Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2039333034.roa
File:                     3134352e37392e3137322e302f32322d3234203d3e2039333034.roa (raw, json)
Hash identifier:          906OZOlz24lgh+toKIYYj0QamiCZiy3RtKGaNhKD5ps=
Subject key identifier:   E6:E3:5F:7A:9A:11:B4:FD:46:F2:A7:B8:1D:8A:92:66:DD:81:FA:D2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       70F82A0AEA460B102C24BFD3BC3137528BB5AE06
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2039333034.roa
Signing time:             Tue 05 May 2026 20:24:02 +0000
ROA not before:           Tue 05 May 2026 20:19:02 +0000
ROA not after:            Tue 04 May 2027 20:24:02 +0000
asID:                     9304
IP address blocks:        145.79.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:f8:2a:0a:ea:46:0b:10:2c:24:bf:d3:bc:31:37:52:8b:b5:ae:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May  5 20:19:02 2026 GMT
            Not After : May  4 20:24:02 2027 GMT
        Subject: CN=E6E35F7A9A11B4FD46F2A7B81D8A9266DD81FAD2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:62:f2:7e:c6:f4:b3:26:56:4b:0c:aa:de:b2:
                    d5:3d:46:16:34:78:a8:08:8b:a2:92:8f:e8:3c:5b:
                    9c:7c:24:f5:53:c4:6b:b0:c7:19:ba:e3:36:c6:b0:
                    66:81:e3:f3:5a:ef:19:ef:4a:c4:6a:07:ab:fc:1c:
                    94:11:40:e1:7b:87:a8:e2:07:2c:31:b5:b7:6d:e1:
                    56:15:05:48:90:8c:95:4d:d3:ab:24:ab:84:2c:8f:
                    4e:35:53:2f:1e:3b:a9:08:9d:dd:8b:89:88:63:35:
                    29:76:35:f5:99:84:7a:27:b1:2b:a2:21:08:4a:91:
                    fc:fb:66:8c:82:09:05:79:4f:82:ad:7b:16:c3:c8:
                    1d:58:8c:92:5e:f7:72:5e:ac:19:b0:cf:ae:d9:80:
                    2e:08:1f:00:ab:5b:8c:d6:9a:28:b9:0a:ed:75:fc:
                    c2:01:77:88:19:a0:34:58:3b:3a:a6:1b:d3:bd:0e:
                    f2:e9:a9:50:b4:56:b2:1e:5b:8f:dd:fc:5e:1a:36:
                    34:08:73:0e:4f:4e:71:e1:6f:fa:2b:bf:a8:1f:9f:
                    dc:e3:59:63:67:32:a2:88:3e:8c:07:e8:92:f1:b4:
                    50:c6:7e:30:f1:96:3b:5c:af:8e:b7:09:7c:33:c5:
                    f5:ce:a0:2c:01:bf:1c:44:1b:24:3b:67:b7:7d:a2:
                    ed:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:E3:5F:7A:9A:11:B4:FD:46:F2:A7:B8:1D:8A:92:66:DD:81:FA:D2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:29:00:3a:34:e9:94:f3:9a:ef:62:ad:ed:1f:a7:94:e4:c5:
         29:77:07:46:1c:18:52:e7:52:01:2c:71:b3:cd:66:8f:93:56:
         76:26:0b:f4:1e:f0:cd:be:78:89:4a:59:8d:b0:8c:60:c0:cc:
         0d:b9:ca:24:23:22:49:06:41:bc:d4:35:9c:49:8d:54:93:43:
         b6:38:5f:97:73:a7:c8:12:d6:89:1e:d4:0d:a3:cd:53:3a:11:
         45:30:67:a8:e5:1d:72:90:a2:cf:e8:a0:c3:02:7f:ea:58:95:
         8f:07:4d:f1:39:a2:a6:9a:24:bf:a8:35:4a:22:64:58:da:3c:
         9c:26:5a:d3:db:c2:c1:e2:04:b6:0a:db:1b:8c:90:08:62:93:
         fd:2d:ce:6a:4d:44:c6:aa:69:28:62:44:13:ef:32:d9:f9:59:
         fc:a6:b8:d7:04:e1:4a:13:89:52:61:16:c3:ef:18:94:c8:77:
         64:6f:93:e5:d5:8d:59:7b:df:29:c0:1c:37:87:f5:73:0e:b8:
         1f:9a:8b:af:64:ae:86:33:71:9d:5f:fe:2a:73:57:89:b6:f5:
         15:23:21:5a:09:78:32:72:30:b4:e8:8c:cb:48:eb:b0:5f:77:
         b3:18:36:da:fd:5a:f8:9d:85:fa:0c:34:6f:01:d2:dc:7b:00:
         23:65:33:7e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcPgqCupGCxAsJL/TvDE3Uou1rgYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MDUyMDE5MDJaFw0yNzA1MDQyMDI0MDJaMDMxMTAvBgNV
BAMTKEU2RTM1RjdBOUExMUI0RkQ0NkYyQTdCODFEOEE5MjY2REQ4MUZBRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVYvJ+xvSzJlZLDKrestU9RhY0
eKgIi6KSj+g8W5x8JPVTxGuwxxm64zbGsGaB4/Na7xnvSsRqB6v8HJQRQOF7h6ji
Bywxtbdt4VYVBUiQjJVN06skq4Qsj041Uy8eO6kInd2LiYhjNSl2NfWZhHonsSui
IQhKkfz7ZoyCCQV5T4KtexbDyB1YjJJe93JerBmwz67ZgC4IHwCrW4zWmii5Cu11
/MIBd4gZoDRYOzqmG9O9DvLpqVC0VrIeW4/d/F4aNjQIcw5PTnHhb/orv6gfn9zj
WWNnMqKIPowH6JLxtFDGfjDxljtcr463CXwzxfXOoCwBvxxEGyQ7Z7d9ou25AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5uNfepoRtP1G8qe4HYqSZt2B+tIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM3
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApFP
rDANBgkqhkiG9w0BAQsFAAOCAQEAMSkAOjTplPOa72Kt7R+nlOTFKXcHRhwYUudS
ASxxs81mj5NWdiYL9B7wzb54iUpZjbCMYMDMDbnKJCMiSQZBvNQ1nEmNVJNDtjhf
l3OnyBLWiR7UDaPNUzoRRTBnqOUdcpCiz+igwwJ/6liVjwdN8Tmippokv6g1SiJk
WNo8nCZa09vCweIEtgrbG4yQCGKT/S3Oak1ExqppKGJEE+8y2flZ/Ka41wThShOJ
UmEWw+8YlMh3ZG+T5dWNWXvfKcAcN4f1cw64H5qLr2SuhjNxnV/+KnNXibb1FSMh
Wgl4MnIwtOiMy0jrsF93sxg22v1a+J2F+gw0bwHS3HsAI2Uzfg==
-----END CERTIFICATE-----