Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135302e302f32332d3234203d3e20383334.roa
File:                     3134352e37392e3135302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          vAA+82EZR1oYhRYZmbNM1uipKSiyUTwOhzCCbpLyCwo=
Subject key identifier:   3B:5C:33:10:E9:16:26:ED:9E:A5:4B:62:6D:EA:FB:3A:A2:FB:86:F6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       33918FDE79FEB3B9560325A56A9E06BAAA4AA890
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135302e302f32332d3234203d3e20383334.roa
Signing time:             Thu 28 Aug 2025 09:09:16 +0000
ROA not before:           Thu 28 Aug 2025 09:04:16 +0000
ROA not after:            Thu 27 Aug 2026 09:09:16 +0000
asID:                     834
IP address blocks:        145.79.150.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:91:8f:de:79:fe:b3:b9:56:03:25:a5:6a:9e:06:ba:aa:4a:a8:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 28 09:04:16 2025 GMT
            Not After : Aug 27 09:09:16 2026 GMT
        Subject: CN=3B5C3310E91626ED9EA54B626DEAFB3AA2FB86F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c9:30:95:5d:49:f8:84:20:3d:b6:7e:99:69:
                    bb:e8:24:2b:4c:25:80:be:41:8a:40:11:20:96:ee:
                    60:64:21:9d:41:32:3c:63:f6:4a:61:8b:b6:8c:d2:
                    c5:65:75:3f:9f:26:9a:61:d0:7d:f9:ec:b9:b9:f0:
                    65:fb:52:1f:81:1a:38:1d:5b:2a:7c:55:6b:32:b2:
                    0c:b2:05:fd:4b:c2:18:9d:1d:40:60:98:1e:b4:f1:
                    e6:cc:b1:92:3e:bd:48:6e:b7:90:95:21:53:91:8b:
                    4f:07:6e:cd:fa:90:cc:05:ff:6f:bc:76:b4:ae:75:
                    e6:15:76:33:50:a9:2d:bb:f1:86:f5:b9:bf:e8:d5:
                    13:06:19:c2:19:8a:06:92:a3:61:3e:9d:07:33:d1:
                    a7:8f:d6:de:df:cb:17:2b:c3:c5:58:2d:2c:f7:92:
                    64:cd:d3:b3:ba:7b:cb:20:d8:47:73:11:f5:9e:ab:
                    8e:2b:cf:57:a7:f4:db:e6:e4:78:e6:8f:7f:c3:9c:
                    8e:c0:f7:79:f1:d8:7c:b4:70:96:c2:32:9c:a5:f6:
                    69:ff:a1:d6:b2:64:82:9d:d4:78:98:76:78:17:3e:
                    d0:7b:1c:e5:7b:1d:5d:c7:0a:1a:7f:d5:ca:7a:36:
                    85:1a:46:1b:94:cc:2a:38:0b:7d:68:8e:b5:a3:e6:
                    02:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:5C:33:10:E9:16:26:ED:9E:A5:4B:62:6D:EA:FB:3A:A2:FB:86:F6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:95:c8:1d:c9:80:73:03:16:f4:22:b2:2d:30:99:37:cd:2e:
         2c:06:3b:09:5e:2c:d2:4a:fc:8a:91:6a:85:ca:92:7e:53:00:
         77:d8:b9:e4:9b:27:73:b5:66:5f:63:82:9e:67:54:07:46:ad:
         4f:0e:9c:eb:dc:a0:47:87:21:30:b2:55:90:0f:c4:e9:44:d8:
         49:14:25:da:28:2b:5d:c0:26:45:49:77:87:0f:4c:6f:3a:8a:
         27:20:aa:85:66:21:28:c2:e1:d6:15:a0:50:a2:c0:99:f6:91:
         4f:d6:2a:33:d3:ab:cb:21:d7:6d:52:65:8f:c9:17:a5:2e:91:
         a0:66:3e:3f:d1:3c:1c:e3:15:65:8d:3d:5c:e6:4e:45:d8:a0:
         03:59:93:27:ce:d8:79:f1:b3:31:23:87:eb:17:11:f2:b6:08:
         ec:97:b3:69:df:88:0e:55:26:fe:8e:5f:cc:49:3f:24:2e:db:
         ca:46:39:2b:89:0f:1a:f4:73:55:98:59:5e:d0:c1:87:6e:7f:
         d5:b5:fa:c4:31:6d:53:9f:82:1f:34:be:b8:80:d6:88:49:f5:
         4e:97:f7:6f:ee:b9:67:67:9e:23:1c:04:23:83:42:01:f6:57:
         f1:ce:49:1f:5e:d6:39:4a:ba:7e:ee:82:fa:81:2d:e3:b6:fc:
         7c:26:50:ed
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUM5GP3nn+s7lWAyWlap4GuqpKqJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjgwOTA0MTZaFw0yNjA4MjcwOTA5MTZaMDMxMTAvBgNV
BAMTKDNCNUMzMzEwRTkxNjI2RUQ5RUE1NEI2MjZERUFGQjNBQTJGQjg2RjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4yTCVXUn4hCA9tn6ZabvoJCtM
JYC+QYpAESCW7mBkIZ1BMjxj9kphi7aM0sVldT+fJpph0H357Lm58GX7Uh+BGjgd
Wyp8VWsysgyyBf1LwhidHUBgmB608ebMsZI+vUhut5CVIVORi08Hbs36kMwF/2+8
drSudeYVdjNQqS278Yb1ub/o1RMGGcIZigaSo2E+nQcz0aeP1t7fyxcrw8VYLSz3
kmTN07O6e8sg2EdzEfWeq44rz1en9Nvm5Hjmj3/DnI7A93nx2Hy0cJbCMpyl9mn/
odayZIKd1HiYdngXPtB7HOV7HV3HChp/1cp6NoUaRhuUzCo4C31ojrWj5gI5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUO1wzEOkWJu2epUtiber7OqL7hvYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM1
MzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGRT5Yw
DQYJKoZIhvcNAQELBQADggEBAGCVyB3JgHMDFvQisi0wmTfNLiwGOwleLNJK/IqR
aoXKkn5TAHfYueSbJ3O1Zl9jgp5nVAdGrU8OnOvcoEeHITCyVZAPxOlE2EkUJdoo
K13AJkVJd4cPTG86iicgqoVmISjC4dYVoFCiwJn2kU/WKjPTq8sh121SZY/JF6Uu
kaBmPj/RPBzjFWWNPVzmTkXYoANZkyfO2HnxszEjh+sXEfK2COyXs2nfiA5VJv6O
X8xJPyQu28pGOSuJDxr0c1WYWV7QwYduf9W1+sQxbVOfgh80vriA1ohJ9U6X92/u
uWdnniMcBCODQgH2V/HOSR9e1jlKun7ugvqBLeO2/HwmUO0=
-----END CERTIFICATE-----