Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/39342e3135362e3233312e302f32342d3234203d3e20323134313535.roa
File:                     39342e3135362e3233312e302f32342d3234203d3e20323134313535.roa (raw, json)
Hash identifier:          YGI0DgRlkYfQ1dLOaOAgI0l+tKMcWrzCZ7odKMGyU9g=
Subject key identifier:   E2:DF:27:43:B4:E7:04:FE:BC:50:6F:D9:02:D6:40:09:3B:21:89:2A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2F9F95FD8EB1F7F44DE183680E270B970A5200F6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/39342e3135362e3233312e302f32342d3234203d3e20323134313535.roa
Signing time:             Wed 27 Aug 2025 21:47:28 +0000
ROA not before:           Wed 27 Aug 2025 21:42:28 +0000
ROA not after:            Wed 26 Aug 2026 21:47:28 +0000
asID:                     214155
IP address blocks:        94.156.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:43:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:9f:95:fd:8e:b1:f7:f4:4d:e1:83:68:0e:27:0b:97:0a:52:00:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 27 21:42:28 2025 GMT
            Not After : Aug 26 21:47:28 2026 GMT
        Subject: CN=E2DF2743B4E704FEBC506FD902D640093B21892A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fd:e3:48:6d:8f:de:aa:e2:4b:94:05:af:cc:
                    32:10:5c:09:58:8e:03:2a:75:bb:65:24:5b:59:a1:
                    83:c8:4e:95:37:c6:62:29:47:87:8e:61:35:02:4e:
                    f7:3a:60:b3:ce:e5:19:7a:58:0f:6d:75:56:74:8f:
                    67:57:d3:36:7a:2b:d7:94:c6:b9:1a:f9:f3:6a:b7:
                    fd:05:ae:1a:71:9f:43:ee:ba:54:9f:cf:90:de:42:
                    f6:a9:27:69:6d:d3:13:f2:5b:bb:48:9a:95:69:cb:
                    b3:71:0f:ae:19:3b:42:ea:91:3e:43:da:6b:6f:78:
                    33:c1:bc:b0:4e:34:a0:60:d2:b2:88:3a:54:8d:61:
                    61:2e:1e:61:0b:cc:6e:6b:02:90:ef:da:9e:1a:57:
                    0c:8c:dd:ab:e0:1a:18:3b:c0:14:1b:51:e1:16:8a:
                    a7:71:78:e3:fc:ce:fd:f5:f8:ba:f7:28:1b:fe:f5:
                    f9:d9:ae:5c:13:a0:01:b3:c2:37:74:12:42:68:6c:
                    d4:e0:6d:7a:f3:c0:b5:d6:73:8d:b2:a6:6c:ce:7e:
                    ba:90:e0:eb:2c:a2:3c:e9:8d:8b:21:39:ee:d3:1c:
                    03:cc:f8:4f:eb:05:a0:55:f4:05:de:b0:de:90:90:
                    c2:ed:55:90:3e:ec:31:d1:38:e5:8a:0a:04:30:7e:
                    8a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DF:27:43:B4:E7:04:FE:BC:50:6F:D9:02:D6:40:09:3B:21:89:2A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/39342e3135362e3233312e302f32342d3234203d3e20323134313535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:a0:7d:67:91:94:4c:e0:8a:0f:f9:4d:92:7a:d8:fd:26:0c:
         59:ce:e4:60:99:fc:f7:5a:d8:8a:03:6e:42:de:ba:68:5b:00:
         d2:7a:1b:88:1a:08:50:16:37:ce:7e:6f:53:ad:bc:4e:7a:38:
         b4:f5:99:e0:bd:14:e1:ee:8c:22:00:1e:6f:43:c6:5e:c0:2b:
         86:ac:e7:48:db:51:33:e4:99:d3:5c:72:b2:a9:d6:6a:e1:e3:
         7b:d6:4a:b9:a4:73:7c:61:71:e3:18:23:1c:95:3e:cf:eb:8c:
         fc:5e:b0:b2:88:9f:44:46:de:08:b9:a6:c7:b1:31:f7:75:1f:
         01:85:ea:ac:cc:2d:97:11:44:6f:06:80:fd:ff:bb:3e:9d:3e:
         d5:3c:a6:1e:77:f9:b3:02:9a:80:22:d1:65:d7:96:4c:49:ed:
         0e:83:e9:b4:a9:80:c7:4c:e8:5e:6c:97:36:1c:80:c9:f0:0c:
         29:1d:0a:9a:3f:64:11:51:b6:99:39:e4:03:13:bb:56:4a:15:
         9a:59:e7:bc:30:cb:bb:7f:02:b9:67:e1:ea:c7:69:e2:0e:96:
         28:53:76:cc:8f:3d:6c:01:e4:e7:21:60:6f:4e:60:d0:42:47:
         eb:26:6b:69:5a:64:e5:06:3c:ff:fe:5b:1d:49:c5:1d:07:16:
         bd:a9:0c:94
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUL5+V/Y6x9/RN4YNoDicLlwpSAPYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjcyMTQyMjhaFw0yNjA4MjYyMTQ3MjhaMDMxMTAvBgNV
BAMTKEUyREYyNzQzQjRFNzA0RkVCQzUwNkZEOTAyRDY0MDA5M0IyMTg5MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq/eNIbY/equJLlAWvzDIQXAlY
jgMqdbtlJFtZoYPITpU3xmIpR4eOYTUCTvc6YLPO5Rl6WA9tdVZ0j2dX0zZ6K9eU
xrka+fNqt/0Frhpxn0PuulSfz5DeQvapJ2lt0xPyW7tImpVpy7NxD64ZO0LqkT5D
2mtveDPBvLBONKBg0rKIOlSNYWEuHmELzG5rApDv2p4aVwyM3avgGhg7wBQbUeEW
iqdxeOP8zv31+Lr3KBv+9fnZrlwToAGzwjd0EkJobNTgbXrzwLXWc42ypmzOfrqQ
4OssojzpjYshOe7THAPM+E/rBaBV9AXesN6QkMLtVZA+7DHROOWKCgQwfoorAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU4t8nQ7TnBP68UG/ZAtZACTshiSowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzkzNDJlMzEzNTM2MmUzMjMz
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzMTM1MzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABenOcwDQYJKoZIhvcNAQELBQADggEBAI2gfWeRlEzgig/5TZJ62P0mDFnO5GCZ
/Pda2IoDbkLeumhbANJ6G4gaCFAWN85+b1OtvE56OLT1meC9FOHujCIAHm9Dxl7A
K4as50jbUTPkmdNccrKp1mrh43vWSrmkc3xhceMYIxyVPs/rjPxesLKIn0RG3gi5
psexMfd1HwGF6qzMLZcRRG8GgP3/uz6dPtU8ph53+bMCmoAi0WXXlkxJ7Q6D6bSp
gMdM6F5slzYcgMnwDCkdCpo/ZBFRtpk55AMTu1ZKFZpZ57wwy7t/Arln4erHaeIO
lihTdsyPPWwB5OchYG9OYNBCR+sma2laZOUGPP/+Wx1JxR0HFr2pDJQ=
-----END CERTIFICATE-----
Generated at Mon Oct 20 04:04:25 2025 by rpki-client