Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e31382e302f32332d3234203d3e203437353833.roa
File:                     3134352e37392e31382e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          GGRcoDrDb0OL67XyMWAGKOF8qjkN2CfTbq/Sk4Dn10s=
Subject key identifier:   D1:06:30:B4:B9:01:B0:67:75:F5:E8:7E:E6:8A:62:B9:10:62:CF:8D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       51E3764BF39DD858945D20A0FD987B1C94FE5825
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e31382e302f32332d3234203d3e203437353833.roa
Signing time:             Fri 16 May 2025 05:36:00 +0000
ROA not before:           Fri 16 May 2025 05:31:00 +0000
ROA not after:            Fri 15 May 2026 05:36:00 +0000
asID:                     47583
IP address blocks:        145.79.18.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:e3:76:4b:f3:9d:d8:58:94:5d:20:a0:fd:98:7b:1c:94:fe:58:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 16 05:31:00 2025 GMT
            Not After : May 15 05:36:00 2026 GMT
        Subject: CN=D10630B4B901B06775F5E87EE68A62B91062CF8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a9:45:21:2c:92:7f:20:bf:19:49:4b:fe:d3:
                    52:44:26:d9:b0:c4:96:b1:52:af:81:35:cb:49:b3:
                    2d:83:cb:04:3e:4a:10:94:63:c6:03:46:2e:c3:f0:
                    06:5f:15:de:ef:3d:c6:87:f5:bd:9a:b3:50:68:53:
                    7e:01:d9:c4:ce:94:33:8f:10:ac:8f:11:20:d5:1a:
                    9e:e8:f1:42:59:d3:b0:cf:98:15:c2:29:2a:bc:78:
                    b0:27:25:ee:be:10:c8:a4:b2:18:ae:30:4c:28:75:
                    f8:0c:4d:71:2c:cc:f6:93:76:1c:31:4e:28:6b:2b:
                    79:3a:e9:f8:a7:7c:eb:8a:7a:5d:71:b4:a8:0c:75:
                    64:6e:f5:f6:fe:7d:b3:10:6d:a8:15:e9:ef:c5:60:
                    4f:25:2a:34:d7:38:f1:4b:b0:f1:46:fa:3c:c1:06:
                    c5:a7:bd:13:eb:9f:78:06:c7:ce:f4:1c:de:a0:a2:
                    52:f4:3c:31:fc:81:e8:44:d5:9a:0c:d7:a6:9c:ca:
                    af:3e:b3:3e:1e:67:a0:44:e7:d2:88:fe:3b:f3:6e:
                    6e:3e:df:a1:0a:2f:b7:3c:ab:c0:e4:db:38:0d:65:
                    d9:d7:c9:03:e8:06:e5:db:e3:88:13:7e:e2:61:31:
                    02:3d:7d:97:48:60:70:c0:cc:66:aa:6d:dc:d6:26:
                    00:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:06:30:B4:B9:01:B0:67:75:F5:E8:7E:E6:8A:62:B9:10:62:CF:8D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e31382e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:28:d9:06:3b:0b:e5:46:20:eb:61:96:97:f6:64:46:b3:95:
         93:f6:5a:28:91:f4:4c:c8:17:21:b1:d2:7a:f1:ad:54:ef:ab:
         a3:06:39:69:89:4c:6d:6a:53:0a:69:d9:61:49:8c:c8:08:f1:
         4c:24:fb:3b:8d:ce:53:e0:78:81:8e:e8:04:00:80:7b:44:0a:
         c3:98:4b:9d:d7:b0:5e:2f:d7:2d:57:37:32:bc:14:cc:bd:26:
         cc:6b:0b:a5:ad:15:cf:57:b5:fb:d1:f1:8b:d2:95:5c:e7:c1:
         19:8c:cb:14:1f:03:b2:a3:a2:dd:64:0e:81:d9:7a:f9:92:26:
         32:8d:9e:80:d1:d7:78:80:b4:59:4d:b6:3a:6e:93:e4:34:08:
         1f:ef:37:15:76:4d:16:40:31:00:01:37:3b:4a:68:35:06:1e:
         47:8f:26:18:b8:72:5f:3d:ba:d2:91:a8:e3:5f:10:c2:f4:b4:
         9d:69:01:97:a5:3a:a1:c9:47:13:15:2a:bc:0a:04:9d:22:7b:
         22:26:2c:58:49:8b:2f:5d:fd:81:d4:80:5e:39:88:7c:80:8c:
         a9:85:a1:b1:93:38:a0:9f:fb:e3:40:7e:cf:c3:c9:88:8e:6b:
         35:af:0b:30:e9:67:a2:86:4f:0b:a6:1e:3b:80:29:0c:de:c7:
         74:e0:44:aa
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUeN2S/Od2FiUXSCg/Zh7HJT+WCUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTYwNTMxMDBaFw0yNjA1MTUwNTM2MDBaMDMxMTAvBgNV
BAMTKEQxMDYzMEI0QjkwMUIwNjc3NUY1RTg3RUU2OEE2MkI5MTA2MkNGOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+qUUhLJJ/IL8ZSUv+01JEJtmw
xJaxUq+BNctJsy2DywQ+ShCUY8YDRi7D8AZfFd7vPcaH9b2as1BoU34B2cTOlDOP
EKyPESDVGp7o8UJZ07DPmBXCKSq8eLAnJe6+EMikshiuMEwodfgMTXEszPaTdhwx
TihrK3k66finfOuKel1xtKgMdWRu9fb+fbMQbagV6e/FYE8lKjTXOPFLsPFG+jzB
BsWnvRPrn3gGx870HN6golL0PDH8gehE1ZoM16acyq8+sz4eZ6BE59KI/jvzbm4+
36EKL7c8q8Dk2zgNZdnXyQPoBuXb44gTfuJhMQI9fZdIYHDAzGaqbdzWJgChAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0QYwtLkBsGd19eh+5opiuRBiz40wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZFP
EjANBgkqhkiG9w0BAQsFAAOCAQEAXijZBjsL5UYg62GWl/ZkRrOVk/ZaKJH0TMgX
IbHSevGtVO+rowY5aYlMbWpTCmnZYUmMyAjxTCT7O43OU+B4gY7oBACAe0QKw5hL
ndewXi/XLVc3MrwUzL0mzGsLpa0Vz1e1+9Hxi9KVXOfBGYzLFB8DsqOi3WQOgdl6
+ZImMo2egNHXeIC0WU22Om6T5DQIH+83FXZNFkAxAAE3O0poNQYeR48mGLhyXz26
0pGo418QwvS0nWkBl6U6oclHExUqvAoEnSJ7IiYsWEmLL139gdSAXjmIfICMqYWh
sZM4oJ/740B+z8PJiI5rNa8LMOlnooZPC6YeO4ApDN7HdOBEqg==
-----END CERTIFICATE-----