Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134352e302f32342d3234203d3e20383334.roa
File:                     3134352e37392e3134352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          TgxUX5SyHB8xD0PmcCcD1nGNCJo3hVtV+ysCan8Thoo=
Subject key identifier:   4D:03:E2:97:A1:BA:05:3B:C8:EA:48:F3:9F:1E:D0:F4:8A:0B:17:47
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1132E9FE1338F40C989B40538FD2C6D3C7F8D1FA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134352e302f32342d3234203d3e20383334.roa
Signing time:             Mon 27 Apr 2026 08:34:47 +0000
ROA not before:           Mon 27 Apr 2026 08:29:47 +0000
ROA not after:            Mon 26 Apr 2027 08:34:47 +0000
asID:                     834
IP address blocks:        145.79.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:32:e9:fe:13:38:f4:0c:98:9b:40:53:8f:d2:c6:d3:c7:f8:d1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 27 08:29:47 2026 GMT
            Not After : Apr 26 08:34:47 2027 GMT
        Subject: CN=4D03E297A1BA053BC8EA48F39F1ED0F48A0B1747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9b:bc:38:75:ed:27:ad:a3:36:c9:0b:f9:23:
                    ed:07:6b:0b:03:fc:9e:37:b4:63:a5:73:e1:c3:c6:
                    db:cb:fa:96:d6:04:8c:86:26:bc:c9:24:0b:f2:6e:
                    e0:72:51:f8:33:1a:ea:fb:86:f2:ad:27:10:bc:d3:
                    48:b7:47:00:7c:40:ec:9c:ee:58:79:1c:77:87:df:
                    86:bf:a7:85:d1:2a:de:70:bd:11:3f:d9:79:dd:45:
                    b9:26:e3:bc:9a:cb:6e:9a:01:7f:09:6e:91:e6:46:
                    f8:fb:54:38:e6:99:ea:5d:11:fe:48:3c:5b:d5:9c:
                    de:6f:ba:a5:11:53:59:63:4a:11:61:6a:88:96:12:
                    70:d7:3c:24:1c:b4:70:f0:78:6b:2e:e1:97:5d:0a:
                    5d:1e:bc:8b:fd:c8:72:f1:54:d4:6c:f2:97:d8:40:
                    ec:c1:15:35:3d:5b:90:27:ad:f2:cd:19:5a:3f:9d:
                    b4:d5:25:b5:cd:98:0f:e0:9b:2e:b0:f5:f9:96:88:
                    a8:57:fd:1a:be:e6:e0:ee:e7:4d:bf:dc:e5:ff:58:
                    ec:ba:57:85:ac:0f:62:96:ea:18:ee:0d:a5:a1:3a:
                    b0:47:7d:ff:4c:0b:ba:c4:78:b5:20:78:53:e5:59:
                    a9:cf:46:a3:65:fc:9b:9d:2b:84:84:b4:cc:93:45:
                    d8:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:03:E2:97:A1:BA:05:3B:C8:EA:48:F3:9F:1E:D0:F4:8A:0B:17:47
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:cc:f0:ae:56:4f:81:d2:99:5b:ec:91:ff:18:6c:8a:27:9c:
         61:dc:f5:1d:0e:25:be:dd:5c:e5:38:8e:08:f8:be:d8:33:73:
         de:98:55:7e:a6:70:de:61:07:ca:ab:f9:f7:0f:c1:48:d8:c7:
         f4:cc:95:0a:e2:a3:ea:c1:67:21:64:f7:f0:0f:f9:23:eb:61:
         8a:cc:2b:27:2f:40:eb:de:e0:b3:19:47:bf:04:63:7c:ed:28:
         88:44:6f:1b:f7:02:e0:5f:41:6f:5e:4b:4c:be:06:b7:70:83:
         8d:fd:aa:93:88:0b:fa:8b:4f:3c:49:41:41:08:f5:33:63:bc:
         4e:cd:f2:94:aa:46:0a:12:1e:10:e7:c7:36:a5:62:d9:5a:c5:
         2a:26:21:2d:85:fa:c4:1b:1e:39:4c:4d:14:c8:03:48:84:34:
         ef:bc:c5:99:76:67:8c:eb:d2:ac:73:a4:35:fd:7c:20:cc:84:
         29:59:c8:26:42:4e:78:94:aa:4c:32:4d:0c:2b:a5:2c:50:70:
         ae:39:b2:f8:a9:3d:19:70:f1:ef:5d:da:ed:48:66:ae:4e:ce:
         c1:66:76:74:26:df:b1:c1:ae:7e:42:26:4f:bd:bb:a1:90:3d:
         d3:54:69:f9:0e:92:a4:0b:ea:bf:e2:4e:00:55:9b:f3:95:7f:
         76:b0:95:d4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUETLp/hM49AyYm0BTj9LG08f40fowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjcwODI5NDdaFw0yNzA0MjYwODM0NDdaMDMxMTAvBgNV
BAMTKDREMDNFMjk3QTFCQTA1M0JDOEVBNDhGMzlGMUVEMEY0OEEwQjE3NDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDm7w4de0nraM2yQv5I+0HawsD
/J43tGOlc+HDxtvL+pbWBIyGJrzJJAvybuByUfgzGur7hvKtJxC800i3RwB8QOyc
7lh5HHeH34a/p4XRKt5wvRE/2XndRbkm47yay26aAX8JbpHmRvj7VDjmmepdEf5I
PFvVnN5vuqURU1ljShFhaoiWEnDXPCQctHDweGsu4ZddCl0evIv9yHLxVNRs8pfY
QOzBFTU9W5AnrfLNGVo/nbTVJbXNmA/gmy6w9fmWiKhX/Rq+5uDu502/3OX/WOy6
V4WsD2KW6hjuDaWhOrBHff9MC7rEeLUgeFPlWanPRqNl/JudK4SEtMyTRdhdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUTQPil6G6BTvI6kjznx7Q9IoLF0cwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM0
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT5Ew
DQYJKoZIhvcNAQELBQADggEBAHjM8K5WT4HSmVvskf8YbIonnGHc9R0OJb7dXOU4
jgj4vtgzc96YVX6mcN5hB8qr+fcPwUjYx/TMlQrio+rBZyFk9/AP+SPrYYrMKycv
QOve4LMZR78EY3ztKIhEbxv3AuBfQW9eS0y+Brdwg439qpOIC/qLTzxJQUEI9TNj
vE7N8pSqRgoSHhDnxzalYtlaxSomIS2F+sQbHjlMTRTIA0iENO+8xZl2Z4zr0qxz
pDX9fCDMhClZyCZCTniUqkwyTQwrpSxQcK45svipPRlw8e9d2u1IZq5OzsFmdnQm
37HBrn5CJk+9u6GQPdNUafkOkqQL6r/iTgBVm/OVf3awldQ=
-----END CERTIFICATE-----