Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136382e302f32342d3234203d3e20383334.roa
File:                     3134352e37392e3136382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          JBv3rainM9MziVSNJXlFYFNtoKZmnji8IswaiSvYGxU=
Subject key identifier:   7B:1B:34:59:37:B6:E4:16:48:EE:27:E0:F2:A6:5E:49:4A:FE:AF:83
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3966DC15F5A5A694A0E6DEC623E6CBB3AAEA9DC0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136382e302f32342d3234203d3e20383334.roa
Signing time:             Sun 10 May 2026 09:34:47 +0000
ROA not before:           Sun 10 May 2026 09:29:47 +0000
ROA not after:            Sun 09 May 2027 09:34:47 +0000
asID:                     834
IP address blocks:        145.79.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:66:dc:15:f5:a5:a6:94:a0:e6:de:c6:23:e6:cb:b3:aa:ea:9d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 10 09:29:47 2026 GMT
            Not After : May  9 09:34:47 2027 GMT
        Subject: CN=7B1B345937B6E41648EE27E0F2A65E494AFEAF83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fb:d2:1a:39:2b:75:c2:ab:8b:a1:1d:2d:be:
                    93:7a:d6:97:dc:82:de:74:b3:6a:a0:51:66:dd:cd:
                    f1:b4:fa:2e:8c:96:39:f9:02:d9:6d:4c:a5:60:23:
                    2d:29:c9:98:8c:65:d9:84:36:89:d3:fc:be:60:25:
                    68:35:4f:42:65:9d:19:e6:66:8c:81:a3:ad:b7:c1:
                    66:d3:ce:b0:c1:f3:fa:d1:7a:30:50:50:75:0d:bc:
                    0b:a6:2f:93:d8:a3:bd:f0:69:05:89:42:cb:85:5a:
                    b7:8d:62:c4:42:86:ce:b3:d4:6d:87:22:00:c7:4d:
                    40:be:21:e7:af:3f:43:b3:e1:47:96:b3:52:8a:be:
                    87:42:21:30:1f:2a:26:9d:3c:94:77:c2:83:9c:48:
                    61:3c:c7:8f:b6:46:2b:a0:ac:6c:8f:02:a9:25:30:
                    55:c7:aa:4b:62:08:ff:03:21:04:c8:6e:63:1b:d0:
                    84:ba:f5:33:b3:4f:17:09:3c:d6:b7:32:ed:e5:08:
                    bd:70:d8:16:88:a0:75:57:9a:ce:7f:48:21:05:6d:
                    15:aa:74:70:e7:f8:ed:7d:8d:39:08:91:5b:22:06:
                    bc:a1:66:c2:e7:90:9c:c5:32:af:fe:77:68:02:be:
                    c9:a8:61:97:7e:15:60:e1:ed:12:83:74:fb:50:49:
                    0f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1B:34:59:37:B6:E4:16:48:EE:27:E0:F2:A6:5E:49:4A:FE:AF:83
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:49:07:8e:9d:47:4c:da:d8:8f:af:3e:1d:25:26:f1:75:04:
         e2:c8:9a:da:34:8b:00:01:29:13:37:8e:96:08:0d:92:a3:bc:
         cb:b5:24:db:02:43:76:2a:b2:57:9a:5d:0f:59:3b:57:b6:c2:
         55:6f:69:2e:99:95:da:d5:02:c6:d1:b1:1f:44:3c:30:4d:c8:
         b6:2d:5c:83:02:f7:0d:bb:de:5d:8b:c2:56:bc:54:10:41:26:
         d0:08:7e:94:f7:a9:64:06:cd:c2:02:68:45:62:9c:fa:2b:20:
         8f:80:e0:1c:df:7d:5c:25:c5:c0:56:e6:2e:06:ac:80:0c:04:
         ac:53:6a:1f:43:7c:b5:f1:0b:cd:ec:ad:14:43:e0:00:2b:cd:
         9f:13:3f:75:f9:f2:a9:89:49:70:b7:08:34:9f:ff:ce:2e:b3:
         2c:4a:1e:a0:99:43:c3:9a:0f:6d:3a:94:5c:4d:bf:d5:89:45:
         0f:f8:5a:c0:fe:ab:30:25:50:30:95:62:aa:20:ed:b0:71:82:
         ef:2a:9e:6f:c9:9e:5e:0b:d6:3e:4f:c3:5e:6d:79:ad:28:f8:
         82:b1:aa:22:89:c8:f7:42:5b:fa:74:5f:1c:ac:7f:53:e2:04:
         8e:32:02:9c:19:e4:66:93:b6:49:82:04:18:5e:60:95:0c:39:
         df:33:d6:07
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUOWbcFfWlppSg5t7GI+bLs6rqncAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MTAwOTI5NDdaFw0yNzA1MDkwOTM0NDdaMDMxMTAvBgNV
BAMTKDdCMUIzNDU5MzdCNkU0MTY0OEVFMjdFMEYyQTY1RTQ5NEFGRUFGODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA+9IaOSt1wquLoR0tvpN61pfc
gt50s2qgUWbdzfG0+i6Mljn5AtltTKVgIy0pyZiMZdmENonT/L5gJWg1T0JlnRnm
ZoyBo623wWbTzrDB8/rRejBQUHUNvAumL5PYo73waQWJQsuFWreNYsRChs6z1G2H
IgDHTUC+IeevP0Oz4UeWs1KKvodCITAfKiadPJR3woOcSGE8x4+2RiugrGyPAqkl
MFXHqktiCP8DIQTIbmMb0IS69TOzTxcJPNa3Mu3lCL1w2BaIoHVXms5/SCEFbRWq
dHDn+O19jTkIkVsiBryhZsLnkJzFMq/+d2gCvsmoYZd+FWDh7RKDdPtQSQ+zAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUexs0WTe25BZI7ifg8qZeSUr+r4MwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM2
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT6gw
DQYJKoZIhvcNAQELBQADggEBAHlJB46dR0za2I+vPh0lJvF1BOLImto0iwABKRM3
jpYIDZKjvMu1JNsCQ3YqsleaXQ9ZO1e2wlVvaS6ZldrVAsbRsR9EPDBNyLYtXIMC
9w273l2Lwla8VBBBJtAIfpT3qWQGzcICaEVinPorII+A4BzffVwlxcBW5i4GrIAM
BKxTah9DfLXxC83srRRD4AArzZ8TP3X58qmJSXC3CDSf/84usyxKHqCZQ8OaD206
lFxNv9WJRQ/4WsD+qzAlUDCVYqog7bBxgu8qnm/Jnl4L1j5Pw15tea0o+IKxqiKJ
yPdCW/p0Xxysf1PiBI4yApwZ5GaTtkmCBBheYJUMOd8z1gc=
-----END CERTIFICATE-----