Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38392e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e38392e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          XGoKw9DZApRTHmUnd6XZnVesn8Nm/0srsoC+owimkEc=
Subject key identifier:   89:23:E3:6D:C0:6C:55:29:7A:7D:C1:DE:EF:1E:B0:E3:6E:FE:8D:76
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5BEE3E639AF420FB08481928CBDBE496F98968EF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38392e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 29 Jul 2025 06:31:32 +0000
ROA not before:           Tue 29 Jul 2025 06:26:32 +0000
ROA not after:            Tue 28 Jul 2026 06:31:32 +0000
asID:                     2914
IP address blocks:        145.79.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:07:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:ee:3e:63:9a:f4:20:fb:08:48:19:28:cb:db:e4:96:f9:89:68:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 29 06:26:32 2025 GMT
            Not After : Jul 28 06:31:32 2026 GMT
        Subject: CN=8923E36DC06C55297A7DC1DEEF1EB0E36EFE8D76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7d:1f:53:fa:0e:8a:92:04:04:31:9d:60:b1:
                    de:a7:38:47:e1:88:4d:62:a0:d0:08:ec:cb:9d:0b:
                    63:3b:3c:75:03:f1:9a:c0:d2:03:41:17:88:39:57:
                    bb:07:52:5d:ac:b3:f5:97:56:2c:ef:f5:13:7e:97:
                    8e:23:53:33:7e:ff:8e:ce:ef:99:02:de:04:13:97:
                    01:18:c1:f7:69:25:82:48:a1:a1:85:cb:b2:28:71:
                    e0:5d:a2:e7:03:82:0e:b9:49:94:47:76:7e:d0:df:
                    54:df:28:e0:02:62:62:42:fa:ff:91:24:6a:42:65:
                    35:16:ea:8b:a8:37:d0:e4:69:02:55:83:ed:6d:ee:
                    04:c0:d0:de:60:33:7a:2c:fe:aa:31:1b:19:2c:bc:
                    fe:bf:7c:07:b9:06:9d:8e:b7:89:0f:b0:46:b7:7f:
                    3a:21:43:a9:1d:8e:c9:8f:c6:b3:c0:6d:97:1e:8d:
                    85:8b:0e:fd:76:ec:b0:67:15:af:dd:8c:2e:7f:67:
                    b9:f2:40:d2:cb:ee:3f:07:d1:cb:5c:c6:08:d9:32:
                    9d:76:05:07:12:5e:55:90:b3:fa:b6:05:db:68:aa:
                    d5:2e:a3:63:4d:2b:89:87:b8:b3:2e:2c:99:13:2f:
                    eb:da:b0:08:2a:a9:62:34:b3:56:9b:be:a9:b2:aa:
                    16:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:23:E3:6D:C0:6C:55:29:7A:7D:C1:DE:EF:1E:B0:E3:6E:FE:8D:76
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e38392e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:be:8f:08:bc:65:d6:b3:a6:0f:00:03:04:92:c7:f4:f7:95:
         ff:51:89:4a:7d:4c:28:a1:0d:01:55:9e:8c:71:ab:dd:2d:78:
         19:a5:53:79:9e:e0:f4:3a:35:0c:82:c0:3c:c5:0e:65:72:8f:
         d2:2f:e1:61:b7:6a:e0:0d:6f:12:3f:a8:e3:fb:cb:ae:4c:06:
         42:ec:45:c2:d7:a9:da:33:d4:3a:4a:b1:b6:a7:5b:b5:ec:c4:
         03:b4:5b:52:7b:65:ee:f5:76:f7:54:f6:d1:72:e3:d3:24:60:
         51:88:94:df:fb:d0:da:87:d6:db:0e:22:c7:db:c7:1e:a9:53:
         9c:aa:2a:12:b9:ea:c2:da:99:23:b3:9e:39:b8:5b:d8:85:69:
         e1:26:0e:c9:0c:cc:09:2b:9e:0c:5a:c2:3e:85:75:ad:95:12:
         95:93:43:86:72:d8:28:16:4f:86:48:4e:a5:cc:73:89:c5:47:
         77:60:a4:20:7c:69:a0:e2:2a:ad:b0:c7:8e:d0:92:3c:4c:1d:
         58:3b:27:80:60:82:a4:2c:3e:9c:e4:49:12:c6:b0:e1:bc:e9:
         b6:80:95:38:70:50:c3:e2:9d:52:bf:d5:7b:e4:10:de:7d:e1:
         fd:ba:dc:eb:23:f0:6e:bb:3f:79:2d:ac:10:89:c3:ab:31:18:
         6e:fe:f6:5b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUW+4+Y5r0IPsISBkoy9vklvmJaO8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjkwNjI2MzJaFw0yNjA3MjgwNjMxMzJaMDMxMTAvBgNV
BAMTKDg5MjNFMzZEQzA2QzU1Mjk3QTdEQzFERUVGMUVCMEUzNkVGRThENzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChfR9T+g6KkgQEMZ1gsd6nOEfh
iE1ioNAI7MudC2M7PHUD8ZrA0gNBF4g5V7sHUl2ss/WXVizv9RN+l44jUzN+/47O
75kC3gQTlwEYwfdpJYJIoaGFy7IoceBdoucDgg65SZRHdn7Q31TfKOACYmJC+v+R
JGpCZTUW6ouoN9DkaQJVg+1t7gTA0N5gM3os/qoxGxksvP6/fAe5Bp2Ot4kPsEa3
fzohQ6kdjsmPxrPAbZcejYWLDv127LBnFa/djC5/Z7nyQNLL7j8H0ctcxgjZMp12
BQcSXlWQs/q2BdtoqtUuo2NNK4mHuLMuLJkTL+vasAgqqWI0s1abvqmyqhYRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUiSPjbcBsVSl6fcHe7x6w427+jXYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzODM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT1kw
DQYJKoZIhvcNAQELBQADggEBAD6+jwi8Zdazpg8AAwSSx/T3lf9RiUp9TCihDQFV
noxxq90teBmlU3me4PQ6NQyCwDzFDmVyj9Iv4WG3auANbxI/qOP7y65MBkLsRcLX
qdoz1DpKsbanW7XsxAO0W1J7Ze71dvdU9tFy49MkYFGIlN/70NqH1tsOIsfbxx6p
U5yqKhK56sLamSOznjm4W9iFaeEmDskMzAkrngxawj6Fda2VEpWTQ4Zy2CgWT4ZI
TqXMc4nFR3dgpCB8aaDiKq2wx47QkjxMHVg7J4BggqQsPpzkSRLGsOG86baAlThw
UMPinVK/1XvkEN594f263Osj8G67P3ktrBCJw6sxGG7+9ls=
-----END CERTIFICATE-----