Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3133312e302f32342d3234203d3e2039333034.roa
File:                     3134352e37392e3133312e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          3irrL4AQKSRuZQB/jAX4GKhYg2Luc0XtZUExkSGbFcs=
Subject key identifier:   5C:E1:3E:84:AA:F3:A7:69:FC:25:00:94:2B:09:34:E6:4D:3B:CB:8E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0DCBE604FB71BB3F10ED222E59D98403359D821C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3133312e302f32342d3234203d3e2039333034.roa
Signing time:             Tue 03 Jun 2025 08:29:45 +0000
ROA not before:           Tue 03 Jun 2025 08:24:45 +0000
ROA not after:            Tue 02 Jun 2026 08:29:45 +0000
asID:                     9304
IP address blocks:        145.79.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:cb:e6:04:fb:71:bb:3f:10:ed:22:2e:59:d9:84:03:35:9d:82:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  3 08:24:45 2025 GMT
            Not After : Jun  2 08:29:45 2026 GMT
        Subject: CN=5CE13E84AAF3A769FC2500942B0934E64D3BCB8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ac:1c:a3:a7:08:1c:62:60:6d:4c:e3:1f:b4:
                    48:40:47:ed:69:08:d2:85:6b:c8:2b:33:04:03:46:
                    35:30:f9:e5:f2:7c:65:e4:b0:af:10:cf:82:5c:0d:
                    40:37:1e:59:ce:ab:e6:d3:67:b1:21:44:7a:2d:ec:
                    20:9a:63:ff:f7:d5:a4:64:c1:c0:e5:14:bd:bb:68:
                    09:68:d4:fe:50:5c:a4:da:ca:0e:51:e1:e1:c2:7d:
                    5e:d5:79:c6:cb:73:43:f6:e5:cf:04:12:47:25:c3:
                    ba:78:eb:e7:85:ba:ee:04:c1:57:4f:7d:f5:e2:82:
                    82:7f:62:60:71:f6:64:e4:0c:ca:35:87:c2:aa:6b:
                    32:e3:93:38:ff:e6:96:3e:41:07:77:b7:39:a2:40:
                    8e:97:e9:cd:05:a9:45:56:b0:4b:eb:25:ed:29:d0:
                    89:7e:2f:a1:99:84:13:47:6b:dd:e9:bd:33:62:cf:
                    b0:36:5c:0c:9d:6d:d2:8d:a1:71:ff:20:21:ce:7c:
                    7f:f9:7b:ba:6e:d1:25:e0:60:bf:de:75:fc:b4:48:
                    69:14:80:9c:91:0f:c7:54:0b:3d:ab:ac:83:4e:cd:
                    8b:78:64:9d:12:f6:cd:20:7f:6b:ea:f6:e6:06:82:
                    6e:b4:03:65:30:89:29:50:44:89:4d:a7:e3:53:30:
                    d3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:E1:3E:84:AA:F3:A7:69:FC:25:00:94:2B:09:34:E6:4D:3B:CB:8E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3133312e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c7:75:30:f2:85:4b:06:ce:d8:a4:f7:83:88:eb:d9:be:50:
         e2:c0:5d:0f:19:c5:b2:b0:d9:c5:b3:91:80:d8:6c:6a:f2:de:
         23:6c:44:62:99:a1:96:d1:d2:fe:02:7d:2c:22:0e:36:62:70:
         77:24:42:02:e4:76:3d:8d:e6:20:19:f1:2d:3d:36:a5:82:b0:
         f4:4d:0c:06:4d:71:87:e3:e1:88:6e:76:44:aa:63:4c:57:60:
         f1:f6:d2:71:97:63:76:f5:3c:3c:94:0c:c7:cf:85:04:5c:cb:
         0f:8b:5e:1e:55:e6:5c:2a:d3:d2:c6:39:82:85:0a:38:d9:4b:
         58:91:3e:6a:49:34:d9:c4:ca:d6:5c:a2:46:04:07:6f:03:6a:
         b4:41:bc:77:c8:0a:b3:f8:4c:96:2e:89:b7:d1:ad:02:5c:ce:
         f3:64:7e:4f:1f:25:4c:c9:63:c6:f4:08:ad:94:3b:b3:6e:76:
         f7:04:cb:a2:a7:31:3e:f8:75:dc:e5:58:4e:dc:dd:ac:0a:ef:
         24:cd:6f:3a:16:71:82:30:b5:f2:14:82:f8:13:d8:5e:69:3a:
         7c:e5:4f:76:b8:30:23:b8:a8:40:ca:2f:07:17:83:85:26:01:
         83:79:74:cf:76:93:de:ee:67:9d:a8:e8:f6:2e:cb:6c:59:55:
         f1:ac:4a:69
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDcvmBPtxuz8Q7SIuWdmEAzWdghwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA2MDMwODI0NDVaFw0yNjA2MDIwODI5NDVaMDMxMTAvBgNV
BAMTKDVDRTEzRTg0QUFGM0E3NjlGQzI1MDA5NDJCMDkzNEU2NEQzQkNCOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJrByjpwgcYmBtTOMftEhAR+1p
CNKFa8grMwQDRjUw+eXyfGXksK8Qz4JcDUA3HlnOq+bTZ7EhRHot7CCaY//31aRk
wcDlFL27aAlo1P5QXKTayg5R4eHCfV7VecbLc0P25c8EEkclw7p46+eFuu4EwVdP
ffXigoJ/YmBx9mTkDMo1h8KqazLjkzj/5pY+QQd3tzmiQI6X6c0FqUVWsEvrJe0p
0Il+L6GZhBNHa93pvTNiz7A2XAydbdKNoXH/ICHOfH/5e7pu0SXgYL/edfy0SGkU
gJyRD8dUCz2rrINOzYt4ZJ0S9s0gf2vq9uYGgm60A2UwiSlQRIlNp+NTMNNXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXOE+hKrzp2n8JQCUKwk05k07y44wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMz
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
gzANBgkqhkiG9w0BAQsFAAOCAQEAY8d1MPKFSwbO2KT3g4jr2b5Q4sBdDxnFsrDZ
xbORgNhsavLeI2xEYpmhltHS/gJ9LCIONmJwdyRCAuR2PY3mIBnxLT02pYKw9E0M
Bk1xh+PhiG52RKpjTFdg8fbScZdjdvU8PJQMx8+FBFzLD4teHlXmXCrT0sY5goUK
ONlLWJE+akk02cTK1lyiRgQHbwNqtEG8d8gKs/hMli6Jt9GtAlzO82R+Tx8lTMlj
xvQIrZQ7s2529wTLoqcxPvh13OVYTtzdrArvJM1vOhZxgjC18hSC+BPYXmk6fOVP
drgwI7ioQMovBxeDhSYBg3l0z3aT3u5nnajo9i7LbFlV8axKaQ==
-----END CERTIFICATE-----