Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38372e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e38372e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          BnntqWH3Xi4VuLCyOvn3OA4xkZXIXZHWsZw9bB7/byI=
Subject key identifier:   6F:1A:9F:91:1B:4E:E3:CA:17:28:1D:E8:D6:A7:83:EE:A4:47:6E:CC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       37EECC461893563A47343F4894D2059639B38488
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38372e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 29 Jul 2025 06:31:38 +0000
ROA not before:           Tue 29 Jul 2025 06:26:38 +0000
ROA not after:            Tue 28 Jul 2026 06:31:38 +0000
asID:                     2914
IP address blocks:        145.79.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:07:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:ee:cc:46:18:93:56:3a:47:34:3f:48:94:d2:05:96:39:b3:84:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 29 06:26:38 2025 GMT
            Not After : Jul 28 06:31:38 2026 GMT
        Subject: CN=6F1A9F911B4EE3CA17281DE8D6A783EEA4476ECC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:60:7f:f4:1f:8a:1c:ad:53:cf:8c:b3:ae:e5:
                    20:af:7f:d5:7c:39:93:55:18:27:0f:84:f5:c7:65:
                    d1:b4:74:f3:82:a4:84:9c:c6:1c:06:a4:9a:3b:46:
                    a0:22:75:54:53:5b:ea:34:8d:55:4f:72:03:28:72:
                    f7:fe:ec:2e:89:f7:ee:98:ee:bb:98:52:1f:1b:5f:
                    b1:b0:49:06:82:e9:f0:b4:95:c3:14:b1:2f:d1:f9:
                    e6:5d:51:cd:3e:42:48:6a:ab:eb:8c:de:d7:e3:f4:
                    64:56:4b:e6:92:af:1a:ba:cb:06:28:23:82:24:61:
                    e4:0b:8a:53:db:2f:11:6b:a9:27:3c:99:7b:57:12:
                    20:09:3e:83:0c:49:c1:68:fe:37:41:e0:a8:aa:48:
                    a1:ed:be:21:47:74:2b:a5:f3:89:20:2f:5b:28:fa:
                    cc:f3:a2:2a:a7:0a:a0:2b:4f:46:77:64:29:03:4c:
                    79:68:42:df:14:b4:bc:5c:96:b3:b6:6a:0b:2c:00:
                    8b:e9:6e:13:5f:96:78:8a:e2:37:52:64:b9:fa:8b:
                    d9:3e:e5:8d:59:e9:83:83:32:01:75:ba:e4:dd:40:
                    de:3f:4b:f2:e3:84:b2:08:ff:b2:27:c0:79:46:93:
                    48:be:77:c1:9d:0f:5e:05:8e:23:53:05:73:25:6f:
                    55:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:1A:9F:91:1B:4E:E3:CA:17:28:1D:E8:D6:A7:83:EE:A4:47:6E:CC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38372e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:f1:8a:dd:a0:e3:96:63:1d:26:57:69:26:9c:4f:71:e0:18:
         4e:78:a6:b4:b3:72:40:cc:18:7b:f0:96:b7:56:cd:5e:89:50:
         dd:22:7a:20:7b:ab:8e:bf:eb:84:af:77:0a:da:82:ee:53:6f:
         b9:ae:a9:9e:c5:94:6b:e3:b2:56:fa:25:8f:64:85:ed:f0:7d:
         14:55:c9:fb:c8:cd:88:06:72:ba:10:a4:9f:28:ff:6e:58:20:
         54:dc:1c:b8:37:71:b3:ef:8f:5e:9a:61:9f:d8:4b:b3:d4:01:
         cf:19:f9:89:c3:31:71:b8:42:b8:06:e4:92:9c:d5:82:cf:a4:
         7c:83:91:7b:34:0e:cf:15:d6:61:0c:34:40:35:ea:e3:ad:7f:
         a9:54:a0:fd:78:6f:6e:bd:e6:97:5e:1e:2b:9e:ee:c8:a3:ac:
         2a:6b:5b:42:f4:61:04:cc:32:ae:e0:e5:d8:d8:64:45:ea:3d:
         13:ee:a8:56:52:7f:e6:1a:ea:98:62:63:b6:ab:e5:22:53:7d:
         41:c7:30:e7:69:88:83:6d:d7:7e:eb:c1:09:ce:f4:60:2c:3e:
         ef:a4:44:51:38:d3:40:5d:27:d6:de:f7:eb:ce:6f:f5:fe:96:
         9c:15:7e:65:26:d2:6a:b7:83:1a:b1:0f:bd:3b:9a:2b:d3:b1:
         72:78:e9:da
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUN+7MRhiTVjpHND9IlNIFljmzhIgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjkwNjI2MzhaFw0yNjA3MjgwNjMxMzhaMDMxMTAvBgNV
BAMTKDZGMUE5RjkxMUI0RUUzQ0ExNzI4MURFOEQ2QTc4M0VFQTQ0NzZFQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwYH/0H4ocrVPPjLOu5SCvf9V8
OZNVGCcPhPXHZdG0dPOCpIScxhwGpJo7RqAidVRTW+o0jVVPcgMocvf+7C6J9+6Y
7ruYUh8bX7GwSQaC6fC0lcMUsS/R+eZdUc0+Qkhqq+uM3tfj9GRWS+aSrxq6ywYo
I4IkYeQLilPbLxFrqSc8mXtXEiAJPoMMScFo/jdB4KiqSKHtviFHdCul84kgL1so
+szzoiqnCqArT0Z3ZCkDTHloQt8UtLxclrO2agssAIvpbhNflniK4jdSZLn6i9k+
5Y1Z6YODMgF1uuTdQN4/S/LjhLII/7InwHlGk0i+d8GdD14FjiNTBXMlb1UDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUbxqfkRtO48oXKB3o1qeD7qRHbswwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzODM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT1cw
DQYJKoZIhvcNAQELBQADggEBADbxit2g45ZjHSZXaSacT3HgGE54prSzckDMGHvw
lrdWzV6JUN0ieiB7q46/64Svdwragu5Tb7muqZ7FlGvjslb6JY9khe3wfRRVyfvI
zYgGcroQpJ8o/25YIFTcHLg3cbPvj16aYZ/YS7PUAc8Z+YnDMXG4QrgG5JKc1YLP
pHyDkXs0Ds8V1mEMNEA16uOtf6lUoP14b2695pdeHiue7sijrCprW0L0YQTMMq7g
5djYZEXqPRPuqFZSf+Ya6phiY7ar5SJTfUHHMOdpiINt137rwQnO9GAsPu+kRFE4
00BdJ9be9+vOb/X+lpwVfmUm0mq3gxqxD707mivTsXJ46do=
-----END CERTIFICATE-----