Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38302e302f32312d3234203d3e2037303239.roa
File:                     3134352e31312e38302e302f32312d3234203d3e2037303239.roa (raw, json)
Hash identifier:          QdHZpR8hbw9iuZqrgMnFkjr7Qy0T3OhC/1XE09c1s3s=
Subject key identifier:   E8:FD:F6:32:EA:4F:29:92:32:1D:65:A0:22:33:2D:FB:AC:7B:E5:72
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6FE1E7F412B322B892D53F51A29FD913051980E0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38302e302f32312d3234203d3e2037303239.roa
Signing time:             Fri 10 Apr 2026 10:50:37 +0000
ROA not before:           Fri 10 Apr 2026 10:45:37 +0000
ROA not after:            Fri 09 Apr 2027 10:50:37 +0000
asID:                     7029
IP address blocks:        145.11.80.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:14:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:e1:e7:f4:12:b3:22:b8:92:d5:3f:51:a2:9f:d9:13:05:19:80:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 10 10:45:37 2026 GMT
            Not After : Apr  9 10:50:37 2027 GMT
        Subject: CN=E8FDF632EA4F2992321D65A022332DFBAC7BE572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:93:e4:10:37:4c:3c:b1:34:f7:99:43:fe:1a:
                    23:b4:a0:86:b2:80:6d:6a:cb:07:37:da:8a:e1:4c:
                    48:0e:66:cc:25:e4:6b:d0:b1:08:4f:fe:ae:4c:6d:
                    2b:15:0b:30:40:39:a4:98:34:92:55:a7:f3:ec:5a:
                    63:25:8b:33:f9:5a:d9:78:2d:23:28:80:a9:7d:8a:
                    3b:61:97:cf:ed:fa:bb:e2:11:09:46:04:e8:36:47:
                    7a:40:12:35:e8:86:ca:fd:f1:5c:d3:3f:8b:0c:26:
                    08:63:5a:97:9c:ce:4c:88:49:a7:d3:cd:8b:c1:09:
                    3d:63:da:71:53:1d:12:3b:34:b8:9d:c7:2f:fb:47:
                    cc:ca:f3:12:62:bb:35:c9:55:c3:aa:34:53:c7:dc:
                    9e:f4:ad:41:46:29:32:44:07:71:8e:f1:82:be:85:
                    91:28:05:87:18:bd:17:05:fa:0f:66:0c:21:d5:69:
                    1f:16:f7:83:b8:5f:1a:6d:fb:35:0a:3d:a8:98:69:
                    72:73:4d:85:d7:55:09:59:c9:d2:cd:6f:73:c2:b8:
                    55:37:a7:50:e2:6b:f0:dc:3a:55:e6:cc:8d:64:2a:
                    a9:3d:2c:d8:12:85:f2:10:08:56:46:64:ae:a1:d8:
                    de:a6:0e:db:ad:d3:fc:8f:12:f5:a2:1d:0c:08:8e:
                    c2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:FD:F6:32:EA:4F:29:92:32:1D:65:A0:22:33:2D:FB:AC:7B:E5:72
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38302e302f32312d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8f:2b:d6:a7:ba:7c:87:83:d9:e3:9c:9e:dc:26:25:5a:db:8b:
         e5:4e:2a:2a:17:99:07:91:ff:1b:b3:64:6d:2a:b0:13:6c:0e:
         a6:d3:68:ca:0e:55:2f:11:07:ab:a1:43:aa:78:ba:38:ac:7b:
         6c:41:1b:05:49:68:c5:91:33:87:1a:13:00:87:60:bc:97:b9:
         0f:4a:03:42:ac:53:86:e7:fa:66:77:55:c7:cc:7c:b9:5e:4b:
         c2:89:0e:95:bf:6d:56:e8:8c:76:c8:00:02:0a:45:d1:65:9d:
         27:6b:2f:9a:2b:b1:7b:0b:85:66:3f:97:ee:bb:11:5d:da:40:
         b7:c9:b2:2f:36:6f:2c:8d:09:13:2f:93:33:f8:8b:05:7b:32:
         fb:e7:d0:38:8e:85:a0:70:63:bc:09:85:1a:cd:67:92:9e:a5:
         d0:eb:4a:3b:9d:80:17:cc:dc:c6:cc:82:53:6d:92:86:c6:11:
         a0:41:19:79:12:e2:11:04:e1:1a:d5:76:5c:2f:42:61:c6:87:
         5e:f9:65:1c:11:57:8a:e7:f8:9f:01:fc:1c:c3:cb:2a:79:53:
         b5:10:4f:86:54:82:b9:ee:5a:35:ac:ae:84:a4:02:0b:4b:48:
         2d:c0:fd:d4:8a:eb:42:b8:60:ea:90:f2:ab:20:85:52:3d:95:
         a1:09:74:10
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUb+Hn9BKzIriS1T9Rop/ZEwUZgOAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTAxMDQ1MzdaFw0yNzA0MDkxMDUwMzdaMDMxMTAvBgNV
BAMTKEU4RkRGNjMyRUE0RjI5OTIzMjFENjVBMDIyMzMyREZCQUM3QkU1NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBk+QQN0w8sTT3mUP+GiO0oIay
gG1qywc32orhTEgOZswl5GvQsQhP/q5MbSsVCzBAOaSYNJJVp/PsWmMlizP5Wtl4
LSMogKl9ijthl8/t+rviEQlGBOg2R3pAEjXohsr98VzTP4sMJghjWpeczkyISafT
zYvBCT1j2nFTHRI7NLidxy/7R8zK8xJiuzXJVcOqNFPH3J70rUFGKTJEB3GO8YK+
hZEoBYcYvRcF+g9mDCHVaR8W94O4Xxpt+zUKPaiYaXJzTYXXVQlZydLNb3PCuFU3
p1Dia/DcOlXmzI1kKqk9LNgShfIQCFZGZK6h2N6mDtut0/yPEvWiHQwIjsK3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU6P32MupPKZIyHWWgIjMt+6x75XIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzODMw
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzczMDMyMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAORC1Aw
DQYJKoZIhvcNAQELBQADggEBAI8r1qe6fIeD2eOcntwmJVrbi+VOKioXmQeR/xuz
ZG0qsBNsDqbTaMoOVS8RB6uhQ6p4ujise2xBGwVJaMWRM4caEwCHYLyXuQ9KA0Ks
U4bn+mZ3VcfMfLleS8KJDpW/bVbojHbIAAIKRdFlnSdrL5orsXsLhWY/l+67EV3a
QLfJsi82byyNCRMvkzP4iwV7Mvvn0DiOhaBwY7wJhRrNZ5KepdDrSjudgBfM3MbM
glNtkobGEaBBGXkS4hEE4RrVdlwvQmHGh175ZRwRV4rn+J8B/BzDyyp5U7UQT4ZU
grnuWjWsroSkAgtLSC3A/dSK60K4YOqQ8qsghVI9laEJdBA=
-----END CERTIFICATE-----