Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135362e302f32322d3234203d3e2035363530.roa
File:                     3134352e37392e3135362e302f32322d3234203d3e2035363530.roa (raw, json)
Hash identifier:          lhUI12xeeAZMJ6jdFOtl80+COj2MuxlFYen2RlkRsvo=
Subject key identifier:   C0:C1:C6:9D:4E:31:42:3F:C1:A2:04:76:26:B4:C6:76:5B:4A:EB:41
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5113AC6D22B9EE7BCA3D834B52DBE6AABF10E056
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135362e302f32322d3234203d3e2035363530.roa
Signing time:             Wed 29 Apr 2026 11:23:57 +0000
ROA not before:           Wed 29 Apr 2026 11:18:57 +0000
ROA not after:            Wed 28 Apr 2027 11:23:57 +0000
asID:                     5650
IP address blocks:        145.79.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:13:ac:6d:22:b9:ee:7b:ca:3d:83:4b:52:db:e6:aa:bf:10:e0:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 29 11:18:57 2026 GMT
            Not After : Apr 28 11:23:57 2027 GMT
        Subject: CN=C0C1C69D4E31423FC1A2047626B4C6765B4AEB41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:36:51:5e:87:c0:00:e7:b7:d3:75:cb:c8:36:
                    39:03:d8:91:6a:5f:1a:f3:df:db:42:79:6c:e2:02:
                    a9:6e:18:64:4d:aa:b2:c2:51:42:e9:5c:e9:11:5f:
                    6c:e8:b2:57:7f:12:47:b2:0b:d5:bb:7e:96:af:88:
                    ff:1f:09:11:b6:b6:24:ee:da:50:bd:0c:63:7e:33:
                    26:6b:e1:32:19:34:2e:68:7b:df:e6:57:a8:7b:b8:
                    1f:75:0c:15:3c:46:6d:d1:95:33:88:4b:df:53:e6:
                    f2:bd:bb:62:23:1b:18:8f:84:bd:f8:dd:96:24:31:
                    27:a4:2e:b8:35:72:c2:47:78:41:fc:7e:85:f6:f4:
                    85:42:cf:92:e0:9f:78:a4:8f:f3:b8:04:b7:a9:7a:
                    3e:a2:99:11:84:62:68:56:d1:e5:7a:9d:57:14:3f:
                    4a:ea:36:69:76:21:5b:40:4a:d7:11:7a:2c:07:53:
                    c6:d5:ee:6f:d0:96:05:54:eb:a3:fb:b5:15:a1:a8:
                    99:cb:ec:f6:ff:3b:7b:70:51:0c:98:de:1d:52:72:
                    3e:f3:69:ba:8e:88:57:3c:de:99:99:7d:b6:68:c6:
                    5d:70:cb:f8:05:a0:21:74:a0:71:e0:69:11:dd:bc:
                    71:d4:d6:ec:77:89:6a:7d:c7:be:5c:e7:24:6c:02:
                    41:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C1:C6:9D:4E:31:42:3F:C1:A2:04:76:26:B4:C6:76:5B:4A:EB:41
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135362e302f32322d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:98:cd:52:a2:b2:1e:43:3e:f7:af:53:67:ed:ee:9e:d1:a8:
         8c:74:08:47:5b:a2:20:76:fc:79:fa:38:60:ee:25:18:d8:a2:
         43:3d:d3:10:b3:a8:4a:27:8c:7b:88:41:b6:ae:4e:ba:b9:25:
         d3:59:92:fe:8a:82:d6:2e:33:9f:c3:d8:ff:17:ed:fe:e1:da:
         8c:86:e6:85:02:45:8e:81:1b:d6:db:fb:7d:b4:ae:0e:de:93:
         19:72:eb:96:4e:fe:a0:31:02:e7:02:0d:32:4a:f8:8c:c1:dd:
         5d:44:91:aa:54:65:15:39:02:27:15:8c:e5:46:38:09:79:7a:
         53:18:04:01:e1:61:37:17:b8:5d:cd:24:c7:57:b1:47:0d:ee:
         14:60:88:5e:de:32:8c:ae:4c:58:35:09:dd:68:00:45:9c:9b:
         bf:0a:33:2b:3c:94:89:86:cb:72:8e:ae:e1:4b:08:3d:51:f3:
         50:22:31:24:21:97:12:8d:04:47:8d:b5:62:05:a8:67:22:32:
         2b:51:bb:df:0b:dd:6c:a1:60:54:2f:88:cd:8d:7f:6e:df:72:
         d7:2a:2b:03:13:2a:10:5a:84:5f:c5:b3:f6:e2:22:c8:61:11:
         eb:66:4b:ad:fb:db:3f:a5:a0:63:25:29:56:4f:ca:21:6d:17:
         f8:bd:8c:4d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUROsbSK57nvKPYNLUtvmqr8Q4FYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjkxMTE4NTdaFw0yNzA0MjgxMTIzNTdaMDMxMTAvBgNV
BAMTKEMwQzFDNjlENEUzMTQyM0ZDMUEyMDQ3NjI2QjRDNjc2NUI0QUVCNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8NlFeh8AA57fTdcvINjkD2JFq
Xxrz39tCeWziAqluGGRNqrLCUULpXOkRX2zosld/EkeyC9W7fpaviP8fCRG2tiTu
2lC9DGN+MyZr4TIZNC5oe9/mV6h7uB91DBU8Rm3RlTOIS99T5vK9u2IjGxiPhL34
3ZYkMSekLrg1csJHeEH8foX29IVCz5Lgn3ikj/O4BLepej6imRGEYmhW0eV6nVcU
P0rqNml2IVtAStcReiwHU8bV7m/QlgVU66P7tRWhqJnL7Pb/O3twUQyY3h1Scj7z
abqOiFc83pmZfbZoxl1wy/gFoCF0oHHgaRHdvHHU1ux3iWp9x75c5yRsAkGBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwMHGnU4xQj/BogR2JrTGdltK60EwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM1
MzYyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApFP
nDANBgkqhkiG9w0BAQsFAAOCAQEAiZjNUqKyHkM+969TZ+3untGojHQIR1uiIHb8
efo4YO4lGNiiQz3TELOoSieMe4hBtq5Ourkl01mS/oqC1i4zn8PY/xft/uHajIbm
hQJFjoEb1tv7fbSuDt6TGXLrlk7+oDEC5wINMkr4jMHdXUSRqlRlFTkCJxWM5UY4
CXl6UxgEAeFhNxe4Xc0kx1exRw3uFGCIXt4yjK5MWDUJ3WgARZybvwozKzyUiYbL
co6u4UsIPVHzUCIxJCGXEo0ER421YgWoZyIyK1G73wvdbKFgVC+IzY1/bt9y1yor
AxMqEFqEX8Wz9uIiyGER62ZLrfvbP6WgYyUpVk/KIW0X+L2MTQ==
-----END CERTIFICATE-----