Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136352e302f32342d3234203d3e20383334.roa
File:                     3134352e37392e3136352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          N8ffu/oJPxwg+6sIDGhX1uxMje1dm/mu9kvjUWT9wuw=
Subject key identifier:   71:9A:D6:C7:B6:A4:D8:B4:E1:EA:22:84:37:0F:2E:38:AF:C8:CF:1A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       26D48A57E5F06B3AAD792641C14EE1FF4840AD0C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136352e302f32342d3234203d3e20383334.roa
Signing time:             Wed 30 Jul 2025 19:18:13 +0000
ROA not before:           Wed 30 Jul 2025 19:13:13 +0000
ROA not after:            Wed 29 Jul 2026 19:18:13 +0000
asID:                     834
IP address blocks:        145.79.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:07:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:d4:8a:57:e5:f0:6b:3a:ad:79:26:41:c1:4e:e1:ff:48:40:ad:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 30 19:13:13 2025 GMT
            Not After : Jul 29 19:18:13 2026 GMT
        Subject: CN=719AD6C7B6A4D8B4E1EA2284370F2E38AFC8CF1A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:c8:0a:79:74:85:dd:9e:c9:38:99:a9:c2:ab:
                    42:22:b2:ea:17:71:33:b9:e6:a8:35:0d:0d:89:39:
                    cf:8a:81:78:ce:03:19:13:35:ca:17:81:96:58:ab:
                    a3:cf:50:f7:ed:1e:00:f3:90:28:07:c7:37:12:c0:
                    2e:6b:7b:ef:33:03:ad:ec:de:77:6e:ff:60:54:c2:
                    0b:58:85:bc:64:f5:0f:7b:7b:98:df:8c:7a:ab:17:
                    8f:9c:37:17:24:eb:a1:f6:ea:af:c3:54:90:6f:eb:
                    6c:b8:ec:bd:d0:d5:f8:36:11:ea:f3:ad:61:88:7e:
                    a0:55:81:6f:08:2a:89:57:1c:2e:cd:5d:0c:56:c6:
                    5c:e1:9e:13:fc:74:9a:65:fe:47:ea:90:f7:f5:26:
                    e2:f1:a0:5a:62:f8:dc:aa:0c:1e:29:6a:1e:a8:7c:
                    a0:7a:72:c9:a7:9d:c7:27:d1:8c:de:5c:99:87:3c:
                    4e:06:05:6c:25:5f:10:60:95:7b:c9:f8:7f:50:73:
                    49:da:84:8b:d0:e6:6c:9a:e1:4c:13:fe:08:cf:2c:
                    6f:df:24:96:ad:b5:63:1a:05:40:9b:39:d9:a7:34:
                    24:52:ce:c3:24:66:b9:95:b6:ce:7e:d6:c2:f1:83:
                    7d:b8:c2:07:41:75:a6:66:e4:9d:fe:dd:ef:35:f3:
                    78:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9A:D6:C7:B6:A4:D8:B4:E1:EA:22:84:37:0F:2E:38:AF:C8:CF:1A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f2:ae:fe:7d:85:dd:c4:86:d5:26:83:d6:c7:97:a7:fc:e5:
         45:de:d0:f5:18:4d:ec:18:55:eb:28:74:1f:f6:8a:b6:9a:2e:
         2d:4e:5d:b2:d7:cd:a8:ec:f2:83:fa:65:2c:97:69:84:53:6f:
         20:f1:1b:73:98:6f:51:50:e6:99:4d:7f:60:73:66:86:a3:d7:
         64:70:32:c9:c8:62:e7:72:32:c2:e1:a9:ed:ce:5f:d4:99:a4:
         2d:f2:e1:1e:59:57:eb:ed:9d:37:b0:80:5f:76:b4:bf:12:2d:
         3c:cb:8b:1f:d4:94:e9:8c:34:7d:25:78:e1:c6:35:c1:92:48:
         70:4a:8c:45:a3:c7:c8:7d:55:0a:f2:50:76:e9:dd:84:d5:f3:
         5a:e5:56:65:4e:16:fe:95:a1:ca:db:a6:f7:85:d7:60:5e:85:
         cf:4b:9f:ac:f0:39:46:82:b1:41:91:6f:42:1b:dd:6d:e6:6f:
         d2:aa:92:c0:7d:02:ac:38:7b:a4:9d:7c:95:48:ba:73:3a:6d:
         f9:67:89:8e:15:89:77:86:6c:ca:18:8a:cd:45:7f:b4:bf:c4:
         4c:d8:04:fa:f5:28:c6:82:06:88:40:ed:4c:d0:b7:ba:24:1c:
         ec:c4:21:04:25:76:4b:e0:bb:26:4f:91:b5:3d:e2:78:c0:ce:
         ee:f9:4d:e7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJtSKV+XwazqteSZBwU7h/0hArQwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MzAxOTEzMTNaFw0yNjA3MjkxOTE4MTNaMDMxMTAvBgNV
BAMTKDcxOUFENkM3QjZBNEQ4QjRFMUVBMjI4NDM3MEYyRTM4QUZDOENGMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDryAp5dIXdnsk4manCq0IisuoX
cTO55qg1DQ2JOc+KgXjOAxkTNcoXgZZYq6PPUPftHgDzkCgHxzcSwC5re+8zA63s
3ndu/2BUwgtYhbxk9Q97e5jfjHqrF4+cNxck66H26q/DVJBv62y47L3Q1fg2Eerz
rWGIfqBVgW8IKolXHC7NXQxWxlzhnhP8dJpl/kfqkPf1JuLxoFpi+NyqDB4pah6o
fKB6csmnnccn0YzeXJmHPE4GBWwlXxBglXvJ+H9Qc0nahIvQ5mya4UwT/gjPLG/f
JJattWMaBUCbOdmnNCRSzsMkZrmVts5+1sLxg324wgdBdaZm5J3+3e8183h9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUcZrWx7ak2LTh6iKENw8uOK/IzxowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM2
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT6Uw
DQYJKoZIhvcNAQELBQADggEBAC/yrv59hd3EhtUmg9bHl6f85UXe0PUYTewYVeso
dB/2iraaLi1OXbLXzajs8oP6ZSyXaYRTbyDxG3OYb1FQ5plNf2BzZoaj12RwMsnI
YudyMsLhqe3OX9SZpC3y4R5ZV+vtnTewgF92tL8SLTzLix/UlOmMNH0leOHGNcGS
SHBKjEWjx8h9VQryUHbp3YTV81rlVmVOFv6VocrbpveF12Behc9Ln6zwOUaCsUGR
b0Ib3W3mb9KqksB9Aqw4e6SdfJVIunM6bflniY4ViXeGbMoYis1Ff7S/xEzYBPr1
KMaCBohA7UzQt7okHOzEIQQldkvguyZPkbU94njAzu75Tec=
-----END CERTIFICATE-----