Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e34302e302f32342d3234203d3e203438323636.roa
File:                     3134352e37392e34302e302f32342d3234203d3e203438323636.roa (raw, json)
Hash identifier:          FX84RRju+CgJBrFqmhvvQaAg2SaR//ygdNB56jw4D0Y=
Subject key identifier:   A0:2F:85:D6:68:55:69:64:12:87:D3:62:45:02:AE:4D:96:69:CE:BA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       17D3ED1EA19535CC0715A898F6B3705BF68FE87C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e34302e302f32342d3234203d3e203438323636.roa
Signing time:             Tue 24 Mar 2026 14:33:55 +0000
ROA not before:           Tue 24 Mar 2026 14:28:55 +0000
ROA not after:            Tue 23 Mar 2027 14:33:55 +0000
asID:                     48266
IP address blocks:        145.79.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:d3:ed:1e:a1:95:35:cc:07:15:a8:98:f6:b3:70:5b:f6:8f:e8:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 24 14:28:55 2026 GMT
            Not After : Mar 23 14:33:55 2027 GMT
        Subject: CN=A02F85D6685569641287D3624502AE4D9669CEBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:43:07:a4:fb:61:dc:3e:66:04:5c:eb:61:8d:
                    c8:eb:ce:1f:c0:5b:33:bd:ed:02:f0:d4:2b:02:f9:
                    e4:dc:7f:5e:f4:59:2a:b1:f4:bf:b9:4f:1d:3a:bf:
                    bc:20:01:1c:f7:6a:d7:68:10:d9:85:be:9e:11:f2:
                    33:1e:cf:3a:36:18:90:1e:96:b8:67:76:a2:80:7a:
                    fa:67:4b:8d:fe:02:d1:a5:ed:25:55:9b:19:d9:65:
                    d9:a8:66:1e:86:1d:d2:c4:f3:31:d4:06:0a:49:a3:
                    c1:0b:5e:9a:98:27:f9:e5:98:e0:5b:ef:49:7f:a4:
                    79:97:63:c1:7f:65:25:e4:19:26:31:d6:b7:09:4c:
                    22:a0:ec:5d:2f:3d:62:b9:bd:0f:ae:3c:fc:22:d2:
                    1e:a5:a2:65:af:41:c4:8c:d7:ab:b3:e9:f8:d0:fb:
                    e5:a5:28:6b:dd:31:e2:7c:d8:8e:3d:79:17:b1:e9:
                    e4:c5:2f:96:dd:34:da:8e:c3:ef:3b:10:74:5a:72:
                    f5:48:53:dd:39:c6:5a:57:de:44:f4:a7:4a:74:c6:
                    30:26:f4:ba:c6:5c:50:94:19:33:28:c6:e2:40:b5:
                    f5:46:5b:6d:70:14:b3:e0:c5:c0:3b:30:b1:e1:df:
                    05:5c:12:88:7b:53:df:33:23:00:f4:ab:0d:00:f5:
                    4c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2F:85:D6:68:55:69:64:12:87:D3:62:45:02:AE:4D:96:69:CE:BA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e34302e302f32342d3234203d3e203438323636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:88:f1:cf:11:6e:cf:f9:41:54:af:d4:06:df:7c:9b:63:68:
         55:14:75:c8:ea:31:f7:02:09:00:c4:aa:d7:26:82:49:f9:26:
         15:4f:8b:3f:bf:0b:9e:b9:36:f9:49:aa:c3:de:23:28:37:20:
         67:86:99:b5:6f:46:d3:dc:43:dd:00:cb:1f:c8:f9:5a:f0:f6:
         2b:d8:e8:11:bb:a2:30:c3:23:f8:1f:1c:c7:cf:8f:4e:8d:eb:
         d9:41:66:3b:31:86:24:ca:ef:bb:5e:d4:45:6b:d5:aa:f6:18:
         46:09:cc:91:63:05:cf:bb:76:1f:eb:bf:90:1b:a2:44:d4:5f:
         da:71:d9:36:3e:ad:3d:22:f8:ff:e9:fb:22:0c:87:f9:d4:4c:
         e2:b4:2f:c8:2f:1f:a3:d2:e7:17:4f:e9:84:68:4c:83:60:28:
         33:6d:2e:f0:a2:05:1e:19:f7:66:96:94:11:dd:f6:86:dd:15:
         cb:9c:8b:47:c2:54:18:15:c0:76:5f:f4:ef:79:f9:93:9e:43:
         9f:f2:8e:c5:b6:8e:a0:44:31:f4:51:fd:f3:63:85:3d:9e:64:
         3f:db:e0:97:43:67:7e:0a:40:58:82:c8:d4:2a:b1:bb:e5:b6:
         16:ec:3c:a2:75:01:3c:41:05:30:38:cb:80:44:15:0e:53:9d:
         98:71:5d:f9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUF9PtHqGVNcwHFaiY9rNwW/aP6HwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMjQxNDI4NTVaFw0yNzAzMjMxNDMzNTVaMDMxMTAvBgNV
BAMTKEEwMkY4NUQ2Njg1NTY5NjQxMjg3RDM2MjQ1MDJBRTREOTY2OUNFQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Qwek+2HcPmYEXOthjcjrzh/A
WzO97QLw1CsC+eTcf170WSqx9L+5Tx06v7wgARz3atdoENmFvp4R8jMezzo2GJAe
lrhndqKAevpnS43+AtGl7SVVmxnZZdmoZh6GHdLE8zHUBgpJo8ELXpqYJ/nlmOBb
70l/pHmXY8F/ZSXkGSYx1rcJTCKg7F0vPWK5vQ+uPPwi0h6lomWvQcSM16uz6fjQ
++WlKGvdMeJ82I49eRex6eTFL5bdNNqOw+87EHRacvVIU905xlpX3kT0p0p0xjAm
9LrGXFCUGTMoxuJAtfVGW21wFLPgxcA7MLHh3wVcEoh7U98zIwD0qw0A9UwtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUoC+F1mhVaWQSh9NiRQKuTZZpzrowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNDMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzODMyMzYzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
KDANBgkqhkiG9w0BAQsFAAOCAQEAH4jxzxFuz/lBVK/UBt98m2NoVRR1yOox9wIJ
AMSq1yaCSfkmFU+LP78Lnrk2+Umqw94jKDcgZ4aZtW9G09xD3QDLH8j5WvD2K9jo
EbuiMMMj+B8cx8+PTo3r2UFmOzGGJMrvu17URWvVqvYYRgnMkWMFz7t2H+u/kBui
RNRf2nHZNj6tPSL4/+n7IgyH+dRM4rQvyC8fo9LnF0/phGhMg2AoM20u8KIFHhn3
ZpaUEd32ht0Vy5yLR8JUGBXAdl/073n5k55Dn/KOxbaOoEQx9FH982OFPZ5kP9vg
l0NnfgpAWILI1Cqxu+W2Fuw8onUBPEEFMDjLgEQVDlOdmHFd+Q==
-----END CERTIFICATE-----