Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e39362e302f32312d3234203d3e2036303739.roa
File:                     3134352e31312e39362e302f32312d3234203d3e2036303739.roa (raw, json)
Hash identifier:          GNWKwXUnUNc4mbonzwJLSeporCmofllmH26vj5qLkjk=
Subject key identifier:   D2:58:6F:85:C9:28:8D:4E:A8:C6:09:47:AA:C2:C7:EE:CD:4B:E5:07
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5D4C7547D47CE6B310875878CE8BAB1F1CCD6253
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e39362e302f32312d3234203d3e2036303739.roa
Signing time:             Thu 30 Apr 2026 13:46:19 +0000
ROA not before:           Thu 30 Apr 2026 13:41:19 +0000
ROA not after:            Thu 29 Apr 2027 13:46:19 +0000
asID:                     6079
IP address blocks:        145.11.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:4c:75:47:d4:7c:e6:b3:10:87:58:78:ce:8b:ab:1f:1c:cd:62:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 30 13:41:19 2026 GMT
            Not After : Apr 29 13:46:19 2027 GMT
        Subject: CN=D2586F85C9288D4EA8C60947AAC2C7EECD4BE507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:00:3b:bc:d7:7e:1b:36:f1:0e:fd:cb:36:85:
                    2e:33:ed:d6:06:8b:2c:61:3b:50:15:72:47:a2:32:
                    56:19:96:11:27:94:b3:12:2e:51:5e:c1:78:f3:fb:
                    f1:fa:09:ff:90:2d:98:e8:de:7d:ad:ee:ce:a1:42:
                    23:97:dc:83:b4:3c:95:cc:8c:fa:46:cf:9e:ca:4e:
                    68:3a:ca:02:57:ae:2b:66:66:1e:3c:49:07:9d:3d:
                    75:d2:7a:1f:60:ed:a9:30:75:14:17:b1:9a:5f:68:
                    99:39:25:b1:0f:cb:d6:1c:7a:f0:79:08:6d:49:a0:
                    39:a7:3c:72:b9:d8:ab:4b:30:d9:a6:e5:2c:16:ee:
                    3b:36:09:4c:ec:8f:44:15:b4:48:03:6e:10:fe:26:
                    7a:22:cd:d5:a6:62:2e:af:56:ca:f6:02:a2:fb:c1:
                    78:c5:c7:dc:b7:de:40:5a:5b:4f:f9:1a:7f:23:7d:
                    a6:1d:c6:df:64:d2:6d:77:f3:28:3c:e9:5f:72:34:
                    36:8c:f2:0a:be:16:47:97:5d:11:2c:6f:aa:9e:2b:
                    9d:47:15:ba:3e:3f:7c:d7:26:47:7d:33:3a:a0:19:
                    32:af:82:05:c5:f0:6e:3c:3b:67:84:76:cf:90:59:
                    0a:9c:6f:6e:e4:f2:bc:d3:92:8d:4a:ae:ad:a1:a5:
                    02:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:58:6F:85:C9:28:8D:4E:A8:C6:09:47:AA:C2:C7:EE:CD:4B:E5:07
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e39362e302f32312d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         75:f4:c4:82:76:43:38:74:cb:a9:f2:14:b1:07:8a:f5:aa:f0:
         ad:f0:56:8e:24:47:0e:b4:3d:c5:b0:3e:2f:f9:92:0a:0e:eb:
         d6:31:e1:fe:52:3d:5f:6a:7c:39:c4:ba:f2:9f:19:bd:b5:e3:
         72:03:b0:d8:84:b2:4f:fa:24:8f:f6:ad:c3:99:f7:75:d7:f3:
         d3:9c:b6:41:33:28:bd:44:ee:26:bb:d9:90:c5:05:6a:d6:1c:
         a0:c2:c9:5e:ba:39:0f:89:c1:b8:68:56:3b:02:70:03:d8:ef:
         7f:93:12:20:8f:9f:8f:df:1a:91:8d:b6:69:57:7b:73:20:33:
         59:0a:a4:9e:a9:1e:5c:20:d5:c7:4b:33:e0:e8:f7:d7:f1:27:
         2d:66:4b:74:04:62:e0:a0:9f:b8:20:49:d2:38:65:81:da:0a:
         f9:7c:0d:58:05:40:d9:66:63:3d:fd:98:df:69:a3:3e:96:03:
         dd:be:f5:ce:5d:3e:26:05:bd:d3:28:6d:a1:10:4b:61:1c:88:
         f0:17:12:e1:cb:04:ff:19:5e:32:fe:71:e0:0c:da:61:37:63:
         cf:aa:35:70:8e:8b:f2:e1:e6:8b:b4:2c:7c:9b:d1:e3:55:d2:
         b8:0c:02:e1:4e:96:39:f0:17:c7:4e:ad:62:0c:ac:93:5a:39:
         37:c1:10:c9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXUx1R9R85rMQh1h4zourHxzNYlMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MzAxMzQxMTlaFw0yNzA0MjkxMzQ2MTlaMDMxMTAvBgNV
BAMTKEQyNTg2Rjg1QzkyODhENEVBOEM2MDk0N0FBQzJDN0VFQ0Q0QkU1MDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuADu8134bNvEO/cs2hS4z7dYG
iyxhO1AVckeiMlYZlhEnlLMSLlFewXjz+/H6Cf+QLZjo3n2t7s6hQiOX3IO0PJXM
jPpGz57KTmg6ygJXritmZh48SQedPXXSeh9g7akwdRQXsZpfaJk5JbEPy9YcevB5
CG1JoDmnPHK52KtLMNmm5SwW7js2CUzsj0QVtEgDbhD+JnoizdWmYi6vVsr2AqL7
wXjFx9y33kBaW0/5Gn8jfaYdxt9k0m138yg86V9yNDaM8gq+FkeXXREsb6qeK51H
Fbo+P3zXJkd9MzqgGTKvggXF8G48O2eEds+QWQqcb27k8rzTko1Krq2hpQKVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU0lhvhckojU6oxglHqsLH7s1L5QcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzOTM2
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzYzMDM3Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAORC2Aw
DQYJKoZIhvcNAQELBQADggEBAHX0xIJ2Qzh0y6nyFLEHivWq8K3wVo4kRw60PcWw
Pi/5kgoO69Yx4f5SPV9qfDnEuvKfGb2143IDsNiEsk/6JI/2rcOZ93XX89OctkEz
KL1E7ia72ZDFBWrWHKDCyV66OQ+JwbhoVjsCcAPY73+TEiCPn4/fGpGNtmlXe3Mg
M1kKpJ6pHlwg1cdLM+Do99fxJy1mS3QEYuCgn7ggSdI4ZYHaCvl8DVgFQNlmYz39
mN9poz6WA92+9c5dPiYFvdMobaEQS2EciPAXEuHLBP8ZXjL+ceAM2mE3Y8+qNXCO
i/Lh5ou0LHyb0eNV0rgMAuFOljnwF8dOrWIMrJNaOTfBEMk=
-----END CERTIFICATE-----