Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3132342e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3132342e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          Bg0efUUwqJ0BJ4I3yI1VGT9KcjkLo/TwqSXLGb+wFkk=
Subject key identifier:   F6:B9:48:62:BA:BD:ED:6C:EF:58:9B:94:14:27:6B:97:0A:F7:45:DC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5A2C8B45F11F3FFA422DB503D171EB5D45F2D3C1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3132342e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 21 Apr 2026 10:58:14 +0000
ROA not before:           Tue 21 Apr 2026 10:53:14 +0000
ROA not after:            Tue 20 Apr 2027 10:58:14 +0000
asID:                     2914
IP address blocks:        145.79.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:2c:8b:45:f1:1f:3f:fa:42:2d:b5:03:d1:71:eb:5d:45:f2:d3:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 21 10:53:14 2026 GMT
            Not After : Apr 20 10:58:14 2027 GMT
        Subject: CN=F6B94862BABDED6CEF589B9414276B970AF745DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4b:b1:69:0d:22:61:09:f6:f9:25:d5:61:09:
                    a8:9c:28:fc:f0:f4:d2:bc:96:95:f9:21:ba:7f:ef:
                    00:66:3a:8d:93:aa:01:4f:85:25:1c:2b:28:97:23:
                    94:46:11:74:ed:19:c0:8a:5e:e3:c8:a5:86:cc:b2:
                    05:62:4c:90:58:7b:07:91:b3:47:97:6f:3c:4d:39:
                    82:c1:06:d3:0c:71:5e:b7:12:a3:11:64:a8:fc:15:
                    44:c7:f9:6e:fd:b3:34:04:60:e1:82:3a:fb:0a:9d:
                    0e:dc:19:70:db:08:aa:f0:5e:70:46:87:b8:07:87:
                    2d:2d:c6:57:ba:d1:e0:81:e8:a0:ca:41:aa:8f:7b:
                    e0:33:ff:51:80:8e:92:97:75:80:25:79:76:50:a3:
                    f5:ce:79:3c:14:80:ff:72:cb:d9:1d:fd:50:dd:60:
                    9d:a5:7a:ac:11:48:d2:97:7e:60:e8:3b:73:55:5e:
                    1b:b9:a0:30:07:04:0b:52:30:6a:bf:05:68:09:60:
                    57:8a:6c:7d:45:95:c4:42:c5:b1:8c:ae:b7:2c:e4:
                    b2:f8:93:87:66:57:10:45:a5:6d:ef:77:91:5c:26:
                    bd:f5:c8:3e:ff:c9:13:44:d9:89:8c:2d:ca:0a:80:
                    28:9d:d0:1b:7e:16:6e:7f:12:da:04:c2:46:a7:84:
                    d1:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:B9:48:62:BA:BD:ED:6C:EF:58:9B:94:14:27:6B:97:0A:F7:45:DC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3132342e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:99:32:9f:72:be:30:cb:6e:ff:8a:ca:ed:aa:af:09:05:7d:
         31:37:29:03:21:ca:a9:1e:85:93:59:9d:2e:fa:d7:c8:b6:48:
         7b:33:64:ae:08:2d:20:26:d7:8e:a4:51:c3:9a:b6:58:9d:8c:
         1b:f2:6e:3a:bf:8d:00:c5:ea:3d:c9:a0:c3:44:a0:bc:ca:e7:
         07:67:a7:5d:06:b3:b8:ed:ab:68:91:11:96:fc:11:af:b8:1f:
         13:c4:e8:ea:84:4c:0a:1d:70:2f:73:54:2f:5c:3c:f3:ad:34:
         e3:d7:a2:9a:9c:c3:ca:5b:fe:78:ed:8a:4d:18:76:f8:e6:4c:
         b0:c6:db:d5:c3:7f:02:f1:d2:ee:5c:ef:b7:72:a4:ec:5b:02:
         55:86:5d:3c:50:ba:9c:27:67:bc:c9:14:bd:28:0c:2b:a6:96:
         98:ae:2c:18:c3:80:8c:93:a9:79:87:7c:67:4a:15:ed:6c:ce:
         1b:b1:65:38:5a:1c:0b:ce:6f:f2:75:bc:57:4a:35:68:a1:3c:
         1d:71:1d:32:6f:50:f2:e4:4d:52:5b:43:15:55:4c:4f:9e:ae:
         40:c6:49:6f:84:dd:6a:58:43:5b:a8:96:b5:fb:47:6f:94:99:
         32:df:91:d1:fc:b5:46:a7:39:83:38:a5:46:69:79:28:b6:ae:
         2d:d7:52:a5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWiyLRfEfP/pCLbUD0XHrXUXy08EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjExMDUzMTRaFw0yNzA0MjAxMDU4MTRaMDMxMTAvBgNV
BAMTKEY2Qjk0ODYyQkFCREVENkNFRjU4OUI5NDE0Mjc2Qjk3MEFGNzQ1REMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTS7FpDSJhCfb5JdVhCaicKPzw
9NK8lpX5Ibp/7wBmOo2TqgFPhSUcKyiXI5RGEXTtGcCKXuPIpYbMsgViTJBYeweR
s0eXbzxNOYLBBtMMcV63EqMRZKj8FUTH+W79szQEYOGCOvsKnQ7cGXDbCKrwXnBG
h7gHhy0txle60eCB6KDKQaqPe+Az/1GAjpKXdYAleXZQo/XOeTwUgP9yy9kd/VDd
YJ2leqwRSNKXfmDoO3NVXhu5oDAHBAtSMGq/BWgJYFeKbH1FlcRCxbGMrrcs5LL4
k4dmVxBFpW3vd5FcJr31yD7/yRNE2YmMLcoKgCid0Bt+Fm5/EtoEwkanhNEFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9rlIYrq97WzvWJuUFCdrlwr3RdwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTMy
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
fDANBgkqhkiG9w0BAQsFAAOCAQEASpkyn3K+MMtu/4rK7aqvCQV9MTcpAyHKqR6F
k1mdLvrXyLZIezNkrggtICbXjqRRw5q2WJ2MG/JuOr+NAMXqPcmgw0SgvMrnB2en
XQazuO2raJERlvwRr7gfE8To6oRMCh1wL3NUL1w8860049eimpzDylv+eO2KTRh2
+OZMsMbb1cN/AvHS7lzvt3Kk7FsCVYZdPFC6nCdnvMkUvSgMK6aWmK4sGMOAjJOp
eYd8Z0oV7WzOG7FlOFocC85v8nW8V0o1aKE8HXEdMm9Q8uRNUltDFVVMT56uQMZJ
b4TdalhDW6iWtftHb5SZMt+R0fy1Rqc5gzilRml5KLauLddSpQ==
-----END CERTIFICATE-----