Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3133322e302f32342d3234203d3e2035303635.roa
File:                     3134352e37392e3133322e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          fI6MBYacVKR+oGTmke2nWBaWT6n/F0UwamIAt8sxCn0=
Subject key identifier:   BE:6E:5F:56:AC:A3:BF:60:BA:23:88:5C:89:49:86:A6:03:EA:B1:BF
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3408E4AC5C84A15D41E18B957F99BACF605B0CB0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3133322e302f32342d3234203d3e2035303635.roa
Signing time:             Fri 13 Jun 2025 05:03:28 +0000
ROA not before:           Fri 13 Jun 2025 04:58:28 +0000
ROA not after:            Fri 12 Jun 2026 05:03:28 +0000
asID:                     5065
IP address blocks:        145.79.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 15:10:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:08:e4:ac:5c:84:a1:5d:41:e1:8b:95:7f:99:ba:cf:60:5b:0c:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 04:58:28 2025 GMT
            Not After : Jun 12 05:03:28 2026 GMT
        Subject: CN=BE6E5F56ACA3BF60BA23885C894986A603EAB1BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a0:f0:eb:62:23:ef:71:e3:c7:57:fb:be:3f:
                    b5:44:0a:37:23:1f:03:da:95:65:b8:6c:1a:b3:6f:
                    dd:8a:e2:e6:17:9e:99:b7:a0:1a:0b:91:27:61:3c:
                    c4:20:29:73:59:3a:bb:fc:bb:f7:fc:85:7d:34:9c:
                    2a:46:5a:4c:5a:b8:ab:76:5b:07:05:37:50:c0:f7:
                    d3:57:a0:bc:2b:d4:ea:38:d4:78:b6:ce:a8:3d:26:
                    27:9c:92:03:a4:34:87:ba:f9:ff:d4:86:0c:51:1a:
                    f8:fc:06:56:a6:0c:98:1e:dc:ad:87:1e:44:c5:c6:
                    6d:d9:88:ee:bb:b2:13:49:e0:92:dc:e0:5c:5f:3c:
                    9a:db:78:da:43:40:65:d0:3a:b6:71:49:a1:9f:c1:
                    af:83:b9:16:4f:be:d5:34:98:57:ff:e5:3a:7b:65:
                    f0:a5:bc:18:21:1a:27:8f:30:52:95:e7:f0:9a:26:
                    61:a3:80:cc:17:cf:95:4a:2d:6c:82:75:d3:f9:0b:
                    ef:4d:ce:50:02:9c:7c:62:87:f4:0a:bb:22:7f:98:
                    01:34:f5:5f:56:f8:84:b2:c5:18:5b:c6:5c:5c:b7:
                    9d:63:ac:fb:1c:5b:35:fb:7a:fd:15:d3:9f:10:c9:
                    8a:9b:f4:17:a3:3c:84:aa:86:ba:51:2a:53:7a:e0:
                    83:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:6E:5F:56:AC:A3:BF:60:BA:23:88:5C:89:49:86:A6:03:EA:B1:BF
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3133322e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:99:89:43:22:e0:9c:ce:a2:49:81:96:60:7f:68:f5:7e:3c:
         1f:b9:d7:cd:95:a7:25:af:af:6e:d8:d2:9b:19:3b:36:76:1d:
         19:c4:0c:22:97:58:41:59:ea:e1:9e:35:d3:c9:11:15:f2:93:
         f8:17:28:b0:1b:dc:ab:38:94:ff:e7:d1:5a:55:f8:aa:9e:af:
         d6:31:e1:70:33:39:77:57:d8:37:f4:85:6e:a0:cc:10:22:92:
         46:76:01:ed:f1:03:83:ac:09:93:95:b8:98:aa:e2:64:29:fb:
         55:af:e6:a4:d4:1b:1f:4f:3f:82:7d:79:53:d1:28:a8:6f:1c:
         70:d5:89:52:5d:ab:47:6c:9b:60:19:bf:ae:35:7a:0a:e5:b9:
         c4:43:dc:62:d4:e5:94:67:20:16:e2:5b:50:1a:89:84:57:73:
         47:c9:ab:8a:4a:4b:8b:6e:8f:84:50:0c:2a:a9:18:11:c2:60:
         20:2a:5d:4e:97:74:a6:20:4a:ee:d0:c5:96:50:7e:0a:a1:ec:
         f9:a0:9b:e5:d1:18:51:0a:9c:a6:08:3c:87:c9:49:4c:13:37:
         b3:c8:1d:af:8f:19:5d:b5:06:b4:89:3b:f9:71:50:c2:83:f1:
         6d:b0:8d:21:24:0b:1c:50:3f:6e:86:b1:45:ad:5b:ba:2e:85:
         f2:be:2c:5c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNAjkrFyEoV1B4YuVf5m6z2BbDLAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA2MTMwNDU4MjhaFw0yNjA2MTIwNTAzMjhaMDMxMTAvBgNV
BAMTKEJFNkU1RjU2QUNBM0JGNjBCQTIzODg1Qzg5NDk4NkE2MDNFQUIxQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/oPDrYiPvcePHV/u+P7VECjcj
HwPalWW4bBqzb92K4uYXnpm3oBoLkSdhPMQgKXNZOrv8u/f8hX00nCpGWkxauKt2
WwcFN1DA99NXoLwr1Oo41Hi2zqg9JieckgOkNIe6+f/UhgxRGvj8BlamDJge3K2H
HkTFxm3ZiO67shNJ4JLc4FxfPJrbeNpDQGXQOrZxSaGfwa+DuRZPvtU0mFf/5Tp7
ZfClvBghGiePMFKV5/CaJmGjgMwXz5VKLWyCddP5C+9NzlACnHxih/QKuyJ/mAE0
9V9W+ISyxRhbxlxct51jrPscWzX7ev0V058QyYqb9BejPISqhrpRKlN64IOHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvm5fVqyjv2C6I4hciUmGpgPqsb8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMz
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
hDANBgkqhkiG9w0BAQsFAAOCAQEAP5mJQyLgnM6iSYGWYH9o9X48H7nXzZWnJa+v
btjSmxk7NnYdGcQMIpdYQVnq4Z4108kRFfKT+BcosBvcqziU/+fRWlX4qp6v1jHh
cDM5d1fYN/SFbqDMECKSRnYB7fEDg6wJk5W4mKriZCn7Va/mpNQbH08/gn15U9Eo
qG8ccNWJUl2rR2ybYBm/rjV6CuW5xEPcYtTllGcgFuJbUBqJhFdzR8mrikpLi26P
hFAMKqkYEcJgICpdTpd0piBK7tDFllB+CqHs+aCb5dEYUQqcpgg8h8lJTBM3s8gd
r48ZXbUGtIk7+XFQwoPxbbCNISQLHFA/boaxRa1bui6F8r4sXA==
-----END CERTIFICATE-----