Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36382e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e36382e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          Rgm9iuIuqsA0IWTrVlijMBU8tTJ1LKXE8a54m1ffwqs=
Subject key identifier:   E9:62:D1:57:B6:EB:C9:27:25:AE:42:44:5A:7B:F9:7C:DA:FB:42:F7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       71BD24B7288AE7336B3A7C8858F8617EA3013BBA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36382e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 21 Apr 2026 10:59:05 +0000
ROA not before:           Tue 21 Apr 2026 10:54:05 +0000
ROA not after:            Tue 20 Apr 2027 10:59:05 +0000
asID:                     2914
IP address blocks:        145.79.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:bd:24:b7:28:8a:e7:33:6b:3a:7c:88:58:f8:61:7e:a3:01:3b:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 21 10:54:05 2026 GMT
            Not After : Apr 20 10:59:05 2027 GMT
        Subject: CN=E962D157B6EBC92725AE42445A7BF97CDAFB42F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f2:35:1f:26:04:2d:af:72:84:f1:3b:d1:63:
                    00:c8:1b:b6:fb:0b:23:de:19:54:c1:31:86:bc:b1:
                    7d:5f:27:01:c9:b1:36:a4:41:55:04:db:8d:16:82:
                    c3:74:9d:ad:07:1b:ff:da:db:46:b8:d7:aa:2a:5d:
                    1a:cd:99:5a:f3:13:b5:e1:73:35:df:73:16:8d:d9:
                    b7:f2:f9:d0:d3:34:25:d9:83:51:75:69:31:0f:ed:
                    75:4a:16:f3:8d:af:12:79:99:79:4b:ca:8f:0a:38:
                    fe:f2:23:67:60:3f:48:56:05:95:24:f4:cc:12:5c:
                    a1:0e:0f:74:bf:f1:9d:95:a2:18:bb:6d:d9:88:54:
                    e5:96:c9:26:3d:9b:f7:75:77:1d:50:98:1b:19:fc:
                    6c:01:08:32:0f:19:58:af:92:7a:fe:03:af:f2:fc:
                    37:b4:6c:8c:f2:d7:68:3c:05:bb:28:a0:28:5c:0b:
                    ec:02:e0:8f:70:1b:f2:f8:18:45:44:29:71:66:c0:
                    a1:ff:bd:f4:d0:de:98:4d:06:45:03:75:59:0f:f4:
                    40:b1:24:7a:8a:04:97:a3:55:3f:99:96:5c:73:89:
                    30:90:32:55:e7:8d:b8:d3:70:df:25:e2:55:0f:54:
                    92:cb:c8:0f:01:3f:ad:26:e0:90:03:e9:da:80:6b:
                    b3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:62:D1:57:B6:EB:C9:27:25:AE:42:44:5A:7B:F9:7C:DA:FB:42:F7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36382e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:3c:2c:76:c1:50:87:37:1f:17:3f:2f:96:7a:f1:5a:33:79:
         a8:63:2b:63:60:88:af:bf:f5:19:16:64:e1:d1:15:eb:cc:d5:
         76:ad:a2:25:d8:c6:c0:70:bc:e3:5a:8f:00:66:4b:63:bd:d1:
         e7:29:42:4d:c4:37:1c:11:8a:d7:c4:78:10:4a:c3:7a:25:77:
         6c:e6:59:56:1f:bc:50:9b:34:8b:41:90:7a:7a:88:78:7e:72:
         82:b6:76:31:42:9c:fa:43:e9:99:3c:69:a6:71:e1:49:5d:8a:
         6d:6e:46:4e:05:3e:6c:e1:c2:b2:e9:8f:f1:b3:2f:71:f4:7f:
         39:e8:73:68:0c:19:ed:f0:6e:3f:4e:96:5f:e0:be:33:78:b0:
         e7:69:c1:2f:5f:69:d8:eb:15:10:f1:49:98:2f:40:e2:e9:b7:
         89:18:14:61:87:80:0c:b1:44:3d:02:4f:a1:4a:24:4e:52:68:
         df:57:12:2f:34:3b:96:1b:d9:fd:8a:23:df:89:d0:58:2e:71:
         40:92:cd:94:d2:f9:ab:27:59:53:db:44:52:09:0f:7f:f0:35:
         82:78:d3:dc:ab:53:e3:70:a7:59:ff:5f:50:e4:9f:20:dd:c1:
         0f:10:e4:55:9c:44:2c:63:98:4a:3d:7d:c4:3f:24:a8:e1:c0:
         1d:99:72:1b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcb0ktyiK5zNrOnyIWPhhfqMBO7owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjExMDU0MDVaFw0yNzA0MjAxMDU5MDVaMDMxMTAvBgNV
BAMTKEU5NjJEMTU3QjZFQkM5MjcyNUFFNDI0NDVBN0JGOTdDREFGQjQyRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj8jUfJgQtr3KE8TvRYwDIG7b7
CyPeGVTBMYa8sX1fJwHJsTakQVUE240WgsN0na0HG//a20a416oqXRrNmVrzE7Xh
czXfcxaN2bfy+dDTNCXZg1F1aTEP7XVKFvONrxJ5mXlLyo8KOP7yI2dgP0hWBZUk
9MwSXKEOD3S/8Z2Vohi7bdmIVOWWySY9m/d1dx1QmBsZ/GwBCDIPGVivknr+A6/y
/De0bIzy12g8BbsooChcC+wC4I9wG/L4GEVEKXFmwKH/vfTQ3phNBkUDdVkP9ECx
JHqKBJejVT+ZllxziTCQMlXnjbjTcN8l4lUPVJLLyA8BP60m4JAD6dqAa7PFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU6WLRV7brySclrkJEWnv5fNr7QvcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT0Qw
DQYJKoZIhvcNAQELBQADggEBAE48LHbBUIc3Hxc/L5Z68VozeahjK2NgiK+/9RkW
ZOHRFevM1XatoiXYxsBwvONajwBmS2O90ecpQk3ENxwRitfEeBBKw3old2zmWVYf
vFCbNItBkHp6iHh+coK2djFCnPpD6Zk8aaZx4Uldim1uRk4FPmzhwrLpj/GzL3H0
fznoc2gMGe3wbj9Oll/gvjN4sOdpwS9fadjrFRDxSZgvQOLpt4kYFGGHgAyxRD0C
T6FKJE5SaN9XEi80O5Yb2f2KI9+J0FgucUCSzZTS+asnWVPbRFIJD3/wNYJ409yr
U+Nwp1n/X1DknyDdwQ8Q5FWcRCxjmEo9fcQ/JKjhwB2Zchs=
-----END CERTIFICATE-----