Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36392e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e36392e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          AeiOugvFqxOlHHvhaBJ2+pnnEH8P0pK4lAK40mxdohI=
Subject key identifier:   4B:F4:0B:5C:7F:C3:DD:2E:EF:2C:11:41:43:B1:A7:D0:53:13:AB:99
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5E49A4C1E401C0A972993334FCD2AC042BB6BE13
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36392e302f32342d3234203d3e2032393134.roa
Signing time:             Thu 07 May 2026 16:26:46 +0000
ROA not before:           Thu 07 May 2026 16:21:46 +0000
ROA not after:            Thu 06 May 2027 16:26:46 +0000
asID:                     2914
IP address blocks:        145.79.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:49:a4:c1:e4:01:c0:a9:72:99:33:34:fc:d2:ac:04:2b:b6:be:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May  7 16:21:46 2026 GMT
            Not After : May  6 16:26:46 2027 GMT
        Subject: CN=4BF40B5C7FC3DD2EEF2C114143B1A7D05313AB99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bb:13:b7:95:82:07:24:dd:dc:bc:7b:ee:d7:
                    2d:03:bf:5d:d6:91:84:59:c5:d0:b7:bf:60:b1:cf:
                    f7:a1:18:8b:00:d0:cb:cb:de:0c:f5:d3:5c:12:fb:
                    0d:19:bc:9b:61:cc:bf:8c:9a:f9:41:6c:11:3c:8a:
                    a3:fa:e6:b5:18:3b:be:3a:03:da:10:c4:42:c1:06:
                    c5:06:04:a4:41:1b:99:f7:e8:a6:79:86:70:84:f7:
                    62:95:77:af:2c:b4:6f:b0:47:3a:bc:08:d4:f1:12:
                    1e:e9:a5:17:9f:f8:db:53:14:33:52:b3:fe:42:b9:
                    36:a7:4f:31:47:41:0a:91:02:53:fb:d0:75:50:f7:
                    26:6c:3b:25:19:ab:08:db:b0:fc:34:d1:62:87:d6:
                    25:a8:6c:66:28:7a:c1:d6:6f:84:40:cb:c1:e5:27:
                    e4:9a:73:e5:98:ec:ce:1d:59:2e:e5:20:8e:59:69:
                    0d:70:b6:a3:c4:6a:d0:84:80:56:4d:e1:bb:6c:31:
                    af:f7:93:6d:39:42:42:bf:28:2e:50:b6:ea:c1:26:
                    69:17:a7:13:46:fd:d0:e1:44:5a:a3:27:cb:df:6f:
                    f8:dd:51:58:3b:78:09:53:81:9d:e1:85:96:e9:85:
                    00:59:a4:6f:eb:24:be:26:f2:d4:9e:3d:ff:f9:28:
                    49:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:F4:0B:5C:7F:C3:DD:2E:EF:2C:11:41:43:B1:A7:D0:53:13:AB:99
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36392e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:77:74:37:bb:f1:7c:29:c2:e1:56:81:5c:4b:31:b1:be:34:
         b9:32:2f:b5:26:6f:53:1d:73:fa:68:54:0c:72:e2:fb:59:07:
         3f:d4:4f:4a:ab:19:71:a5:c3:1f:6a:2b:87:cd:c0:e6:77:90:
         41:b4:fc:9b:5b:39:95:c8:66:61:16:e2:dc:5f:7a:77:fa:cd:
         2c:75:59:5a:18:b4:44:0e:28:7f:45:86:6b:c7:3a:bc:a5:ef:
         24:60:b6:f7:88:69:54:8d:5c:fb:39:6f:b3:ad:eb:f2:b6:22:
         07:44:6f:07:38:03:f7:5c:b5:4b:6f:6c:74:9b:ad:56:ea:d3:
         5b:43:c0:a8:9a:0d:58:b3:dd:1d:72:fd:e7:9b:aa:9e:44:17:
         98:81:0c:85:35:d1:b5:29:ae:92:3b:ae:8d:ee:50:b0:c6:19:
         16:04:c4:75:b3:30:c6:c0:fc:20:13:ed:f5:2d:e6:de:26:90:
         eb:0d:eb:31:c2:e9:9c:93:ce:62:00:43:a5:ed:be:ed:b9:47:
         b7:e7:2b:33:85:56:d0:79:d7:30:60:cf:2e:a3:83:24:ad:06:
         48:15:82:2f:1d:7d:46:3b:27:11:18:3d:0f:4b:76:90:8f:37:
         6d:10:1f:de:07:4e:ce:f7:0b:88:39:fc:54:97:d7:46:f4:44:
         bf:97:32:e8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXkmkweQBwKlymTM0/NKsBCu2vhMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MDcxNjIxNDZaFw0yNzA1MDYxNjI2NDZaMDMxMTAvBgNV
BAMTKDRCRjQwQjVDN0ZDM0REMkVFRjJDMTE0MTQzQjFBN0QwNTMxM0FCOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTuxO3lYIHJN3cvHvu1y0Dv13W
kYRZxdC3v2Cxz/ehGIsA0MvL3gz101wS+w0ZvJthzL+MmvlBbBE8iqP65rUYO746
A9oQxELBBsUGBKRBG5n36KZ5hnCE92KVd68stG+wRzq8CNTxEh7ppRef+NtTFDNS
s/5CuTanTzFHQQqRAlP70HVQ9yZsOyUZqwjbsPw00WKH1iWobGYoesHWb4RAy8Hl
J+Sac+WY7M4dWS7lII5ZaQ1wtqPEatCEgFZN4btsMa/3k205QkK/KC5QturBJmkX
pxNG/dDhRFqjJ8vfb/jdUVg7eAlTgZ3hhZbphQBZpG/rJL4m8tSePf/5KEkfAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUS/QLXH/D3S7vLBFBQ7Gn0FMTq5kwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNjM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT0Uw
DQYJKoZIhvcNAQELBQADggEBAIJ3dDe78XwpwuFWgVxLMbG+NLkyL7Umb1Mdc/po
VAxy4vtZBz/UT0qrGXGlwx9qK4fNwOZ3kEG0/JtbOZXIZmEW4txfenf6zSx1WVoY
tEQOKH9FhmvHOryl7yRgtveIaVSNXPs5b7Ot6/K2IgdEbwc4A/dctUtvbHSbrVbq
01tDwKiaDViz3R1y/eebqp5EF5iBDIU10bUprpI7ro3uULDGGRYExHWzMMbA/CAT
7fUt5t4mkOsN6zHC6ZyTzmIAQ6Xtvu25R7fnKzOFVtB51zBgzy6jgyStBkgVgi8d
fUY7JxEYPQ9LdpCPN20QH94HTs73C4g5/FSX10b0RL+XMug=
-----END CERTIFICATE-----