Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135342e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3135342e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          8xyyc0qCGaEbRz9RgOGWSuR1ludCd1ZDXvFXewbY9r0=
Subject key identifier:   5F:B5:84:1D:BF:8D:13:31:EC:EA:28:C4:8B:B7:2F:E7:73:64:A7:5A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       65EF7D218FDBAFC66C6D2D284E3866B7CBE1DE11
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135342e302f32342d3234203d3e2032393134.roa
Signing time:             Wed 28 May 2025 10:27:28 +0000
ROA not before:           Wed 28 May 2025 10:22:28 +0000
ROA not after:            Wed 27 May 2026 10:27:28 +0000
asID:                     2914
IP address blocks:        145.79.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ef:7d:21:8f:db:af:c6:6c:6d:2d:28:4e:38:66:b7:cb:e1:de:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 28 10:22:28 2025 GMT
            Not After : May 27 10:27:28 2026 GMT
        Subject: CN=5FB5841DBF8D1331ECEA28C48BB72FE77364A75A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4c:1e:f2:b1:db:7f:63:c1:e0:2b:af:63:da:
                    7f:11:47:d5:de:24:30:29:8d:b3:6a:b8:16:9a:7c:
                    20:30:f2:1d:3e:0c:71:e6:0f:5d:7e:89:af:fe:35:
                    92:ce:f1:87:a7:ad:c0:e0:cd:cb:6c:55:ae:ae:cc:
                    81:0e:07:25:7c:1b:e9:25:10:6a:d9:5d:1b:e7:c1:
                    3b:94:86:15:3a:ee:5d:58:0e:70:dd:59:f7:ee:c4:
                    38:83:b4:48:e7:4a:3d:b3:85:3e:4b:e9:34:32:82:
                    2c:2c:bd:f0:a0:4c:a5:9b:00:7c:6f:bc:39:6d:b7:
                    05:cd:ca:f8:31:16:9e:d2:e0:17:3b:db:9f:a4:eb:
                    ce:e1:ff:89:f4:cb:8e:35:66:cd:29:a3:7b:a9:10:
                    34:52:87:68:9d:ce:00:5c:e3:47:e6:cd:cb:8c:e8:
                    39:9b:47:27:eb:9f:4f:81:7f:24:89:b7:2d:fc:e3:
                    6a:99:15:5c:e2:68:b9:a4:c3:a8:e1:e3:81:66:a7:
                    47:e6:91:32:fa:eb:fe:c9:57:bb:91:f7:bf:13:21:
                    fe:49:69:14:1e:87:75:b4:5c:d9:bc:40:00:50:ef:
                    2c:76:f8:2e:48:76:a7:de:88:24:ed:ae:cc:a4:3d:
                    02:57:2e:3b:8e:82:58:46:4e:bf:61:05:69:01:77:
                    ef:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B5:84:1D:BF:8D:13:31:EC:EA:28:C4:8B:B7:2F:E7:73:64:A7:5A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135342e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:fd:2a:f0:2a:08:9b:4c:ef:31:3e:54:c4:f3:22:d7:ff:c5:
         de:53:59:ff:d3:ab:96:e3:05:6a:65:e0:6c:20:72:f8:86:d5:
         8f:1f:63:f9:01:c4:fb:5f:ab:c8:58:01:98:3a:b2:b0:df:00:
         fd:c5:4b:f4:16:00:fb:c8:65:99:09:b7:cc:41:c7:6b:33:34:
         5e:cb:e1:a8:ab:e9:36:a0:cd:d8:79:2b:0f:ad:ab:80:9a:27:
         b5:fc:85:e5:84:a9:d5:b1:df:8b:0a:4b:df:10:3c:ee:f6:25:
         48:8d:84:d0:f3:3b:3b:23:ab:ef:5b:af:33:67:4c:23:06:0f:
         09:1d:1c:c4:2e:3a:04:e5:a4:52:ee:dc:bf:2b:d7:a5:7f:d5:
         0d:5b:8a:a5:25:e7:6c:5c:94:1f:1c:69:c8:76:93:3b:5f:10:
         68:df:04:56:bd:54:66:a5:2c:02:0f:5c:67:c7:37:4d:9a:e0:
         a6:7d:93:28:ae:90:67:c8:81:d4:6a:e0:3f:96:8c:60:32:5c:
         0e:0c:a0:dd:b2:eb:c3:47:74:43:f5:78:c4:86:87:25:9f:7b:
         7b:c4:5e:d0:87:37:f6:ff:8c:0d:75:1a:89:a1:3e:1a:d2:bc:
         d5:0e:7c:67:05:65:82:3b:f0:1d:fe:4b:af:57:67:a1:52:7e:
         a0:58:9d:45
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZe99IY/br8ZsbS0oTjhmt8vh3hEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MjgxMDIyMjhaFw0yNjA1MjcxMDI3MjhaMDMxMTAvBgNV
BAMTKDVGQjU4NDFEQkY4RDEzMzFFQ0VBMjhDNDhCQjcyRkU3NzM2NEE3NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDETB7ysdt/Y8HgK69j2n8RR9Xe
JDApjbNquBaafCAw8h0+DHHmD11+ia/+NZLO8YenrcDgzctsVa6uzIEOByV8G+kl
EGrZXRvnwTuUhhU67l1YDnDdWffuxDiDtEjnSj2zhT5L6TQygiwsvfCgTKWbAHxv
vDlttwXNyvgxFp7S4Bc725+k687h/4n0y441Zs0po3upEDRSh2idzgBc40fmzcuM
6DmbRyfrn0+BfySJty3842qZFVziaLmkw6jh44Fmp0fmkTL66/7JV7uR978TIf5J
aRQeh3W0XNm8QABQ7yx2+C5IdqfeiCTtrsykPQJXLjuOglhGTr9hBWkBd++xAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUX7WEHb+NEzHs6ijEi7cv53Nkp1owHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM1
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
mjANBgkqhkiG9w0BAQsFAAOCAQEAGv0q8CoIm0zvMT5UxPMi1//F3lNZ/9OrluMF
amXgbCBy+IbVjx9j+QHE+1+ryFgBmDqysN8A/cVL9BYA+8hlmQm3zEHHazM0Xsvh
qKvpNqDN2HkrD62rgJontfyF5YSp1bHfiwpL3xA87vYlSI2E0PM7OyOr71uvM2dM
IwYPCR0cxC46BOWkUu7cvyvXpX/VDVuKpSXnbFyUHxxpyHaTO18QaN8EVr1UZqUs
Ag9cZ8c3TZrgpn2TKK6QZ8iB1GrgP5aMYDJcDgyg3bLrw0d0Q/V4xIaHJZ97e8Re
0Ic39v+MDXUaiaE+GtK81Q58ZwVlgjvwHf5Lr1dnoVJ+oFidRQ==
-----END CERTIFICATE-----