Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3234302e302f32302d3234203d3e2036303739.roa
File:                     3134352e37392e3234302e302f32302d3234203d3e2036303739.roa (raw, json)
Hash identifier:          Hj9T9gz9MEtQpCcKmKZPBjiEz37o3wkWgNbDEMLES4M=
Subject key identifier:   EE:A6:D1:91:E6:2D:EE:93:BA:AA:FD:D3:B8:2A:F0:FD:1E:E3:04:7E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4FB43C3713D78C84F3CDDC590390AFA720FD80B2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3234302e302f32302d3234203d3e2036303739.roa
Signing time:             Thu 30 Apr 2026 13:46:15 +0000
ROA not before:           Thu 30 Apr 2026 13:41:15 +0000
ROA not after:            Thu 29 Apr 2027 13:46:15 +0000
asID:                     6079
IP address blocks:        145.79.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:b4:3c:37:13:d7:8c:84:f3:cd:dc:59:03:90:af:a7:20:fd:80:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 30 13:41:15 2026 GMT
            Not After : Apr 29 13:46:15 2027 GMT
        Subject: CN=EEA6D191E62DEE93BAAAFDD3B82AF0FD1EE3047E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a9:1b:98:8b:57:bf:d6:5e:e8:a8:e2:7e:41:
                    3c:7f:99:77:7c:ea:5c:76:c6:b3:a2:b6:d9:95:34:
                    ca:69:90:d9:a0:4f:9d:f5:fb:78:77:9e:51:29:30:
                    6e:b6:a9:5b:eb:03:8a:bd:74:08:12:be:1b:69:a4:
                    58:6d:29:cb:57:e7:90:4d:80:01:3b:dc:c4:9a:cb:
                    f3:ab:45:c4:2a:75:7b:ba:3c:65:84:00:e0:48:16:
                    71:6d:28:b7:a7:13:1b:4d:1a:b2:09:69:8a:c5:60:
                    d5:96:a1:20:3e:49:4d:f9:d7:0c:a5:10:45:fd:e3:
                    3a:99:1a:0d:7a:84:5e:4d:72:ab:93:31:b5:f1:84:
                    c8:e4:54:73:31:e1:5b:13:ac:53:ec:c5:1a:cd:67:
                    fe:44:fe:00:34:4e:9e:7e:ed:73:db:bc:89:e4:06:
                    60:a3:dc:21:2f:1b:73:b8:b8:12:cc:18:bf:a9:60:
                    90:a8:8e:99:0e:2a:4b:1b:70:d2:69:e6:57:36:ef:
                    e5:c1:71:a3:be:42:e0:db:63:39:a7:b1:67:34:b0:
                    4d:ac:00:bb:3d:02:a1:ef:1e:08:4b:d2:d3:e6:4c:
                    1c:49:c9:66:07:72:28:2a:03:8f:05:cb:60:da:73:
                    c3:0d:f6:df:8a:c1:9b:16:10:e8:ef:37:34:85:ce:
                    c0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A6:D1:91:E6:2D:EE:93:BA:AA:FD:D3:B8:2A:F0:FD:1E:E3:04:7E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3234302e302f32302d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         61:d7:16:f5:86:79:4c:4f:e7:d2:2d:16:54:d3:17:bb:de:05:
         65:39:56:20:38:71:9f:69:05:50:b9:54:d0:97:c6:85:df:33:
         fc:17:20:1c:de:53:be:c8:ee:03:30:47:fd:c3:0e:88:ad:c8:
         1e:aa:54:42:35:d6:cf:a3:4f:cf:d4:2f:27:78:f2:29:e3:56:
         84:c6:d8:85:3c:fc:97:39:2f:42:23:92:03:e2:c8:25:c6:f6:
         36:3f:f1:d1:59:c3:f2:2d:75:40:7e:f1:a6:4f:06:af:f9:06:
         77:d2:63:bd:5f:d8:70:9a:16:31:69:e4:32:92:00:42:af:ca:
         6b:7a:6b:ca:64:80:cf:9b:1d:ee:e8:a9:c5:d5:6d:4f:64:f7:
         05:aa:06:64:e7:81:83:9d:6d:3f:8d:ce:c2:8b:a8:fa:28:48:
         c2:4a:18:4a:66:32:73:e9:06:30:58:b3:d9:b9:80:ba:c6:e0:
         b8:14:26:23:89:91:3c:2d:51:fd:58:ba:d4:67:ad:1f:b1:f0:
         e9:1c:db:6c:fe:81:c5:56:86:9a:0d:3a:be:4b:ad:a2:c6:56:
         07:25:1c:c3:86:7b:e0:78:e3:fe:48:dd:4f:84:9d:de:0f:fd:
         fd:b3:59:0b:f3:32:da:20:0b:f3:71:7a:5f:a6:bb:4e:86:5d:
         ce:98:41:0c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUT7Q8NxPXjITzzdxZA5CvpyD9gLIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MzAxMzQxMTVaFw0yNzA0MjkxMzQ2MTVaMDMxMTAvBgNV
BAMTKEVFQTZEMTkxRTYyREVFOTNCQUFBRkREM0I4MkFGMEZEMUVFMzA0N0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLqRuYi1e/1l7oqOJ+QTx/mXd8
6lx2xrOittmVNMppkNmgT531+3h3nlEpMG62qVvrA4q9dAgSvhtppFhtKctX55BN
gAE73MSay/OrRcQqdXu6PGWEAOBIFnFtKLenExtNGrIJaYrFYNWWoSA+SU351wyl
EEX94zqZGg16hF5NcquTMbXxhMjkVHMx4VsTrFPsxRrNZ/5E/gA0Tp5+7XPbvInk
BmCj3CEvG3O4uBLMGL+pYJCojpkOKksbcNJp5lc27+XBcaO+QuDbYzmnsWc0sE2s
ALs9AqHvHghL0tPmTBxJyWYHcigqA48Fy2Dac8MN9t+KwZsWEOjvNzSFzsBJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7qbRkeYt7pO6qv3TuCrw/R7jBH4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMjM0
MzAyZTMwMmYzMjMwMmQzMjM0MjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBJFP
8DANBgkqhkiG9w0BAQsFAAOCAQEAYdcW9YZ5TE/n0i0WVNMXu94FZTlWIDhxn2kF
ULlU0JfGhd8z/BcgHN5TvsjuAzBH/cMOiK3IHqpUQjXWz6NPz9QvJ3jyKeNWhMbY
hTz8lzkvQiOSA+LIJcb2Nj/x0VnD8i11QH7xpk8Gr/kGd9JjvV/YcJoWMWnkMpIA
Qq/Ka3prymSAz5sd7uipxdVtT2T3BaoGZOeBg51tP43Owouo+ihIwkoYSmYyc+kG
MFiz2bmAusbguBQmI4mRPC1R/Vi61GetH7Hw6RzbbP6BxVaGmg06vkutosZWByUc
w4Z74Hjj/kjdT4Sd3g/9/bNZC/My2iAL83F6X6a7ToZdzphBDA==
-----END CERTIFICATE-----