Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38382e302f32312d3234203d3e20383334.roa
File:                     3134352e31312e38382e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          oXgQfC3rylz/tPVghIwEzoRGftu/NlyHYULxMzPPwJM=
Subject key identifier:   C5:16:60:93:60:22:21:9A:89:23:B3:B1:07:06:8E:88:29:26:3E:D5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       08E0F952605455F1D6EA2F0BE7D32BB7DC438FDA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38382e302f32312d3234203d3e20383334.roa
Signing time:             Mon 08 Jun 2026 12:12:32 +0000
ROA not before:           Mon 08 Jun 2026 12:07:32 +0000
ROA not after:            Mon 07 Jun 2027 12:12:32 +0000
asID:                     834
IP address blocks:        145.11.88.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:42:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:e0:f9:52:60:54:55:f1:d6:ea:2f:0b:e7:d3:2b:b7:dc:43:8f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  8 12:07:32 2026 GMT
            Not After : Jun  7 12:12:32 2027 GMT
        Subject: CN=C51660936022219A8923B3B107068E8829263ED5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:06:e6:de:3e:e5:88:bd:3a:d0:ec:4f:9a:e0:
                    41:57:86:9a:13:d0:61:e7:ac:e9:e8:6d:65:50:18:
                    81:9d:7b:d1:80:9c:41:c5:a0:c8:cf:c7:e3:bb:1c:
                    88:b1:93:55:65:46:9c:08:7f:66:ff:68:46:2a:42:
                    d5:1f:d5:bb:29:a9:d3:28:7a:1b:a0:4b:ba:ab:46:
                    27:1b:8c:fc:3c:6a:53:1c:22:53:4e:6d:07:0b:af:
                    5a:31:d6:50:fa:a8:72:69:c4:b4:82:d3:11:1b:fa:
                    d6:48:7d:d5:af:ee:bd:64:7e:be:e0:b9:78:3c:3d:
                    d0:7c:0a:41:b7:70:83:49:96:5b:34:1b:ae:be:c9:
                    e3:06:c0:6a:42:79:dd:60:3d:a5:15:d1:07:6f:dd:
                    66:33:56:cd:e4:24:71:cb:92:f8:9c:d3:b8:e2:35:
                    88:4e:d5:ea:08:c4:cd:21:88:7a:57:e0:64:56:5f:
                    af:fc:6b:ce:b8:3c:ae:87:a6:ee:89:2f:cf:79:60:
                    af:36:2f:1e:44:63:21:20:b5:b7:44:eb:4d:58:d5:
                    ff:85:a0:95:a6:ac:8b:de:48:92:09:27:74:d1:06:
                    fc:3c:f7:8b:d8:98:d2:eb:01:45:78:b1:80:45:75:
                    e3:6a:b2:14:4d:86:63:8e:c9:b1:0e:97:aa:cd:9b:
                    2e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:16:60:93:60:22:21:9A:89:23:B3:B1:07:06:8E:88:29:26:3E:D5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38382e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1e:e5:43:6a:86:f8:0a:f2:89:61:6f:f5:b0:f7:5a:bf:eb:10:
         8c:62:83:89:87:28:4a:d3:b1:36:5f:2f:78:d3:e3:62:ce:9e:
         47:2d:4d:2e:e6:c6:02:65:87:c6:ed:11:b3:55:a3:50:c2:c8:
         d9:47:06:14:96:09:8a:fa:46:0b:a9:92:36:4e:de:2a:e9:f2:
         98:7b:2e:79:92:b3:be:2f:e4:cb:c4:f2:dd:52:df:5a:75:7a:
         27:cd:36:59:62:ba:d8:17:98:49:f0:e3:7d:7e:56:3b:73:e7:
         e3:91:d4:e5:77:b3:a1:64:55:53:90:b7:3c:b1:64:99:6f:1a:
         c4:19:a1:1b:c2:70:56:57:52:66:94:ed:f3:f6:bf:b3:e6:08:
         d9:d1:2a:b9:2b:40:db:ed:4d:c9:4a:9b:4e:06:1a:77:3f:c3:
         9e:98:c2:4b:3a:71:38:fe:0a:29:e2:f2:1d:89:fd:50:4f:7f:
         67:7e:3a:c9:25:bb:08:9c:23:98:1b:3d:a3:9b:95:f2:60:78:
         07:87:21:46:cd:20:46:7e:5e:ec:74:e3:c6:36:8d:d1:07:d1:
         70:3c:50:e0:b0:67:c0:a9:85:26:da:b2:97:19:60:c9:6b:c9:
         7e:e8:73:5b:a1:7a:d3:f6:11:75:68:ca:fe:48:73:c7:39:e8:
         8d:be:f3:e2
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUCOD5UmBUVfHW6i8L59Mrt9xDj9owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MDgxMjA3MzJaFw0yNzA2MDcxMjEyMzJaMDMxMTAvBgNV
BAMTKEM1MTY2MDkzNjAyMjIxOUE4OTIzQjNCMTA3MDY4RTg4MjkyNjNFRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwBubePuWIvTrQ7E+a4EFXhpoT
0GHnrOnobWVQGIGde9GAnEHFoMjPx+O7HIixk1VlRpwIf2b/aEYqQtUf1bspqdMo
ehugS7qrRicbjPw8alMcIlNObQcLr1ox1lD6qHJpxLSC0xEb+tZIfdWv7r1kfr7g
uXg8PdB8CkG3cINJlls0G66+yeMGwGpCed1gPaUV0Qdv3WYzVs3kJHHLkvic07ji
NYhO1eoIxM0hiHpX4GRWX6/8a864PK6Hpu6JL895YK82Lx5EYyEgtbdE601Y1f+F
oJWmrIveSJIJJ3TRBvw894vYmNLrAUV4sYBFdeNqshRNhmOOybEOl6rNmy6dAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUxRZgk2AiIZqJI7OxBwaOiCkmPtUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzODM4
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDkQtYMA0G
CSqGSIb3DQEBCwUAA4IBAQAe5UNqhvgK8olhb/Ww91q/6xCMYoOJhyhK07E2Xy94
0+Nizp5HLU0u5sYCZYfG7RGzVaNQwsjZRwYUlgmK+kYLqZI2Tt4q6fKYey55krO+
L+TLxPLdUt9adXonzTZZYrrYF5hJ8ON9flY7c+fjkdTld7OhZFVTkLc8sWSZbxrE
GaEbwnBWV1JmlO3z9r+z5gjZ0Sq5K0Db7U3JSptOBhp3P8OemMJLOnE4/gop4vId
if1QT39nfjrJJbsInCOYGz2jm5XyYHgHhyFGzSBGfl7sdOPGNo3RB9FwPFDgsGfA
qYUm2rKXGWDJa8l+6HNboXrT9hF1aMr+SHPHOeiNvvPi
-----END CERTIFICATE-----