Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e36342e302f32312d3234203d3e2037303239.roa
File:                     3134352e31312e36342e302f32312d3234203d3e2037303239.roa (raw, json)
Hash identifier:          HdXUVNReJx2YokWJuU4YUNxIbECyw3o903SLgGxBhww=
Subject key identifier:   D6:6D:24:AC:5C:CC:26:B0:B7:73:33:37:54:68:18:D2:1A:C8:59:F6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       791E7D51D814873BD015AC706CB6ABA38DB4C08D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e36342e302f32312d3234203d3e2037303239.roa
Signing time:             Fri 10 Apr 2026 10:50:20 +0000
ROA not before:           Fri 10 Apr 2026 10:45:20 +0000
ROA not after:            Fri 09 Apr 2027 10:50:20 +0000
asID:                     7029
IP address blocks:        145.11.64.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:14:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:1e:7d:51:d8:14:87:3b:d0:15:ac:70:6c:b6:ab:a3:8d:b4:c0:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 10 10:45:20 2026 GMT
            Not After : Apr  9 10:50:20 2027 GMT
        Subject: CN=D66D24AC5CCC26B0B7733337546818D21AC859F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8e:95:d9:95:c5:28:f6:f5:af:8e:52:91:57:
                    d9:26:ed:18:55:3f:09:f2:7f:d7:38:4b:32:21:79:
                    af:51:a3:de:8c:04:7f:d7:ee:04:d2:5f:c5:af:f8:
                    69:07:9f:2a:35:d8:d5:e4:a9:2e:e0:f0:1b:e5:ae:
                    94:cb:91:b4:32:2a:2c:f3:d9:4d:ee:83:1b:e7:f8:
                    6f:8c:20:2f:5b:5c:f6:35:d2:eb:e1:90:44:c2:5e:
                    ee:45:8a:da:bd:d3:93:c1:e1:3c:02:e6:16:25:79:
                    18:ce:6a:8d:57:1a:25:93:c6:ed:0f:4a:67:12:89:
                    82:a8:3e:06:ce:21:bd:da:cb:01:0f:c2:fb:e3:e4:
                    fc:89:f4:3c:b2:ec:61:4b:38:08:a6:98:d2:d1:cb:
                    ee:d3:c5:bc:6d:31:39:90:87:2e:3c:f0:a4:54:7e:
                    58:a0:af:c9:a8:f8:db:1d:2a:a9:a9:13:b3:b9:a5:
                    87:5c:a8:f7:a2:3d:a9:0f:46:24:cf:7e:50:e0:1f:
                    e6:8d:ac:4e:2c:dc:ef:63:b7:d1:ac:96:11:ab:13:
                    0e:73:61:52:2e:e3:04:13:34:74:58:33:32:05:87:
                    bd:b3:ca:51:99:7a:bb:28:60:38:95:78:6f:5d:58:
                    af:c6:9f:2a:a8:b0:7c:af:7e:c1:93:97:63:09:0e:
                    d5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:6D:24:AC:5C:CC:26:B0:B7:73:33:37:54:68:18:D2:1A:C8:59:F6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e36342e302f32312d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0e:e6:b3:cc:f0:e7:51:1a:0f:c8:2d:8d:94:bf:01:6f:4c:e4:
         b0:9b:26:93:09:52:51:88:0f:40:b8:77:c8:b2:fc:6f:f0:82:
         be:f4:f5:52:10:b5:ee:9e:f8:78:c3:57:ef:1a:4c:b7:82:85:
         6e:c7:91:32:c8:ac:bc:8a:af:a6:74:52:80:cc:82:8e:b6:9d:
         81:16:4d:17:55:24:d9:81:4c:12:28:32:8c:bf:bc:a0:91:60:
         76:a5:d1:24:d4:a0:49:9a:9d:61:10:58:c2:1f:41:6b:e9:0e:
         22:d3:37:4c:24:90:01:b4:db:90:97:68:89:47:9b:18:1f:b5:
         ef:a0:ae:0e:14:3e:72:2c:a6:89:00:1d:d1:fd:65:8a:6e:6f:
         e0:50:e2:8c:35:89:30:9c:22:5a:3c:a3:9f:cd:9f:83:ef:08:
         85:26:34:93:c0:81:e5:3d:bd:2b:18:91:ad:db:d3:a5:6c:ac:
         a8:20:80:89:18:4a:af:0f:54:2b:7e:66:b5:a0:ca:c1:04:ec:
         fd:df:a2:85:98:36:b0:fd:27:ad:cd:71:68:a0:b3:70:27:f6:
         f9:3d:c5:e3:8d:c5:a2:3b:31:5a:90:0f:28:9b:75:f2:c5:4a:
         e4:cd:95:e8:ff:57:62:2e:5c:73:f3:f7:cd:8c:1b:94:02:51:
         04:23:c8:28
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUeR59UdgUhzvQFaxwbLaro420wI0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTAxMDQ1MjBaFw0yNzA0MDkxMDUwMjBaMDMxMTAvBgNV
BAMTKEQ2NkQyNEFDNUNDQzI2QjBCNzczMzMzNzU0NjgxOEQyMUFDODU5RjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUjpXZlcUo9vWvjlKRV9km7RhV
Pwnyf9c4SzIhea9Ro96MBH/X7gTSX8Wv+GkHnyo12NXkqS7g8BvlrpTLkbQyKizz
2U3ugxvn+G+MIC9bXPY10uvhkETCXu5Fitq905PB4TwC5hYleRjOao1XGiWTxu0P
SmcSiYKoPgbOIb3aywEPwvvj5PyJ9Dyy7GFLOAimmNLRy+7TxbxtMTmQhy488KRU
fligr8mo+NsdKqmpE7O5pYdcqPeiPakPRiTPflDgH+aNrE4s3O9jt9GslhGrEw5z
YVIu4wQTNHRYMzIFh72zylGZersoYDiVeG9dWK/GnyqosHyvfsGTl2MJDtVJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1m0krFzMJrC3czM3VGgY0hrIWfYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzNjM0
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzczMDMyMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAORC0Aw
DQYJKoZIhvcNAQELBQADggEBAA7ms8zw51EaD8gtjZS/AW9M5LCbJpMJUlGID0C4
d8iy/G/wgr709VIQte6e+HjDV+8aTLeChW7HkTLIrLyKr6Z0UoDMgo62nYEWTRdV
JNmBTBIoMoy/vKCRYHal0STUoEmanWEQWMIfQWvpDiLTN0wkkAG025CXaIlHmxgf
te+grg4UPnIspokAHdH9ZYpub+BQ4ow1iTCcIlo8o5/Nn4PvCIUmNJPAgeU9vSsY
ka3b06VsrKgggIkYSq8PVCt+ZrWgysEE7P3fooWYNrD9J63NcWigs3An9vk9xeON
xaI7MVqQDyibdfLFSuTNlej/V2IuXHPz982MG5QCUQQjyCg=
-----END CERTIFICATE-----