Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131362e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3131362e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          HbsKCGRucuH2B/SwooacD7k10PU2iD756oLAQ1Cel9Q=
Subject key identifier:   99:ED:7F:CC:F5:37:AE:9E:81:BC:89:09:BD:E5:20:C3:35:F2:22:84
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       525BD1FF6CADA14E1492F1ACAE8B12658A19F796
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131362e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 05 May 2026 09:47:33 +0000
ROA not before:           Tue 05 May 2026 09:42:33 +0000
ROA not after:            Tue 04 May 2027 09:47:33 +0000
asID:                     2914
IP address blocks:        145.79.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:5b:d1:ff:6c:ad:a1:4e:14:92:f1:ac:ae:8b:12:65:8a:19:f7:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May  5 09:42:33 2026 GMT
            Not After : May  4 09:47:33 2027 GMT
        Subject: CN=99ED7FCCF537AE9E81BC8909BDE520C335F22284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:95:66:cc:3f:9a:62:79:32:62:cd:19:c6:5f:
                    d5:70:8b:71:cc:c2:b8:4d:f0:4c:2d:c2:e4:69:3b:
                    ac:3c:de:48:94:3d:13:1c:16:be:79:73:c6:54:b1:
                    2f:fa:32:5d:07:4e:f2:26:f7:88:9b:0e:e4:ef:42:
                    03:89:58:86:20:09:58:14:bc:bc:e3:aa:3e:60:13:
                    95:10:1b:24:1d:2b:45:f0:b3:80:f8:a5:07:e4:12:
                    23:01:bd:a7:be:37:23:c3:a6:2f:27:a3:38:d4:da:
                    72:b8:aa:ba:45:29:fc:7b:22:9d:88:50:3f:f3:0e:
                    8e:f5:f1:76:83:ba:9d:07:b6:5d:f8:4b:d1:0b:a1:
                    09:99:b4:c6:ea:04:5a:51:f0:a9:be:97:17:6c:cd:
                    81:22:14:74:94:17:5a:73:5c:a0:5c:49:78:75:b1:
                    75:41:32:3c:ef:4c:33:ca:3c:3a:dc:6d:89:4b:f7:
                    19:f8:2f:d5:97:be:9b:7d:1d:bf:9d:8d:31:69:ec:
                    52:a9:3a:d2:e7:6e:a0:37:94:e5:d4:f5:44:08:8c:
                    20:ee:84:68:b8:92:1f:69:80:a2:26:a7:58:d3:8d:
                    df:3a:48:05:86:2c:f0:f9:83:8d:8d:88:11:64:51:
                    34:c1:1b:19:32:ef:7d:fc:e3:0e:bb:59:02:a2:01:
                    b6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:ED:7F:CC:F5:37:AE:9E:81:BC:89:09:BD:E5:20:C3:35:F2:22:84
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3131362e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:82:24:e8:86:94:28:6e:2c:69:9a:96:86:9b:c9:d1:c4:c2:
         e3:6c:87:4b:2b:72:bf:7b:f2:4d:db:3d:59:ef:8d:aa:b3:53:
         b6:d3:9f:74:58:7f:dc:bf:a7:c4:2c:a6:e5:01:6c:d9:5f:0f:
         99:55:62:db:cf:3d:b4:8a:aa:4b:8e:08:18:34:09:dd:d8:7a:
         c5:1d:96:bb:74:9f:60:db:4a:72:97:6f:9a:d2:ce:a1:c7:27:
         86:f9:6c:fd:ca:d6:01:d3:9f:cf:1b:16:44:92:dd:bb:12:95:
         02:35:90:7c:17:49:d0:8c:ed:50:2b:c2:88:a4:49:5a:a0:d9:
         ba:ec:1a:a6:4b:eb:27:18:68:34:49:c1:a5:f2:f6:f0:d1:fe:
         9f:ca:17:cb:81:d9:39:fa:97:ac:c3:3c:57:3c:c1:09:4b:09:
         39:60:02:c7:77:35:72:dd:df:2e:3f:73:58:af:1d:54:ca:f5:
         2e:67:bf:d7:77:fe:40:1f:69:7c:65:45:20:02:11:c1:50:aa:
         bd:77:c7:87:d8:c3:10:66:e7:7b:85:d6:b7:31:c8:68:b9:52:
         df:12:f7:68:14:2a:f8:89:38:c4:27:18:41:c3:bd:52:68:f4:
         28:93:4b:00:b7:52:8a:0b:ce:dd:1e:35:ce:b2:e9:48:01:fd:
         05:ba:90:dd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUlvR/2ytoU4UkvGsrosSZYoZ95YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MDUwOTQyMzNaFw0yNzA1MDQwOTQ3MzNaMDMxMTAvBgNV
BAMTKDk5RUQ3RkNDRjUzN0FFOUU4MUJDODkwOUJERTUyMEMzMzVGMjIyODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDglWbMP5pieTJizRnGX9Vwi3HM
wrhN8EwtwuRpO6w83kiUPRMcFr55c8ZUsS/6Ml0HTvIm94ibDuTvQgOJWIYgCVgU
vLzjqj5gE5UQGyQdK0Xws4D4pQfkEiMBvae+NyPDpi8nozjU2nK4qrpFKfx7Ip2I
UD/zDo718XaDup0Htl34S9ELoQmZtMbqBFpR8Km+lxdszYEiFHSUF1pzXKBcSXh1
sXVBMjzvTDPKPDrcbYlL9xn4L9WXvpt9Hb+djTFp7FKpOtLnbqA3lOXU9UQIjCDu
hGi4kh9pgKImp1jTjd86SAWGLPD5g42NiBFkUTTBGxky73384w67WQKiAbajAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUme1/zPU3rp6BvIkJveUgwzXyIoQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMx
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
dDANBgkqhkiG9w0BAQsFAAOCAQEAY4Ik6IaUKG4saZqWhpvJ0cTC42yHSytyv3vy
Tds9We+NqrNTttOfdFh/3L+nxCym5QFs2V8PmVVi2889tIqqS44IGDQJ3dh6xR2W
u3SfYNtKcpdvmtLOoccnhvls/crWAdOfzxsWRJLduxKVAjWQfBdJ0IztUCvCiKRJ
WqDZuuwapkvrJxhoNEnBpfL28NH+n8oXy4HZOfqXrMM8VzzBCUsJOWACx3c1ct3f
Lj9zWK8dVMr1Lme/13f+QB9pfGVFIAIRwVCqvXfHh9jDEGbne4XWtzHIaLlS3xL3
aBQq+Ik4xCcYQcO9Umj0KJNLALdSigvO3R41zrLpSAH9BbqQ3Q==
-----END CERTIFICATE-----