Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37382e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e37382e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          pUyFHIyz+XtH1XCe45rBZwVZy4PETnFSCWn+VCtizZ0=
Subject key identifier:   D5:64:7D:B8:D9:7A:A5:23:11:8B:0F:A0:84:F2:09:EB:E3:01:73:9F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4D73396091B535032BE15367B0A30E3BCE09AA88
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37382e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 29 Jul 2025 06:31:35 +0000
ROA not before:           Tue 29 Jul 2025 06:26:35 +0000
ROA not after:            Tue 28 Jul 2026 06:31:35 +0000
asID:                     2914
IP address blocks:        145.79.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:07:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:73:39:60:91:b5:35:03:2b:e1:53:67:b0:a3:0e:3b:ce:09:aa:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 29 06:26:35 2025 GMT
            Not After : Jul 28 06:31:35 2026 GMT
        Subject: CN=D5647DB8D97AA523118B0FA084F209EBE301739F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d0:7d:8f:cd:40:0c:89:c5:b6:80:75:77:e0:
                    f8:fc:e9:00:81:ae:37:de:64:06:10:c4:cd:e4:e9:
                    9e:9e:fb:0c:d8:64:0f:de:0f:6e:82:b8:c7:7c:55:
                    5d:50:cd:b3:3a:03:d0:ae:84:25:95:29:47:ae:d7:
                    07:cc:de:19:60:30:f6:1a:9d:bc:db:45:a8:d6:3a:
                    da:90:d9:81:e4:89:49:f0:96:14:98:4a:94:e8:ef:
                    f5:ce:91:1b:c9:5e:55:57:60:7a:83:e9:39:a4:19:
                    2f:a9:59:77:6f:f5:2a:70:10:13:90:0a:0e:b2:98:
                    4a:3d:9a:9e:3d:f4:ee:1f:cc:77:1f:c9:34:95:d9:
                    53:94:36:72:e1:8b:68:41:4c:ae:11:e2:02:f1:e7:
                    41:41:0c:bb:02:f9:0d:9b:c4:75:63:b9:a2:1b:f6:
                    83:12:c8:1f:97:1b:42:0d:4b:32:d0:0e:64:ac:0f:
                    23:19:d5:25:4f:d2:65:93:14:a5:8e:21:93:db:05:
                    58:bb:d3:ab:28:06:0f:d2:0d:bf:8b:3d:eb:a0:99:
                    86:1e:7b:07:63:7d:34:5c:71:c6:88:d7:37:4d:c8:
                    46:9d:6b:c5:e8:58:79:01:5b:c1:82:55:f8:a9:13:
                    63:08:be:6b:1f:61:06:71:bc:4e:1a:e2:32:83:9c:
                    34:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:64:7D:B8:D9:7A:A5:23:11:8B:0F:A0:84:F2:09:EB:E3:01:73:9F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37382e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:a8:af:a8:3c:77:4d:81:c2:d0:13:64:68:bd:85:de:60:e8:
         36:d4:10:a2:31:1a:db:5c:dd:52:fd:30:7f:35:63:c9:9a:e6:
         12:3b:a2:05:62:76:d8:ac:af:43:78:ff:64:9f:44:fb:72:eb:
         0e:19:89:df:63:ee:59:7e:99:ae:06:22:b7:5f:e5:2e:08:14:
         77:e6:0b:14:ec:eb:02:18:29:2d:18:08:e7:9f:25:93:80:b5:
         a2:22:08:f2:b8:23:cc:e5:74:06:01:be:67:39:91:50:8a:4b:
         0f:e0:2b:5c:1a:14:86:46:6d:15:32:74:84:66:82:01:ff:ce:
         ed:40:e0:1f:2b:d1:1b:46:05:64:c6:2c:0f:70:a2:73:63:41:
         52:b7:e6:67:2e:75:7d:3e:81:85:83:7b:ec:ad:bf:f6:da:0d:
         3c:01:36:07:fb:f5:3f:fd:a7:52:7d:f0:17:2c:30:cb:b3:2b:
         0c:fe:01:fc:6b:42:92:06:4f:b7:d9:9f:81:32:4c:71:88:cb:
         55:55:0d:e0:19:b7:62:a0:92:82:72:71:fb:56:53:c0:8c:27:
         28:2d:a5:83:9f:79:ec:79:e5:8f:4b:c2:39:a5:57:44:22:4a:
         67:9b:ee:c5:2f:16:a6:be:bb:bb:77:e2:97:17:10:06:ac:0d:
         1a:24:66:1e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUTXM5YJG1NQMr4VNnsKMOO84JqogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjkwNjI2MzVaFw0yNjA3MjgwNjMxMzVaMDMxMTAvBgNV
BAMTKEQ1NjQ3REI4RDk3QUE1MjMxMThCMEZBMDg0RjIwOUVCRTMwMTczOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC80H2PzUAMicW2gHV34Pj86QCB
rjfeZAYQxM3k6Z6e+wzYZA/eD26CuMd8VV1QzbM6A9CuhCWVKUeu1wfM3hlgMPYa
nbzbRajWOtqQ2YHkiUnwlhSYSpTo7/XOkRvJXlVXYHqD6TmkGS+pWXdv9SpwEBOQ
Cg6ymEo9mp499O4fzHcfyTSV2VOUNnLhi2hBTK4R4gLx50FBDLsC+Q2bxHVjuaIb
9oMSyB+XG0INSzLQDmSsDyMZ1SVP0mWTFKWOIZPbBVi706soBg/SDb+LPeugmYYe
ewdjfTRcccaI1zdNyEada8XoWHkBW8GCVfipE2MIvmsfYQZxvE4a4jKDnDQFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1WR9uNl6pSMRiw+ghPIJ6+MBc58wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT04w
DQYJKoZIhvcNAQELBQADggEBAE2or6g8d02BwtATZGi9hd5g6DbUEKIxGttc3VL9
MH81Y8ma5hI7ogVidtisr0N4/2SfRPty6w4Zid9j7ll+ma4GIrdf5S4IFHfmCxTs
6wIYKS0YCOefJZOAtaIiCPK4I8zldAYBvmc5kVCKSw/gK1waFIZGbRUydIRmggH/
zu1A4B8r0RtGBWTGLA9wonNjQVK35mcudX0+gYWDe+ytv/baDTwBNgf79T/9p1J9
8BcsMMuzKwz+AfxrQpIGT7fZn4EyTHGIy1VVDeAZt2KgkoJycftWU8CMJygtpYOf
eex55Y9LwjmlV0QiSmeb7sUvFqa+u7t34pcXEAasDRokZh4=
-----END CERTIFICATE-----