Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134352e302f32342d3234203d3e20383334.roa
File:                     3134352e37392e3134352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          eG9BXLifv/6nQ2epOONd4bdQ/H7TBZAInbA9XeptskE=
Subject key identifier:   04:6A:E0:A4:5B:DF:BC:A4:00:09:FB:9E:BB:8C:02:DA:A7:66:1B:BB
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       14B73A035517BA56FAC40E31E7717D6C231DF052
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134352e302f32342d3234203d3e20383334.roa
Signing time:             Mon 23 Feb 2026 09:51:17 +0000
ROA not before:           Mon 23 Feb 2026 09:46:17 +0000
ROA not after:            Mon 22 Feb 2027 09:51:17 +0000
asID:                     834
IP address blocks:        145.79.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:04:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:b7:3a:03:55:17:ba:56:fa:c4:0e:31:e7:71:7d:6c:23:1d:f0:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 23 09:46:17 2026 GMT
            Not After : Feb 22 09:51:17 2027 GMT
        Subject: CN=046AE0A45BDFBCA40009FB9EBB8C02DAA7661BBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2a:ef:67:e9:7a:3d:6a:b7:c8:b9:ff:a7:33:
                    1b:7c:30:4a:b6:5e:ea:8a:5d:76:b1:f1:0d:8a:1d:
                    1a:af:3f:fa:b9:f3:04:ab:b2:52:88:9b:0b:ca:07:
                    c4:90:da:ec:24:39:91:30:0e:24:d2:c3:5e:54:6c:
                    96:0a:a2:da:d3:ad:e9:13:ae:93:cc:1c:56:2d:e4:
                    0f:28:4c:e5:d7:81:e2:ec:a3:f3:b4:e9:80:29:d6:
                    62:87:70:bf:7c:c6:8f:e5:b6:86:0e:9d:41:c6:e6:
                    da:93:40:e8:9a:bf:d7:2f:ce:6a:5c:3f:5a:e0:82:
                    ec:87:b3:df:85:2f:bc:57:3a:78:50:b5:4a:1d:28:
                    4f:b4:92:a6:ad:b3:c7:a8:6b:a8:e4:90:e4:36:b8:
                    94:2a:67:61:66:dd:c4:1b:62:fb:3d:b9:f1:c3:19:
                    36:63:3c:16:58:55:cc:30:d4:f7:c4:7d:44:c6:ee:
                    c4:cf:32:66:cf:61:a2:5a:4c:30:5d:3a:33:cd:f7:
                    1f:52:6f:ec:92:fc:7e:7c:34:0a:b6:0d:c5:67:01:
                    bc:ea:5b:ec:31:96:72:40:0b:c4:51:09:05:07:df:
                    37:68:01:52:ff:1b:8f:d3:ce:86:fe:b7:e3:e5:28:
                    23:12:73:1b:cb:cb:ce:62:28:36:b2:d0:50:9a:35:
                    d9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:6A:E0:A4:5B:DF:BC:A4:00:09:FB:9E:BB:8C:02:DA:A7:66:1B:BB
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:75:d1:57:b6:73:a2:51:9a:b1:98:95:e4:fe:81:10:dd:7a:
         39:b1:e9:28:e0:59:40:35:75:5b:96:24:d4:b4:cd:5d:88:e7:
         45:fb:fa:67:9e:4e:e3:6a:53:0a:25:72:c1:ae:f7:42:b8:5e:
         b8:5d:4b:f1:0d:4e:3a:fa:d6:d8:49:96:60:87:70:c7:7d:ad:
         7b:f6:04:a2:26:56:13:aa:73:c0:24:91:cb:94:35:02:d1:55:
         19:5a:6e:df:e3:7b:f8:07:a6:f3:54:59:63:f1:8e:9c:f5:75:
         82:8f:e3:44:c2:cc:d5:6b:2e:60:db:26:03:88:49:b7:5c:db:
         00:84:e9:f2:e8:0f:97:8f:db:82:a7:96:5f:22:06:bb:49:1c:
         d8:17:7e:36:17:ff:14:d3:03:a1:8a:be:ac:14:6a:3a:32:d7:
         92:de:7a:32:bc:7f:11:48:28:7c:14:c4:47:56:52:a1:f5:df:
         e6:b1:e6:75:44:6b:99:4a:fb:81:32:b0:78:84:f6:32:af:c6:
         db:d8:6d:cc:01:b6:2e:04:91:0e:ad:b0:43:d9:2a:e2:d0:87:
         89:74:3c:5b:ee:ff:cf:9b:4e:7e:30:5f:4b:0d:ea:9b:25:66:
         58:a8:86:8f:ef:79:3b:09:3e:f0:08:c3:29:f9:5a:bb:4d:f9:
         71:b5:b3:1e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFLc6A1UXulb6xA4x53F9bCMd8FIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAyMjMwOTQ2MTdaFw0yNzAyMjIwOTUxMTdaMDMxMTAvBgNV
BAMTKDA0NkFFMEE0NUJERkJDQTQwMDA5RkI5RUJCOEMwMkRBQTc2NjFCQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkKu9n6Xo9arfIuf+nMxt8MEq2
XuqKXXax8Q2KHRqvP/q58wSrslKImwvKB8SQ2uwkOZEwDiTSw15UbJYKotrTrekT
rpPMHFYt5A8oTOXXgeLso/O06YAp1mKHcL98xo/ltoYOnUHG5tqTQOiav9cvzmpc
P1rgguyHs9+FL7xXOnhQtUodKE+0kqats8eoa6jkkOQ2uJQqZ2Fm3cQbYvs9ufHD
GTZjPBZYVcww1PfEfUTG7sTPMmbPYaJaTDBdOjPN9x9Sb+yS/H58NAq2DcVnAbzq
W+wxlnJAC8RRCQUH3zdoAVL/G4/Tzob+t+PlKCMScxvLy85iKDay0FCaNdkvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUBGrgpFvfvKQACfueu4wC2qdmG7swHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM0
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT5Ew
DQYJKoZIhvcNAQELBQADggEBAAB10Ve2c6JRmrGYleT+gRDdejmx6SjgWUA1dVuW
JNS0zV2I50X7+meeTuNqUwolcsGu90K4XrhdS/ENTjr61thJlmCHcMd9rXv2BKIm
VhOqc8AkkcuUNQLRVRlabt/je/gHpvNUWWPxjpz1dYKP40TCzNVrLmDbJgOISbdc
2wCE6fLoD5eP24Knll8iBrtJHNgXfjYX/xTTA6GKvqwUajoy15LeejK8fxFIKHwU
xEdWUqH13+ax5nVEa5lK+4EysHiE9jKvxtvYbcwBti4EkQ6tsEPZKuLQh4l0PFvu
/8+bTn4wX0sN6pslZlioho/veTsJPvAIwyn5WrtN+XG1sx4=
-----END CERTIFICATE-----