Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e36342e302f32312d3234203d3e2036303739.roa
File:                     3134352e31312e36342e302f32312d3234203d3e2036303739.roa (raw, json)
Hash identifier:          ah+aNLOtQjJNK6gHB90nzJD2jAbozLZJU8YTonY4fzU=
Subject key identifier:   E0:D1:6D:2D:FD:C3:01:A5:BA:A0:F3:5E:90:06:19:A2:6A:27:C4:A9
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4D037C37F6AC465F3C6289AAACFE3D0D57F84B3B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e36342e302f32312d3234203d3e2036303739.roa
Signing time:             Thu 30 Apr 2026 13:46:16 +0000
ROA not before:           Thu 30 Apr 2026 13:41:16 +0000
ROA not after:            Thu 29 Apr 2027 13:46:16 +0000
asID:                     6079
IP address blocks:        145.11.64.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:03:7c:37:f6:ac:46:5f:3c:62:89:aa:ac:fe:3d:0d:57:f8:4b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 30 13:41:16 2026 GMT
            Not After : Apr 29 13:46:16 2027 GMT
        Subject: CN=E0D16D2DFDC301A5BAA0F35E900619A26A27C4A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5f:62:90:0c:cf:d1:b7:73:16:4a:8e:8a:96:
                    76:11:cd:d6:bd:ee:9d:28:92:3c:ca:a6:33:07:69:
                    0c:00:84:ce:23:87:39:0c:2a:6e:44:0d:ee:7c:e3:
                    bc:41:e7:45:aa:eb:59:08:6a:11:a7:a6:cf:4d:97:
                    4b:c4:92:95:2e:e3:59:25:8e:40:8c:05:67:41:b7:
                    c0:b5:06:44:ee:ce:25:b6:69:a3:dd:2b:42:a8:22:
                    d5:dd:dd:f9:16:b5:c9:cd:37:d6:b2:12:91:79:d8:
                    d5:44:a3:61:6e:d5:09:78:97:24:5d:c7:88:85:19:
                    31:13:a6:db:e5:37:a4:a3:76:81:c3:13:fd:93:02:
                    3b:97:e9:89:20:0d:9f:bd:0b:b5:c5:ec:ec:9c:24:
                    9b:41:06:a8:c6:79:d4:bc:61:c9:b0:1d:6c:d0:c9:
                    b8:6f:85:88:a0:b6:c5:0e:28:a8:c1:3b:cc:ee:ab:
                    5e:7a:d2:fc:a8:45:08:6f:6a:4b:c5:81:2e:44:3f:
                    20:55:93:85:ea:ec:3c:c5:5e:38:7e:ae:65:d6:46:
                    1d:08:9d:8f:b9:b9:23:35:65:a9:49:64:20:6a:d4:
                    5a:76:1b:c8:22:4e:bd:d8:ec:10:4d:15:ef:b8:76:
                    93:8f:8f:d8:5b:f8:8a:1b:3c:97:45:ef:80:04:c8:
                    53:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D1:6D:2D:FD:C3:01:A5:BA:A0:F3:5E:90:06:19:A2:6A:27:C4:A9
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e36342e302f32312d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:5b:0d:fa:83:b1:83:af:37:81:2f:86:de:22:eb:c6:08:e0:
         e2:67:cd:9f:75:ea:ab:a1:80:4c:68:b8:b3:75:7a:eb:a9:d0:
         4a:40:3c:47:fc:aa:ee:c6:f9:27:ed:cc:30:41:26:d8:21:86:
         71:9e:3d:b4:cb:d7:28:d9:b3:35:bc:68:3f:09:15:05:4f:c4:
         f1:97:8e:3d:e6:df:79:56:17:6a:47:63:d0:10:f4:d1:9c:50:
         37:00:3c:2f:96:8b:f8:0c:99:5d:05:ae:61:19:cf:78:4a:a1:
         d3:31:79:25:52:6b:97:a8:63:a5:31:9c:d9:14:39:34:da:86:
         a9:85:35:9c:04:63:d9:de:06:59:a9:e0:17:e0:67:77:16:74:
         dd:45:e7:7c:f5:0d:b0:bc:78:e9:f6:8e:f7:11:26:e8:40:59:
         86:3f:57:30:d9:68:09:03:bd:dc:c7:84:ea:51:65:f4:d9:14:
         96:f9:c3:11:8c:0d:d6:2e:aa:ce:b9:32:ce:8e:98:b8:93:ef:
         bb:15:38:1c:7e:99:f4:b1:8b:29:59:e7:38:fd:31:6c:a2:a7:
         60:af:a3:b0:5d:e0:b2:70:2f:57:67:76:15:dd:61:75:18:08:
         ee:a9:a1:7e:6f:30:99:3c:97:ab:f5:aa:19:23:22:a2:a8:a1:
         5a:84:f9:d4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUTQN8N/asRl88YomqrP49DVf4SzswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MzAxMzQxMTZaFw0yNzA0MjkxMzQ2MTZaMDMxMTAvBgNV
BAMTKEUwRDE2RDJERkRDMzAxQTVCQUEwRjM1RTkwMDYxOUEyNkEyN0M0QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClX2KQDM/Rt3MWSo6KlnYRzda9
7p0okjzKpjMHaQwAhM4jhzkMKm5EDe5847xB50Wq61kIahGnps9Nl0vEkpUu41kl
jkCMBWdBt8C1BkTuziW2aaPdK0KoItXd3fkWtcnNN9ayEpF52NVEo2Fu1Ql4lyRd
x4iFGTETptvlN6SjdoHDE/2TAjuX6YkgDZ+9C7XF7OycJJtBBqjGedS8YcmwHWzQ
ybhvhYigtsUOKKjBO8zuq1560vyoRQhvakvFgS5EPyBVk4Xq7DzFXjh+rmXWRh0I
nY+5uSM1ZalJZCBq1Fp2G8giTr3Y7BBNFe+4dpOPj9hb+IobPJdF74AEyFOPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU4NFtLf3DAaW6oPNekAYZomonxKkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzNjM0
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzYzMDM3Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAORC0Aw
DQYJKoZIhvcNAQELBQADggEBAGRbDfqDsYOvN4Evht4i68YI4OJnzZ916quhgExo
uLN1euup0EpAPEf8qu7G+SftzDBBJtghhnGePbTL1yjZszW8aD8JFQVPxPGXjj3m
33lWF2pHY9AQ9NGcUDcAPC+Wi/gMmV0FrmEZz3hKodMxeSVSa5eoY6UxnNkUOTTa
hqmFNZwEY9neBlmp4BfgZ3cWdN1F53z1DbC8eOn2jvcRJuhAWYY/VzDZaAkDvdzH
hOpRZfTZFJb5wxGMDdYuqs65Ms6OmLiT77sVOBx+mfSxiylZ5zj9MWyip2Cvo7Bd
4LJwL1dndhXdYXUYCO6poX5vMJk8l6v1qhkjIqKooVqE+dQ=
-----END CERTIFICATE-----