Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37352e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e37352e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          N13lCLHERzM2YsjszDRTgPbgsvPHFqi2ue/TvzeUIZo=
Subject key identifier:   26:A3:DF:64:CE:5B:04:86:1C:F5:26:6E:82:EC:33:8A:14:23:F2:0C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4A7230A06F276C34F20FA66299F9D7283B67D025
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37352e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 21 Apr 2026 10:58:56 +0000
ROA not before:           Tue 21 Apr 2026 10:53:56 +0000
ROA not after:            Tue 20 Apr 2027 10:58:56 +0000
asID:                     2914
IP address blocks:        145.79.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:72:30:a0:6f:27:6c:34:f2:0f:a6:62:99:f9:d7:28:3b:67:d0:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 21 10:53:56 2026 GMT
            Not After : Apr 20 10:58:56 2027 GMT
        Subject: CN=26A3DF64CE5B04861CF5266E82EC338A1423F20C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:00:58:ec:e4:0a:27:30:26:bc:8f:ff:6d:27:
                    71:35:cb:1f:05:bc:5e:80:b8:1e:44:7f:21:86:13:
                    a6:a9:8a:46:df:e7:be:8c:71:9c:e1:ad:68:bd:02:
                    a1:b3:cf:54:cf:cc:67:2e:bb:85:47:b6:d4:b3:35:
                    0b:0f:eb:41:79:4b:56:ce:0c:ef:2b:09:bd:f1:7a:
                    8f:4e:a1:38:0f:02:b7:f7:3a:b9:c9:10:17:2c:88:
                    f9:89:b1:79:be:53:66:e2:86:c1:75:c8:f0:21:5e:
                    e6:5b:d3:f5:2f:f8:9d:58:51:46:f3:10:b9:ba:46:
                    5d:c6:81:63:fc:2e:d3:22:48:5a:b3:94:f2:36:f3:
                    e1:42:a0:40:b8:8d:bf:db:d9:35:72:8d:9c:33:81:
                    71:1c:1c:bb:5c:fc:0a:22:f0:d7:be:36:8f:3c:4c:
                    93:b9:22:11:05:70:de:c3:29:16:9c:ce:6c:4e:cc:
                    1b:dc:48:47:1c:aa:88:4f:b7:c5:50:fc:bd:ac:c9:
                    1d:49:e2:77:02:f5:a8:7f:2d:85:86:7f:29:1e:ad:
                    2f:b5:6d:04:b7:b1:75:da:bc:eb:38:ce:61:a6:82:
                    b3:f5:d5:00:76:a3:a8:12:d1:25:da:0a:0c:98:b0:
                    ca:67:a0:95:7e:cf:6c:1b:bf:ea:d9:ed:85:de:54:
                    e7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:A3:DF:64:CE:5B:04:86:1C:F5:26:6E:82:EC:33:8A:14:23:F2:0C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37352e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:9a:de:12:62:b2:cc:f7:35:16:8e:f1:d6:88:ae:b1:ff:c0:
         b9:c3:90:9f:e3:27:eb:b1:83:c0:d8:56:c2:94:a4:93:57:4d:
         39:00:73:3b:d1:2b:f2:86:1e:53:7f:c6:df:30:e3:db:06:33:
         e5:1f:77:27:60:13:e6:04:65:e0:d9:cb:62:49:ae:de:94:22:
         0a:29:f5:1e:f1:a8:ed:79:6f:b3:19:29:c4:25:43:92:c3:f4:
         f6:c7:44:34:6c:59:33:03:14:6c:dd:4e:f1:18:12:bb:56:3b:
         0d:5b:a3:0a:b0:96:b9:a5:cc:e3:5d:42:05:76:93:72:35:60:
         31:29:04:76:88:65:75:c0:63:cb:45:24:3a:25:a3:e0:6f:0c:
         4a:fc:60:38:4d:67:fc:42:a5:84:d0:23:c8:c8:84:3f:60:89:
         88:55:aa:e4:9b:ca:49:cb:6f:4c:e2:46:61:d9:ac:f6:d7:0c:
         85:5a:99:cd:7e:74:6c:07:10:ec:ac:35:8b:89:02:9f:e6:a3:
         b7:2a:f0:9a:37:45:67:4a:fb:80:b8:40:28:45:59:1f:3f:6a:
         76:5b:05:aa:b3:1f:8e:f3:fb:cd:ef:04:9a:45:b2:14:61:ba:
         69:a0:c1:81:85:11:4e:21:22:e3:31:9c:10:f3:b3:52:2a:03:
         51:c9:d4:d1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSnIwoG8nbDTyD6ZimfnXKDtn0CUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjExMDUzNTZaFw0yNzA0MjAxMDU4NTZaMDMxMTAvBgNV
BAMTKDI2QTNERjY0Q0U1QjA0ODYxQ0Y1MjY2RTgyRUMzMzhBMTQyM0YyMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYAFjs5AonMCa8j/9tJ3E1yx8F
vF6AuB5EfyGGE6apikbf576McZzhrWi9AqGzz1TPzGcuu4VHttSzNQsP60F5S1bO
DO8rCb3xeo9OoTgPArf3OrnJEBcsiPmJsXm+U2bihsF1yPAhXuZb0/Uv+J1YUUbz
ELm6Rl3GgWP8LtMiSFqzlPI28+FCoEC4jb/b2TVyjZwzgXEcHLtc/Aoi8Ne+No88
TJO5IhEFcN7DKRaczmxOzBvcSEccqohPt8VQ/L2syR1J4ncC9ah/LYWGfykerS+1
bQS3sXXavOs4zmGmgrP11QB2o6gS0SXaCgyYsMpnoJV+z2wbv+rZ7YXeVOeHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJqPfZM5bBIYc9SZuguwzihQj8gwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNzM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT0sw
DQYJKoZIhvcNAQELBQADggEBAKCa3hJissz3NRaO8daIrrH/wLnDkJ/jJ+uxg8DY
VsKUpJNXTTkAczvRK/KGHlN/xt8w49sGM+UfdydgE+YEZeDZy2JJrt6UIgop9R7x
qO15b7MZKcQlQ5LD9PbHRDRsWTMDFGzdTvEYErtWOw1bowqwlrmlzONdQgV2k3I1
YDEpBHaIZXXAY8tFJDolo+BvDEr8YDhNZ/xCpYTQI8jIhD9giYhVquSbyknLb0zi
RmHZrPbXDIVamc1+dGwHEOysNYuJAp/mo7cq8Jo3RWdK+4C4QChFWR8/anZbBaqz
H47z+83vBJpFshRhummgwYGFEU4hIuMxnBDzs1IqA1HJ1NE=
-----END CERTIFICATE-----