Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/31332e3134302e382e302f32312d3234203d3e203432353332.roa
File:                     31332e3134302e382e302f32312d3234203d3e203432353332.roa (raw, json)
Hash identifier:          mpQCmzfS0RDbpxgMLYjTYzcG5NE4zvVjQ/wTayzK7c8=
Subject key identifier:   DD:16:A3:A0:2C:27:C8:A6:21:C1:B5:1B:6C:0C:A9:AB:3F:6A:2A:F2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4F595D272E2B8AFBA9F496A4ABE9E14C6C458F9B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/31332e3134302e382e302f32312d3234203d3e203432353332.roa
Signing time:             Wed 18 Mar 2026 20:50:21 +0000
ROA not before:           Wed 18 Mar 2026 20:45:21 +0000
ROA not after:            Wed 17 Mar 2027 20:50:21 +0000
asID:                     42532
IP address blocks:        13.140.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:59:5d:27:2e:2b:8a:fb:a9:f4:96:a4:ab:e9:e1:4c:6c:45:8f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 18 20:45:21 2026 GMT
            Not After : Mar 17 20:50:21 2027 GMT
        Subject: CN=DD16A3A02C27C8A621C1B51B6C0CA9AB3F6A2AF2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:da:b0:52:2b:c6:75:1f:e2:b9:93:aa:22:02:
                    12:7f:7e:22:60:00:b2:11:aa:0d:98:3b:41:b3:74:
                    89:ec:4d:6a:99:e3:f5:f8:64:4e:0e:98:ca:f1:d7:
                    b5:54:9a:81:14:35:42:e2:7d:a2:e8:3f:a3:ce:97:
                    9e:80:30:b5:15:c8:6e:1a:f5:85:35:d9:a6:09:6d:
                    db:ee:40:c8:25:c3:b6:4a:b7:49:cc:6d:44:b6:48:
                    89:0b:74:8d:66:f8:a7:9c:0e:b6:f1:ad:4e:bf:64:
                    0f:81:53:ef:99:61:c9:1b:89:6a:ae:04:1c:fd:42:
                    d9:5c:8d:d8:45:b0:32:11:b2:9e:28:2e:47:88:ce:
                    0c:e9:bd:32:9d:5c:09:c4:a2:85:f8:95:b4:8c:8a:
                    0e:39:25:dd:9e:7e:b8:5a:e8:e3:c1:9a:1c:27:ad:
                    19:03:04:e9:e9:b2:77:ce:24:e8:5b:45:26:82:e0:
                    63:56:38:f5:d3:9f:51:7c:46:c3:49:30:57:3d:81:
                    21:8f:ca:a2:43:78:c2:4c:97:34:fa:f9:ff:40:ad:
                    40:9d:6f:9e:bc:bb:3e:34:b5:b3:87:28:cc:b5:8a:
                    ba:e0:24:22:05:af:fa:c8:8d:0a:7e:db:32:b1:d9:
                    c7:b8:0e:67:b4:fb:9d:d1:f8:2c:23:d7:0f:04:35:
                    55:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:16:A3:A0:2C:27:C8:A6:21:C1:B5:1B:6C:0C:A9:AB:3F:6A:2A:F2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/31332e3134302e382e302f32312d3234203d3e203432353332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.140.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2b:ae:95:2e:37:5c:08:3f:e7:2f:c1:ec:fc:f2:60:96:62:05:
         0c:b0:96:63:f0:66:67:5d:da:94:df:86:da:3b:31:8c:f6:56:
         c8:d8:81:68:87:f4:0e:d4:f8:61:79:91:53:14:7e:1f:79:11:
         81:f0:44:bf:ed:49:69:28:51:71:3e:94:3d:8e:cf:e3:22:47:
         11:41:90:51:20:72:5f:8c:b7:f5:e3:8c:17:b5:77:6d:1c:bf:
         df:ae:a1:10:b4:ed:c5:f8:d7:44:8c:b8:ab:46:a2:18:ed:fc:
         7e:6c:b7:bc:e9:03:99:c7:07:52:4b:c1:fe:23:26:41:b8:4b:
         a9:6e:fd:eb:aa:9f:f3:c2:5a:a3:8c:3c:50:a9:2a:f8:40:bb:
         54:6f:6c:3e:f2:68:d6:c8:ae:63:fd:eb:b1:96:89:06:49:5f:
         e7:42:43:d1:bb:2c:aa:53:e9:46:0c:49:59:aa:7e:5b:4f:42:
         81:b3:79:64:31:51:56:cb:22:02:c2:d9:fd:39:35:6f:ee:11:
         3d:c3:66:82:b4:19:3c:21:ca:e0:d4:d6:f4:91:bd:c5:51:88:
         a4:4f:f5:01:2c:8e:0d:c9:bd:ce:89:e5:e4:13:d4:95:0c:2e:
         de:39:c6:ea:dd:6c:a2:1f:df:b0:b5:ea:79:2d:53:d0:32:6c:
         b2:51:83:ed
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUT1ldJy4rivup9Jakq+nhTGxFj5swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMTgyMDQ1MjFaFw0yNzAzMTcyMDUwMjFaMDMxMTAvBgNV
BAMTKEREMTZBM0EwMkMyN0M4QTYyMUMxQjUxQjZDMENBOUFCM0Y2QTJBRjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB2rBSK8Z1H+K5k6oiAhJ/fiJg
ALIRqg2YO0GzdInsTWqZ4/X4ZE4OmMrx17VUmoEUNULifaLoP6POl56AMLUVyG4a
9YU12aYJbdvuQMglw7ZKt0nMbUS2SIkLdI1m+KecDrbxrU6/ZA+BU++ZYckbiWqu
BBz9QtlcjdhFsDIRsp4oLkeIzgzpvTKdXAnEooX4lbSMig45Jd2efrha6OPBmhwn
rRkDBOnpsnfOJOhbRSaC4GNWOPXTn1F8RsNJMFc9gSGPyqJDeMJMlzT6+f9ArUCd
b568uz40tbOHKMy1irrgJCIFr/rIjQp+2zKx2ce4Dme0+53R+Cwj1w8ENVUlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU3RajoCwnyKYhwbUbbAypqz9qKvIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzMzJlMzEzNDMwMmUzODJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM0MzIzNTMzMzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAMNjAgw
DQYJKoZIhvcNAQELBQADggEBACuulS43XAg/5y/B7PzyYJZiBQywlmPwZmdd2pTf
hto7MYz2VsjYgWiH9A7U+GF5kVMUfh95EYHwRL/tSWkoUXE+lD2Oz+MiRxFBkFEg
cl+Mt/XjjBe1d20cv9+uoRC07cX410SMuKtGohjt/H5st7zpA5nHB1JLwf4jJkG4
S6lu/euqn/PCWqOMPFCpKvhAu1RvbD7yaNbIrmP967GWiQZJX+dCQ9G7LKpT6UYM
SVmqfltPQoGzeWQxUVbLIgLC2f05NW/uET3DZoK0GTwhyuDU1vSRvcVRiKRP9QEs
jg3Jvc6J5eQT1JUMLt45xurdbKIf37C16nktU9AybLJRg+0=
-----END CERTIFICATE-----