Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e32342e302f32312d3234203d3e203437353833.roa
File:                     3134352e37392e32342e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          OpcIDiSNSNy7nWDMDiq4mFlv9ottVvBAQpuzN84fBPk=
Subject key identifier:   5A:1B:97:F6:E9:10:B1:76:35:3D:A1:D6:9F:DE:AC:E3:DB:9D:B3:12
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3F4CBA36584A7793BC01ED8F8BE3EE443E6C2802
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e32342e302f32312d3234203d3e203437353833.roa
Signing time:             Thu 12 Mar 2026 10:23:24 +0000
ROA not before:           Thu 12 Mar 2026 10:18:24 +0000
ROA not after:            Thu 11 Mar 2027 10:23:24 +0000
asID:                     47583
IP address blocks:        145.79.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:21:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:4c:ba:36:58:4a:77:93:bc:01:ed:8f:8b:e3:ee:44:3e:6c:28:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 12 10:18:24 2026 GMT
            Not After : Mar 11 10:23:24 2027 GMT
        Subject: CN=5A1B97F6E910B176353DA1D69FDEACE3DB9DB312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:02:6d:3c:be:15:94:a9:ba:f5:5e:b1:83:bb:
                    4f:32:a2:8f:91:62:92:a9:d7:ce:80:db:64:b9:ff:
                    19:a0:8e:45:34:b0:b6:69:34:66:fc:ad:3b:6d:b4:
                    59:b9:ac:8e:29:0a:2b:33:d6:d6:8b:7e:d5:1d:7e:
                    93:0a:71:0d:cf:9d:c4:9d:3a:db:0a:74:8f:22:1d:
                    c2:d5:b3:de:ea:72:fb:8f:d9:34:05:84:21:e6:da:
                    02:0e:5a:4c:99:a3:3b:39:9b:aa:90:07:00:9d:2f:
                    3f:88:b8:71:e9:ee:22:61:59:49:ea:af:d3:6f:29:
                    f0:06:1b:95:71:2f:be:6b:03:2f:21:29:0f:97:41:
                    80:aa:09:f8:fd:63:f1:c0:c4:19:0a:cb:f6:81:bb:
                    69:a8:f7:57:eb:e7:f3:9c:6f:f9:ca:63:43:7f:38:
                    30:3f:a2:05:41:d6:8c:8d:55:69:02:66:9b:d9:fe:
                    78:f5:11:87:a4:97:45:47:0e:f8:cd:e2:1f:16:22:
                    9c:57:56:70:9f:30:15:e5:25:d2:eb:c5:43:1c:6a:
                    88:c2:d6:f4:41:72:e2:11:a6:59:5b:33:71:a9:42:
                    32:e7:75:9d:6f:7f:b3:5b:29:c0:c6:f3:b7:1a:96:
                    b3:54:68:d7:70:2b:93:5e:12:f5:ea:47:82:b8:af:
                    e9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:1B:97:F6:E9:10:B1:76:35:3D:A1:D6:9F:DE:AC:E3:DB:9D:B3:12
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e32342e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:8e:67:cc:9b:cc:2d:59:57:1c:a8:21:4b:c2:2f:73:f4:ef:
         f8:15:25:73:c6:fb:6a:af:51:1e:bf:73:91:96:7e:a7:c2:36:
         69:ba:75:2b:44:94:63:84:61:c8:41:18:9c:02:ec:eb:11:38:
         77:4f:0c:dc:71:d7:d7:2a:32:f1:ec:dd:df:cc:d3:09:d9:34:
         b4:9c:5b:fb:22:07:84:1f:ee:be:a2:ce:2d:4d:51:d9:ae:b0:
         1e:37:59:14:ee:ac:61:50:50:cb:97:98:31:e5:9f:01:4d:55:
         56:82:fd:3c:ff:f1:57:76:33:fc:b0:e4:23:88:e2:cf:a1:d1:
         3b:a2:d3:50:d2:16:d1:95:74:9a:29:bc:5e:9e:dc:7d:de:14:
         3f:ff:9c:d6:e4:26:7e:d9:14:1d:cd:34:01:cd:ee:f6:ae:99:
         52:3d:37:ac:f9:6c:4a:8c:67:21:f9:fc:cb:c2:4a:e6:11:4b:
         fd:29:1c:f2:87:25:dc:bb:09:58:69:b6:97:93:18:0e:2a:1d:
         aa:cb:20:5b:6b:37:28:70:09:c9:32:75:a8:69:bd:93:7f:33:
         d1:da:27:ea:26:af:50:a9:ac:26:ff:f2:40:c1:df:a4:79:21:
         ab:e3:de:5e:cb:28:ad:51:b9:d3:d7:ba:26:57:7b:b5:13:75:
         88:5f:08:ab
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP0y6NlhKd5O8Ae2Pi+PuRD5sKAIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMTIxMDE4MjRaFw0yNzAzMTExMDIzMjRaMDMxMTAvBgNV
BAMTKDVBMUI5N0Y2RTkxMEIxNzYzNTNEQTFENjlGREVBQ0UzREI5REIzMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTAm08vhWUqbr1XrGDu08yoo+R
YpKp186A22S5/xmgjkU0sLZpNGb8rTtttFm5rI4pCisz1taLftUdfpMKcQ3PncSd
OtsKdI8iHcLVs97qcvuP2TQFhCHm2gIOWkyZozs5m6qQBwCdLz+IuHHp7iJhWUnq
r9NvKfAGG5VxL75rAy8hKQ+XQYCqCfj9Y/HAxBkKy/aBu2mo91fr5/Ocb/nKY0N/
ODA/ogVB1oyNVWkCZpvZ/nj1EYekl0VHDvjN4h8WIpxXVnCfMBXlJdLrxUMcaojC
1vRBcuIRpllbM3GpQjLndZ1vf7NbKcDG87calrNUaNdwK5NeEvXqR4K4r+ldAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWhuX9ukQsXY1PaHWn96s49udsxIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMjM0
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA5FP
GDANBgkqhkiG9w0BAQsFAAOCAQEAKY5nzJvMLVlXHKghS8Ivc/Tv+BUlc8b7aq9R
Hr9zkZZ+p8I2abp1K0SUY4RhyEEYnALs6xE4d08M3HHX1yoy8ezd38zTCdk0tJxb
+yIHhB/uvqLOLU1R2a6wHjdZFO6sYVBQy5eYMeWfAU1VVoL9PP/xV3Yz/LDkI4ji
z6HRO6LTUNIW0ZV0mim8Xp7cfd4UP/+c1uQmftkUHc00Ac3u9q6ZUj03rPlsSoxn
Ifn8y8JK5hFL/Skc8ocl3LsJWGm2l5MYDiodqssgW2s3KHAJyTJ1qGm9k38z0don
6iavUKmsJv/yQMHfpHkhq+PeXssorVG509e6Jld7tRN1iF8Iqw==
-----END CERTIFICATE-----