Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135362e302f32322d3234203d3e2035363530.roa
File:                     3134352e37392e3135362e302f32322d3234203d3e2035363530.roa (raw, json)
Hash identifier:          h82VCaZHmqpFiTRG/eXFixkvlD1UXCi0QkO3NhrYK1A=
Subject key identifier:   B2:4D:A1:2A:BD:02:7F:32:E9:FC:07:D0:2F:D8:3C:49:E4:1A:D0:9C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       77027523485BAFF1BEB39021E969B02C4D61A79E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135362e302f32322d3234203d3e2035363530.roa
Signing time:             Wed 28 May 2025 10:28:51 +0000
ROA not before:           Wed 28 May 2025 10:23:51 +0000
ROA not after:            Wed 27 May 2026 10:28:51 +0000
asID:                     5650
IP address blocks:        145.79.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:02:75:23:48:5b:af:f1:be:b3:90:21:e9:69:b0:2c:4d:61:a7:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 28 10:23:51 2025 GMT
            Not After : May 27 10:28:51 2026 GMT
        Subject: CN=B24DA12ABD027F32E9FC07D02FD83C49E41AD09C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:8d:52:0e:bc:08:dd:79:1c:80:65:3b:8a:63:
                    f1:5c:5f:08:68:5a:8c:41:76:31:23:68:0b:85:8b:
                    f7:9d:62:96:77:58:a5:f0:c3:4c:3a:3e:67:0e:87:
                    50:c6:16:99:77:8b:86:c6:68:bc:df:59:b3:6c:29:
                    08:53:47:22:7d:e1:43:3c:16:43:3f:ab:75:0c:5e:
                    52:2f:e8:5a:8e:a5:92:2b:d1:4f:f8:df:8b:48:37:
                    29:b6:32:f7:95:de:6e:35:2c:7c:1c:82:f7:1c:f6:
                    29:d6:ea:84:3e:cc:08:46:b4:d3:7e:5d:94:28:3d:
                    eb:80:2b:1a:b7:4b:28:5c:92:2f:dd:73:d5:e5:e8:
                    32:2c:f4:90:c7:de:4b:7f:3c:8f:92:bd:d2:26:b4:
                    50:18:95:2c:7e:fb:ed:11:18:4d:3b:bc:22:23:6d:
                    fe:ca:f1:b5:16:27:f2:1a:ab:a3:24:f2:a6:f5:4e:
                    5f:3b:92:2a:09:ae:68:3b:c5:0e:b2:0f:0c:80:ac:
                    44:5b:b0:2e:d0:4a:97:76:55:da:1c:8d:6e:cd:d6:
                    2c:fc:e2:e2:bd:c4:91:b1:65:25:aa:35:d9:16:37:
                    ce:b1:89:65:bf:29:9a:0d:ae:62:23:4f:f4:93:ea:
                    c6:53:b4:69:c8:f9:cd:da:1b:4d:aa:30:b4:2b:4a:
                    18:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4D:A1:2A:BD:02:7F:32:E9:FC:07:D0:2F:D8:3C:49:E4:1A:D0:9C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135362e302f32322d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:ba:f2:13:6c:51:5d:4a:ec:46:fc:df:22:9a:cf:7b:a4:86:
         ac:ab:89:01:58:10:00:e8:84:dd:52:2a:fa:73:c8:00:4c:da:
         c7:9d:66:c3:86:4a:f7:76:83:8f:f7:63:9c:8c:15:76:00:ec:
         2e:55:4d:00:10:84:41:ed:ba:79:f9:51:50:49:1c:d1:75:e6:
         5c:fc:66:18:fa:9a:95:00:c6:db:eb:45:f8:61:4e:45:11:cd:
         2a:c0:ba:50:cd:00:d0:1a:08:5e:c0:e7:59:91:7b:bb:8c:90:
         81:51:3f:f5:8b:40:64:aa:4d:52:a7:a0:9e:cc:60:46:0f:ba:
         3f:a6:ab:1d:d0:57:c5:d4:29:90:68:fd:a4:40:32:f8:45:59:
         cb:ed:0b:ea:eb:8d:6f:f5:7f:4b:74:d0:96:50:d9:57:e1:e4:
         5d:77:d1:09:82:2e:6a:57:63:ba:13:4e:31:9a:b8:13:43:21:
         1f:5f:b2:9b:27:00:6b:9f:60:34:74:d5:73:e3:c8:13:ee:6f:
         00:55:35:2f:f5:6e:a0:53:6c:db:21:56:31:6c:45:0c:74:54:
         ac:e7:01:45:ae:9d:74:92:ff:e2:08:0e:08:10:89:a8:5a:37:
         13:78:28:f8:cb:30:84:03:d4:98:fd:e6:1d:5f:31:43:3e:e3:
         7b:63:7c:9d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdwJ1I0hbr/G+s5Ah6WmwLE1hp54wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MjgxMDIzNTFaFw0yNjA1MjcxMDI4NTFaMDMxMTAvBgNV
BAMTKEIyNERBMTJBQkQwMjdGMzJFOUZDMDdEMDJGRDgzQzQ5RTQxQUQwOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJjVIOvAjdeRyAZTuKY/FcXwho
WoxBdjEjaAuFi/edYpZ3WKXww0w6PmcOh1DGFpl3i4bGaLzfWbNsKQhTRyJ94UM8
FkM/q3UMXlIv6FqOpZIr0U/434tINym2MveV3m41LHwcgvcc9inW6oQ+zAhGtNN+
XZQoPeuAKxq3Syhcki/dc9Xl6DIs9JDH3kt/PI+SvdImtFAYlSx+++0RGE07vCIj
bf7K8bUWJ/Iaq6Mk8qb1Tl87kioJrmg7xQ6yDwyArERbsC7QSpd2VdocjW7N1iz8
4uK9xJGxZSWqNdkWN86xiWW/KZoNrmIjT/ST6sZTtGnI+c3aG02qMLQrShi1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUsk2hKr0CfzLp/AfQL9g8SeQa0JwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM1
MzYyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApFP
nDANBgkqhkiG9w0BAQsFAAOCAQEAHbryE2xRXUrsRvzfIprPe6SGrKuJAVgQAOiE
3VIq+nPIAEzax51mw4ZK93aDj/djnIwVdgDsLlVNABCEQe26eflRUEkc0XXmXPxm
GPqalQDG2+tF+GFORRHNKsC6UM0A0BoIXsDnWZF7u4yQgVE/9YtAZKpNUqegnsxg
Rg+6P6arHdBXxdQpkGj9pEAy+EVZy+0L6uuNb/V/S3TQllDZV+HkXXfRCYIualdj
uhNOMZq4E0MhH1+ymycAa59gNHTVc+PIE+5vAFU1L/VuoFNs2yFWMWxFDHRUrOcB
Ra6ddJL/4ggOCBCJqFo3E3go+MswhAPUmP3mHV8xQz7je2N8nQ==
-----END CERTIFICATE-----