Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38382e302f32312d3234203d3e2036303739.roa
File:                     3134352e31312e38382e302f32312d3234203d3e2036303739.roa (raw, json)
Hash identifier:          EeT34+5/Hw+XOBnjTjLA7a7EsUGh9JETh0CZvi5Vocw=
Subject key identifier:   D5:AB:9A:7D:DB:69:9A:41:AE:5C:BC:B0:F3:83:3B:C9:8E:86:72:AB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7A48D728A4BE6789D3F1BC1439F26BA786CA0995
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38382e302f32312d3234203d3e2036303739.roa
Signing time:             Thu 30 Apr 2026 13:46:18 +0000
ROA not before:           Thu 30 Apr 2026 13:41:18 +0000
ROA not after:            Thu 29 Apr 2027 13:46:18 +0000
asID:                     6079
IP address blocks:        145.11.88.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:48:d7:28:a4:be:67:89:d3:f1:bc:14:39:f2:6b:a7:86:ca:09:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 30 13:41:18 2026 GMT
            Not After : Apr 29 13:46:18 2027 GMT
        Subject: CN=D5AB9A7DDB699A41AE5CBCB0F3833BC98E8672AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c6:3a:a9:46:96:34:6c:35:87:58:73:06:12:
                    a9:0c:a4:0c:31:1e:2d:24:50:44:7c:d4:0f:fa:97:
                    7a:7a:40:ad:8f:24:96:3a:88:06:2d:5d:df:b1:b8:
                    b9:cb:87:84:3c:34:84:21:97:20:5e:7c:77:b3:99:
                    08:28:a9:69:71:cf:98:4b:45:7a:2f:8b:8d:0a:df:
                    70:3c:10:4e:6c:70:2b:47:ba:82:c4:bc:df:15:7a:
                    49:8b:86:ff:7e:0b:e9:cd:b2:2a:fe:07:8f:5d:34:
                    e0:bc:ca:e1:9f:3f:48:85:93:28:c6:15:93:86:b5:
                    89:33:bb:76:5c:aa:be:17:fc:8d:62:ee:de:3e:79:
                    2f:54:1e:a6:34:f7:b8:06:f6:97:c9:3a:44:25:06:
                    fc:55:1b:5e:a7:e4:86:d7:8a:a2:55:bd:e6:27:70:
                    04:a5:f4:f4:2c:c0:0f:f5:87:86:9b:41:92:ed:8a:
                    8b:05:40:f1:f3:00:c3:60:7d:3a:d9:fa:4c:d2:fd:
                    13:54:84:87:a9:28:a5:61:d7:ef:da:ae:5f:df:c3:
                    a9:35:96:9c:3b:2b:38:fc:6a:ca:ca:4a:05:97:48:
                    ea:ff:cf:fa:74:56:49:82:b9:46:d3:e5:72:b4:cf:
                    79:ab:1f:c7:46:f7:ea:0e:41:8e:ff:2b:a5:c2:93:
                    9b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:AB:9A:7D:DB:69:9A:41:AE:5C:BC:B0:F3:83:3B:C9:8E:86:72:AB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38382e302f32312d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         23:6e:e6:fb:42:c0:d9:c2:e5:58:91:0a:ef:67:4f:91:89:42:
         32:3e:a9:00:06:56:c8:2c:eb:82:80:dc:99:f8:b8:29:5e:c1:
         df:13:62:50:6f:49:07:bf:c7:20:1b:b5:47:3b:bf:08:39:dc:
         93:5f:d6:d2:ad:8b:5e:f9:e0:e1:a0:63:b1:d8:4b:91:f3:e1:
         5f:6a:4e:31:f2:cc:a7:5c:e4:10:93:23:bc:c6:a1:a1:8a:4c:
         ab:8b:21:02:5d:93:de:55:e5:18:9e:9b:eb:10:bb:5f:4c:99:
         61:45:7d:bf:b2:5f:07:e4:ab:00:a3:6d:20:32:e0:a2:44:79:
         64:22:ea:aa:c3:8a:6d:ed:58:f7:3a:83:6e:c4:f3:80:18:f1:
         99:51:be:c0:63:4f:79:8f:29:2a:3f:1e:d9:81:97:0b:6e:fa:
         c7:2c:04:67:f2:74:a2:45:4d:88:84:3a:67:bc:cb:ea:89:e5:
         9d:b7:60:47:7c:21:e4:fe:41:a0:d6:f6:35:f7:c1:63:e2:c0:
         41:0d:bf:a0:53:80:a4:08:13:8d:34:fd:c3:94:0f:dd:83:99:
         bf:db:54:f7:23:5b:60:e2:8a:01:1a:84:f7:39:ba:d6:ea:02:
         56:35:f1:aa:34:45:43:f9:2c:75:d8:c9:1d:87:ec:25:69:1f:
         ed:3b:6c:a6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUekjXKKS+Z4nT8bwUOfJrp4bKCZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MzAxMzQxMThaFw0yNzA0MjkxMzQ2MThaMDMxMTAvBgNV
BAMTKEQ1QUI5QTdEREI2OTlBNDFBRTVDQkNCMEYzODMzQkM5OEU4NjcyQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9xjqpRpY0bDWHWHMGEqkMpAwx
Hi0kUER81A/6l3p6QK2PJJY6iAYtXd+xuLnLh4Q8NIQhlyBefHezmQgoqWlxz5hL
RXovi40K33A8EE5scCtHuoLEvN8VekmLhv9+C+nNsir+B49dNOC8yuGfP0iFkyjG
FZOGtYkzu3Zcqr4X/I1i7t4+eS9UHqY097gG9pfJOkQlBvxVG16n5IbXiqJVveYn
cASl9PQswA/1h4abQZLtiosFQPHzAMNgfTrZ+kzS/RNUhIepKKVh1+/arl/fw6k1
lpw7Kzj8asrKSgWXSOr/z/p0VkmCuUbT5XK0z3mrH8dG9+oOQY7/K6XCk5sxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1auafdtpmkGuXLyw84M7yY6GcqswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzODM4
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzYzMDM3Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAORC1gw
DQYJKoZIhvcNAQELBQADggEBACNu5vtCwNnC5ViRCu9nT5GJQjI+qQAGVsgs64KA
3Jn4uClewd8TYlBvSQe/xyAbtUc7vwg53JNf1tKti1754OGgY7HYS5Hz4V9qTjHy
zKdc5BCTI7zGoaGKTKuLIQJdk95V5Riem+sQu19MmWFFfb+yXwfkqwCjbSAy4KJE
eWQi6qrDim3tWPc6g27E84AY8ZlRvsBjT3mPKSo/HtmBlwtu+scsBGfydKJFTYiE
Ome8y+qJ5Z23YEd8IeT+QaDW9jX3wWPiwEENv6BTgKQIE400/cOUD92Dmb/bVPcj
W2DiigEahPc5utbqAlY18ao0RUP5LHXYyR2H7CVpH+07bKY=
-----END CERTIFICATE-----