Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134302e302f32342d3234203d3e20383334.roa
File:                     3134352e37392e3134302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          mBnlkoGCqnffwFwPrQByMuQfX1Gi+fRsraCWBzt/Bag=
Subject key identifier:   41:19:F4:97:C0:08:C5:9F:DD:E9:A3:C6:3A:72:15:EA:BA:3B:EA:EF
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       250BC41BA231516D645741845F9F6A73CFAE3279
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134302e302f32342d3234203d3e20383334.roa
Signing time:             Tue 10 Mar 2026 07:18:34 +0000
ROA not before:           Tue 10 Mar 2026 07:13:34 +0000
ROA not after:            Tue 09 Mar 2027 07:18:34 +0000
asID:                     834
IP address blocks:        145.79.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:0b:c4:1b:a2:31:51:6d:64:57:41:84:5f:9f:6a:73:cf:ae:32:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 10 07:13:34 2026 GMT
            Not After : Mar  9 07:18:34 2027 GMT
        Subject: CN=4119F497C008C59FDDE9A3C63A7215EABA3BEAEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b7:cd:67:f1:53:c9:07:0c:a8:8a:d8:bb:9f:
                    f4:43:61:98:77:ec:a5:37:2a:86:44:52:ad:7f:49:
                    1d:79:9d:db:f4:28:32:70:ad:4f:5d:19:d9:56:37:
                    15:d5:21:0c:b5:14:6f:d4:73:11:88:2d:a0:a4:ae:
                    13:ae:84:f2:fb:11:b7:4d:fe:86:c3:fa:0d:ce:36:
                    1b:fd:b9:70:7f:c1:e1:10:a6:18:ee:c5:b7:c6:23:
                    d5:f1:00:ec:18:38:a5:b2:4b:19:cd:f5:ec:a5:d8:
                    d0:f3:85:fd:6e:f1:95:c6:24:8d:82:89:b9:99:49:
                    69:b9:62:6d:8d:5d:08:76:ee:19:fb:4c:bf:67:a7:
                    f3:0f:97:d4:74:d4:a8:20:97:80:85:88:b0:7c:f7:
                    df:15:4d:d3:86:2b:14:86:c6:34:cf:5c:be:cf:5a:
                    31:02:1f:bb:be:f1:83:28:85:14:37:1b:43:4b:47:
                    b3:8a:22:74:85:59:c8:09:24:82:65:dc:7b:c1:c6:
                    33:ee:b6:8d:5b:0d:29:7e:f1:be:b5:d6:33:62:d6:
                    2f:2e:d7:fe:6d:ae:d3:a3:40:ef:47:96:16:a8:88:
                    53:22:00:2e:54:0a:db:d2:30:20:cb:2a:cb:c4:83:
                    7d:66:0e:c9:ad:76:9d:a0:23:3b:51:22:f7:d8:76:
                    3b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:19:F4:97:C0:08:C5:9F:DD:E9:A3:C6:3A:72:15:EA:BA:3B:EA:EF
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:2c:69:5a:a7:e7:bd:f8:05:97:45:8d:25:be:9a:97:af:82:
         e6:e5:8f:ad:eb:bf:70:be:c9:97:95:bf:8c:10:cd:6a:70:3c:
         a5:32:ef:b7:91:ad:be:47:1c:65:5f:80:a5:91:90:1e:5b:11:
         d5:11:70:9d:cf:02:3d:c2:0a:44:37:4e:1e:75:a6:20:cc:6c:
         59:45:78:7a:3f:e4:03:ea:d2:b3:9f:1f:a3:5a:cb:96:74:a1:
         fa:fe:62:a8:b0:88:5c:4d:ff:77:8b:a3:4b:98:e4:c3:c7:cf:
         22:b7:0b:56:cd:15:c4:77:83:57:df:0a:8c:4f:36:89:38:f0:
         b3:49:06:c2:e1:90:06:1e:45:89:2a:54:f4:81:0f:6e:c5:1e:
         b4:42:34:31:1c:e5:b0:43:66:0d:3b:9b:65:0f:f4:00:a0:ba:
         86:d0:d8:08:eb:f0:87:83:e9:48:f4:36:a0:a2:dd:3b:ee:5d:
         dc:95:72:df:a0:96:e7:02:5c:db:1d:c3:61:51:5b:30:53:94:
         72:bf:d5:4b:1d:fb:fc:9d:55:15:3c:15:27:6a:2a:e6:74:fd:
         e8:9c:cb:a9:d1:38:fe:ea:65:fb:f7:ce:4a:81:fc:e8:9e:c2:
         df:47:09:fa:74:d8:d6:02:bd:88:a8:d2:fc:58:5a:87:53:8e:
         fd:07:35:37
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJQvEG6IxUW1kV0GEX59qc8+uMnkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMTAwNzEzMzRaFw0yNzAzMDkwNzE4MzRaMDMxMTAvBgNV
BAMTKDQxMTlGNDk3QzAwOEM1OUZEREU5QTNDNjNBNzIxNUVBQkEzQkVBRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOt81n8VPJBwyoiti7n/RDYZh3
7KU3KoZEUq1/SR15ndv0KDJwrU9dGdlWNxXVIQy1FG/UcxGILaCkrhOuhPL7EbdN
/obD+g3ONhv9uXB/weEQphjuxbfGI9XxAOwYOKWySxnN9eyl2NDzhf1u8ZXGJI2C
ibmZSWm5Ym2NXQh27hn7TL9np/MPl9R01Kggl4CFiLB8998VTdOGKxSGxjTPXL7P
WjECH7u+8YMohRQ3G0NLR7OKInSFWcgJJIJl3HvBxjPuto1bDSl+8b611jNi1i8u
1/5trtOjQO9HlhaoiFMiAC5UCtvSMCDLKsvEg31mDsmtdp2gIztRIvfYdjtXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUQRn0l8AIxZ/d6aPGOnIV6ro76u8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM0
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT4ww
DQYJKoZIhvcNAQELBQADggEBAEYsaVqn5734BZdFjSW+mpevgublj63rv3C+yZeV
v4wQzWpwPKUy77eRrb5HHGVfgKWRkB5bEdURcJ3PAj3CCkQ3Th51piDMbFlFeHo/
5APq0rOfH6Nay5Z0ofr+YqiwiFxN/3eLo0uY5MPHzyK3C1bNFcR3g1ffCoxPNok4
8LNJBsLhkAYeRYkqVPSBD27FHrRCNDEc5bBDZg07m2UP9ACguobQ2Ajr8IeD6Uj0
NqCi3TvuXdyVct+glucCXNsdw2FRWzBTlHK/1Usd+/ydVRU8FSdqKuZ0/eicy6nR
OP7qZfv3zkqB/Oiewt9HCfp02NYCvYio0vxYWodTjv0HNTc=
-----END CERTIFICATE-----