Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e3132302e302f32312d3234203d3e2036303739.roa
File:                     3134352e31312e3132302e302f32312d3234203d3e2036303739.roa (raw, json)
Hash identifier:          jHdHylvFzFUIDEJ80mN8QYd8nX/O3rbTbu9WSl6IfcE=
Subject key identifier:   BC:B5:2D:C2:BA:0F:95:8D:A3:A4:C6:42:29:13:90:BA:13:14:2F:19
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       713CCF74C25A7681E672E45B6D342F00086314FB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e3132302e302f32312d3234203d3e2036303739.roa
Signing time:             Thu 30 Apr 2026 13:46:21 +0000
ROA not before:           Thu 30 Apr 2026 13:41:21 +0000
ROA not after:            Thu 29 Apr 2027 13:46:21 +0000
asID:                     6079
IP address blocks:        145.11.120.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:3c:cf:74:c2:5a:76:81:e6:72:e4:5b:6d:34:2f:00:08:63:14:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 30 13:41:21 2026 GMT
            Not After : Apr 29 13:46:21 2027 GMT
        Subject: CN=BCB52DC2BA0F958DA3A4C642291390BA13142F19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ab:53:f8:50:d1:e3:87:6b:6b:47:7b:91:43:
                    1e:9d:a2:ce:8f:21:ca:06:23:e0:91:22:66:94:fc:
                    66:49:70:f4:65:c0:28:47:a5:8f:96:87:19:67:46:
                    2f:72:f9:1c:22:9f:8d:d7:e6:80:59:a4:1f:20:fc:
                    3e:6d:e5:eb:ae:4f:4e:d4:f3:07:9a:5e:b5:b2:bb:
                    70:f9:70:00:f1:ac:54:06:f9:ff:5b:a6:73:2a:09:
                    a1:19:a4:c5:34:46:d5:01:be:9a:4e:9a:de:04:f8:
                    29:cf:24:0e:41:f8:33:0e:cc:4d:73:47:ee:79:3f:
                    ed:55:46:ed:55:8e:c8:73:9d:67:6d:b2:70:7a:39:
                    39:07:ba:9b:a4:d0:27:96:aa:9c:fb:5d:6d:29:3f:
                    11:b7:97:15:58:f8:29:a4:b9:a5:dd:87:3a:ba:2c:
                    6c:e2:12:60:67:b5:f8:59:47:57:f8:da:98:21:36:
                    bb:b0:3a:2a:0a:50:cc:05:ef:bf:95:88:10:5a:52:
                    c4:e6:fc:81:db:f4:c5:7b:36:58:59:c2:8d:42:b1:
                    de:2c:15:d8:66:ac:4f:96:a6:59:ec:e8:99:a1:c8:
                    3a:b6:6d:56:af:aa:36:32:f9:17:c6:fc:e4:b0:1f:
                    31:db:e6:90:53:80:31:cc:b1:d1:cb:b9:a3:42:6d:
                    70:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B5:2D:C2:BA:0F:95:8D:A3:A4:C6:42:29:13:90:BA:13:14:2F:19
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e3132302e302f32312d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3c:c4:b6:51:68:d0:83:e4:40:1d:82:52:54:72:38:a0:21:55:
         11:4a:99:94:eb:15:0e:d4:88:13:cd:f5:c9:64:7c:4e:ab:d7:
         85:00:db:0d:a6:61:56:f9:42:3e:be:a7:d8:99:7b:fa:f2:49:
         16:c5:b4:52:7e:05:c1:69:da:8f:73:d2:15:91:cf:0b:47:23:
         bc:ed:83:b2:84:47:a8:50:c3:59:ec:4c:65:86:cc:3c:93:a0:
         0c:7d:2a:71:1f:da:ed:43:af:5c:9c:16:9c:a1:ee:63:7c:9d:
         79:db:03:e2:a9:6c:04:51:57:f1:a7:92:a1:9d:73:2d:32:81:
         2e:f0:73:86:e8:fe:27:82:0a:81:48:96:f3:7c:93:36:a6:b8:
         6c:de:f8:d3:f3:61:17:ed:85:79:ce:b1:9d:e2:ba:12:6b:c9:
         a9:88:a1:1b:7e:53:53:98:8d:c9:26:0b:6d:3e:cc:f9:8b:a2:
         e1:a0:19:35:ca:e8:ab:d8:57:70:fd:20:b5:15:0b:5b:1b:5b:
         a5:75:dd:6f:50:29:ac:1d:d5:99:d0:30:2c:eb:0c:ba:2e:0a:
         b2:10:9c:cb:31:56:78:31:8f:de:1e:d6:12:ed:25:0d:47:5c:
         ba:d0:87:65:45:4a:9a:55:88:7c:45:c3:78:ed:9b:ed:75:19:
         ba:8f:39:92
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcTzPdMJadoHmcuRbbTQvAAhjFPswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MzAxMzQxMjFaFw0yNzA0MjkxMzQ2MjFaMDMxMTAvBgNV
BAMTKEJDQjUyREMyQkEwRjk1OERBM0E0QzY0MjI5MTM5MEJBMTMxNDJGMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZq1P4UNHjh2trR3uRQx6dos6P
IcoGI+CRImaU/GZJcPRlwChHpY+WhxlnRi9y+Rwin43X5oBZpB8g/D5t5euuT07U
8weaXrWyu3D5cADxrFQG+f9bpnMqCaEZpMU0RtUBvppOmt4E+CnPJA5B+DMOzE1z
R+55P+1VRu1VjshznWdtsnB6OTkHupuk0CeWqpz7XW0pPxG3lxVY+CmkuaXdhzq6
LGziEmBntfhZR1f42pghNruwOioKUMwF77+ViBBaUsTm/IHb9MV7NlhZwo1Csd4s
FdhmrE+Wplns6JmhyDq2bVavqjYy+RfG/OSwHzHb5pBTgDHMsdHLuaNCbXCZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvLUtwroPlY2jpMZCKROQuhMULxkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzMTMy
MzAyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA5EL
eDANBgkqhkiG9w0BAQsFAAOCAQEAPMS2UWjQg+RAHYJSVHI4oCFVEUqZlOsVDtSI
E831yWR8TqvXhQDbDaZhVvlCPr6n2Jl7+vJJFsW0Un4FwWnaj3PSFZHPC0cjvO2D
soRHqFDDWexMZYbMPJOgDH0qcR/a7UOvXJwWnKHuY3ydedsD4qlsBFFX8aeSoZ1z
LTKBLvBzhuj+J4IKgUiW83yTNqa4bN740/NhF+2Fec6xneK6EmvJqYihG35TU5iN
ySYLbT7M+Yui4aAZNcroq9hXcP0gtRULWxtbpXXdb1AprB3VmdAwLOsMui4KshCc
yzFWeDGP3h7WEu0lDUdcutCHZUVKmlWIfEXDeO2b7XUZuo85kg==
-----END CERTIFICATE-----