Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37392e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e37392e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          mS8xeMPVOnI1BtqNOBYM1xuowcbJTWzEtw1VWy8xOZ4=
Subject key identifier:   EC:CB:CC:BE:D1:DE:E1:01:AC:3F:1C:38:45:CD:BE:9C:ED:76:5F:27
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3419E9287D682036B299C39A541D19EEFBF990AB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37392e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 29 Jul 2025 06:31:37 +0000
ROA not before:           Tue 29 Jul 2025 06:26:37 +0000
ROA not after:            Tue 28 Jul 2026 06:31:37 +0000
asID:                     2914
IP address blocks:        145.79.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:07:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:19:e9:28:7d:68:20:36:b2:99:c3:9a:54:1d:19:ee:fb:f9:90:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 29 06:26:37 2025 GMT
            Not After : Jul 28 06:31:37 2026 GMT
        Subject: CN=ECCBCCBED1DEE101AC3F1C3845CDBE9CED765F27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:72:ae:8a:1c:bb:a7:90:84:ef:2f:24:72:ed:
                    14:8d:bf:29:e6:12:8e:54:03:de:0c:cd:82:c3:26:
                    e3:ea:51:b7:ca:b7:2c:d1:fb:57:d9:c5:e5:d3:c7:
                    40:c8:13:96:c8:ee:d4:b9:82:f5:41:0c:a5:c6:6f:
                    21:fc:a7:13:63:e0:79:95:f1:0c:94:ff:23:fc:1d:
                    60:d4:84:66:12:d2:97:b4:f8:09:b0:32:24:68:ff:
                    88:e6:c4:a3:e0:de:b1:9e:34:54:4c:1f:4c:f5:f6:
                    aa:3b:c9:25:ee:5e:58:ba:a3:35:97:e8:51:ce:8e:
                    fe:48:61:0f:6c:b6:58:ea:56:d8:89:44:e0:21:a1:
                    13:5f:f9:00:87:84:ef:b5:d9:08:ac:0d:5e:08:69:
                    64:62:85:34:fb:65:6c:1e:1c:ad:01:05:30:c6:8a:
                    52:1c:62:c9:d6:13:ae:0f:7e:dd:9f:b2:f2:37:14:
                    9d:09:f6:2c:04:2c:26:12:8f:81:3a:69:68:cd:72:
                    79:bc:2c:39:59:49:4f:5f:d2:da:40:64:f6:b4:80:
                    a7:de:2f:e7:30:0e:d1:53:3c:b4:0b:de:33:05:09:
                    5b:f7:de:07:cf:10:c7:1a:86:50:c5:bc:a3:43:64:
                    18:f5:ee:4e:3f:09:d4:2c:ad:1e:a9:90:7a:a7:3e:
                    7f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:CB:CC:BE:D1:DE:E1:01:AC:3F:1C:38:45:CD:BE:9C:ED:76:5F:27
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37392e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:06:ed:a1:bc:de:d4:fd:04:17:b6:a8:dd:2f:4e:44:23:02:
         79:59:49:eb:06:dc:43:15:4a:a8:c6:26:34:eb:78:4a:5b:ff:
         c7:ca:16:78:ba:5a:41:8b:8d:a6:29:9e:c3:9c:65:26:f1:39:
         08:92:be:ba:67:a2:04:73:b0:be:6c:a9:77:85:b9:82:8b:48:
         65:39:69:70:e1:98:48:6e:8b:1d:3d:35:0e:8d:aa:50:63:65:
         c5:1c:b3:96:5a:83:b1:0d:0f:9e:d3:54:b0:c0:8f:79:ac:fb:
         86:d7:74:1c:07:82:ca:f1:30:ec:16:33:63:a5:c5:9e:92:c7:
         9d:98:05:f7:75:b6:bb:36:db:d1:ee:2d:19:80:7f:5d:f3:c6:
         fa:93:9b:51:b1:5f:2a:0f:c6:d0:29:54:81:71:7b:8d:8d:46:
         66:a0:27:23:ab:8e:14:4c:9a:f0:e0:9e:aa:fc:df:99:45:56:
         f6:de:6f:d6:26:d3:fe:b3:cc:ad:d8:8c:60:18:6c:ce:9d:dd:
         d4:13:e7:05:2a:1b:b4:f8:dc:98:90:4f:95:7e:35:04:d3:ca:
         45:cb:44:d7:08:e6:e1:bf:27:85:05:e1:72:42:1e:45:65:a3:
         38:4d:c9:de:5c:d9:a4:82:71:fa:b7:6b:2d:ad:51:c1:5f:40:
         0a:09:f9:63
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNBnpKH1oIDaymcOaVB0Z7vv5kKswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjkwNjI2MzdaFw0yNjA3MjgwNjMxMzdaMDMxMTAvBgNV
BAMTKEVDQ0JDQ0JFRDFERUUxMDFBQzNGMUMzODQ1Q0RCRTlDRUQ3NjVGMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7cq6KHLunkITvLyRy7RSNvynm
Eo5UA94MzYLDJuPqUbfKtyzR+1fZxeXTx0DIE5bI7tS5gvVBDKXGbyH8pxNj4HmV
8QyU/yP8HWDUhGYS0pe0+AmwMiRo/4jmxKPg3rGeNFRMH0z19qo7ySXuXli6ozWX
6FHOjv5IYQ9stljqVtiJROAhoRNf+QCHhO+12QisDV4IaWRihTT7ZWweHK0BBTDG
ilIcYsnWE64Pft2fsvI3FJ0J9iwELCYSj4E6aWjNcnm8LDlZSU9f0tpAZPa0gKfe
L+cwDtFTPLQL3jMFCVv33gfPEMcahlDFvKNDZBj17k4/CdQsrR6pkHqnPn9xAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU7MvMvtHe4QGsPxw4Rc2+nO12XycwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNzM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT08w
DQYJKoZIhvcNAQELBQADggEBAEQG7aG83tT9BBe2qN0vTkQjAnlZSesG3EMVSqjG
JjTreEpb/8fKFni6WkGLjaYpnsOcZSbxOQiSvrpnogRzsL5sqXeFuYKLSGU5aXDh
mEhuix09NQ6NqlBjZcUcs5Zag7END57TVLDAj3ms+4bXdBwHgsrxMOwWM2OlxZ6S
x52YBfd1trs229HuLRmAf13zxvqTm1GxXyoPxtApVIFxe42NRmagJyOrjhRMmvDg
nqr835lFVvbeb9Ym0/6zzK3YjGAYbM6d3dQT5wUqG7T43JiQT5V+NQTTykXLRNcI
5uG/J4UF4XJCHkVlozhNyd5c2aSCcfq3ay2tUcFfQAoJ+WM=
-----END CERTIFICATE-----
Generated at Mon Aug 4 19:14:38 2025 by rpki-client