d:e0:36:
                    25:f8:c4:fd:31:5d:2a:54:b5:4a:b2:3f:4f:56:dc:
                    58:2f:38:03:1e:53:48:df:57:22:8e:34:78:c3:25:
                    94:c6:57:f8:2c:00:67:6a:4d:ec:6c:bf:99:93:28:
                    0d:01:02:b5:df:64:6c:ab:4b:cd:0e:09:6d:a8:48:
                    ef:28:1e:46:ed:69:6e:28:ad:9b:9d:12:c1:aa:ea:
                    3e:f8:98:a2:0d:8f:34:3d:a8:d7:c8:c9:21:2d:4e:
                    a3:27:2c:7d:1c:11:13:51:38:d5:ee:3a:1b:1d:28:
                    e5:57:f0:4b:5c:9a:21:b8:5a:86:83:93:06:99:7a:
                    a3:1e:bd:a4:3a:b3:b9:b4:17:56:98:fe:97:39:44:
                    af:15:5d:39:62:60:db:74:76:47:98:94:49:0e:64:
                    da:c0:eb:be:04:2f:54:1b:01:7b:6d:a3:06:71:3b:
                    51:63:bd:b9:1e:bf:2d:ce:4d:1a:43:8e:c7:5c:d2:
                    28:fa:30:df:99:27:ee:dc:54:0e:98:e2:b6:67:d1:
                    b0:21:39:a6:ff:28:41:68:be:7c:3a:99:26:f5:33:
                    e5:8d:9f:75:9b:fa:13:de:26:b0:fd:7c:12:b1:bf:
                    40:b4:26:c5:24:61:d3:94:e7:a9:ff:bc:59:77:d9:
                    e0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:13:4F:AB:16:86:E9:39:71:EC:6B:3B:8B:34:16:EF:CD:91:95:05
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e3131322e302f32312d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6d:8f:05:d2:90:5b:fd:09:ce:d6:ae:ec:a4:ac:73:f6:da:7b:
         3f:38:97:01:0c:2c:cc:65:dd:ae:1c:8d:b5:e9:c9:59:56:f2:
         32:94:8f:ab:d1:02:71:7c:25:4c:e7:13:5f:f5:79:8f:93:e2:
         d4:55:0e:99:b0:f3:91:08:9c:8f:f4:89:09:f8:33:da:7b:b4:
         c1:05:63:71:0d:df:7b:9e:99:8e:13:a5:bf:18:21:d2:91:8e:
         c5:c8:32:91:dc:89:ae:0c:27:27:1e:88:02:b5:e9:b4:38:fb:
         fd:97:82:ba:9d:96:86:cf:bd:19:e2:09:70:00:de:a4:5a:de:
         3e:ea:76:03:58:f8:18:43:b6:6a:e9:12:49:5e:09:92:e2:df:
         91:c1:6e:40:18:f6:94:84:3c:fb:91:a9:22:95:21:09:76:b9:
         58:45:b9:35:0b:79:cc:07:3a:80:7e:06:f4:f9:9e:da:63:ad:
         34:91:8b:85:a0:2b:7a:d1:24:84:c5:53:f7:11:07:fb:2d:f2:
         90:64:05:96:c3:66:1b:de:7c:e0:a9:9b:c5:ff:27:07:5f:ae:
         c8:37:a9:00:db:69:85:62:da:ed:5d:53:8e:fc:19:0a:d2:d6:
         c2:f9:c3:5c:d9:ff:61:33:37:0d:6d:4a:46:fe:34:7b:ed:72:
         fd:2e:1e:b5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFNXjZTKFkX1opJDT4kQ5VtjcFF8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MTIxMjI2MTdaFw0yNjA5MTExMjMxMTdaMDMxMTAvBgNV
BAMTKDJFMTM0RkFCMTY4NkU5Mzk3MUVDNkIzQjhCMzQxNkVGQ0Q5MTk1MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiwAJfz6kPB/XgXz3gNiX4xP0x
XSpUtUqyP09W3FgvOAMeU0jfVyKONHjDJZTGV/gsAGdqTexsv5mTKA0BArXfZGyr
S80OCW2oSO8oHkbtaW4orZudEsGq6j74mKINjzQ9qNfIySEtTqMnLH0cERNRONXu
OhsdKOVX8EtcmiG4WoaDkwaZeqMevaQ6s7m0F1aY/pc5RK8VXTliYNt0dkeYlEkO
ZNrA674EL1QbAXttowZxO1Fjvbkevy3OTRpDjsdc0ij6MN+ZJ+7cVA6Y4rZn0bAh
Oab/KEFovnw6mSb1M+WNn3Wb+hPeJrD9fBKxv0C0JsUkYdOU56n/vFl32eBfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULhNPqxaG6Tlx7Gs7izQW782RlQUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzMTMx
MzIyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA5EL
cDANBgkqhkiG9w0BAQsFAAOCAQEAbY8F0pBb/QnO1q7spKxz9tp7PziXAQwszGXd
rhyNtenJWVbyMpSPq9ECcXwlTOcTX/V5j5Pi1FUOmbDzkQicj/SJCfgz2nu0wQVj
cQ3fe56ZjhOlvxgh0pGOxcgykdyJrgwnJx6IArXptDj7/ZeCup2Whs+9GeIJcADe
pFrePup2A1j4GEO2aukSSV4JkuLfkcFuQBj2lIQ8+5GpIpUhCXa5WEW5NQt5zAc6
gH4G9Pme2mOtNJGLhaAretEkhMVT9xEH+y3ykGQFlsNmG9584Kmbxf8nB1+uyDep
ANtphWLa7V1TjvwZCtLWwvnDXNn/YTM3DW1KRv40e+1y/S4etQ==
-----END CERTIFICATE-----