Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136372e302f32342d3234203d3e2032393134.roa
File:                     3134352e37392e3136372e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          ovCkGR88b4LOjsK7tpncjUFVn8WBEfuA9pGv5RcUgA8=
Subject key identifier:   E0:3D:2B:C0:7E:AD:9C:7E:7E:DB:2B:CF:70:E8:4D:50:6F:41:47:C8
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       35BDB3D4F6BC11FBE5EF4180815870064706FB26
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136372e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 24 Feb 2026 09:29:33 +0000
ROA not before:           Tue 24 Feb 2026 09:24:33 +0000
ROA not after:            Tue 23 Feb 2027 09:29:33 +0000
asID:                     2914
IP address blocks:        145.79.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:04:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:bd:b3:d4:f6:bc:11:fb:e5:ef:41:80:81:58:70:06:47:06:fb:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 24 09:24:33 2026 GMT
            Not After : Feb 23 09:29:33 2027 GMT
        Subject: CN=E03D2BC07EAD9C7E7EDB2BCF70E84D506F4147C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8a:72:19:75:81:fc:a3:f5:9d:8f:1f:d7:95:
                    81:a9:49:f5:21:3c:4d:ed:99:ab:53:8c:b0:b6:d6:
                    f8:42:52:eb:f8:49:3f:76:9b:a9:07:6c:6f:4b:53:
                    6c:22:92:f5:a9:d9:28:81:3f:c2:ec:a2:b3:4c:59:
                    86:58:0b:06:42:23:49:43:1b:19:48:a5:84:0b:4e:
                    61:d5:b3:c3:0e:dc:17:88:7d:fc:f3:b3:dd:13:a6:
                    23:71:48:f0:32:47:76:c3:cc:37:c7:70:f3:30:c6:
                    8c:b8:bd:43:c5:41:ce:f0:10:71:25:43:61:01:67:
                    a2:3f:41:8e:6e:55:a0:26:22:6f:f7:49:46:38:4f:
                    15:aa:e7:6f:79:ad:fe:84:ad:9f:09:5a:f4:fa:3e:
                    93:96:0b:4d:a6:4a:94:4e:1c:a9:d1:7b:4d:e4:f3:
                    87:c9:6a:77:73:3a:8f:33:e0:ad:39:e3:f3:d3:94:
                    f7:5e:16:56:1e:9d:d5:27:d1:6e:81:14:23:b3:b1:
                    9f:44:a0:ec:2e:5b:c1:d2:05:4b:99:d7:0b:fc:d1:
                    c2:13:ee:a5:10:d1:55:dd:4c:0e:15:e8:81:6a:05:
                    5a:62:ee:26:d4:d5:be:7c:db:28:a3:52:ec:f6:e2:
                    97:cc:c7:20:4e:53:35:11:d8:cf:ce:a4:da:ce:b4:
                    4e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:3D:2B:C0:7E:AD:9C:7E:7E:DB:2B:CF:70:E8:4D:50:6F:41:47:C8
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3136372e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:0a:0c:73:70:ee:3f:6d:e5:03:5b:b2:ec:2f:11:2b:0b:82:
         e8:8f:93:1e:f7:4d:82:95:f0:45:68:e8:02:b6:1a:bb:76:d1:
         26:11:7f:42:06:fc:2e:43:34:87:b4:9a:b0:07:18:4f:af:9a:
         55:ff:6c:39:59:1d:f9:a2:05:f1:6d:ce:97:a4:f3:90:c6:0c:
         32:53:2a:2e:16:6f:69:30:a9:a5:ba:78:2c:a5:04:e3:d3:43:
         38:00:04:bb:35:7f:9a:24:44:d9:83:ea:f0:1c:f2:2e:c7:af:
         60:e6:37:94:c7:8d:09:b7:14:b2:0f:dc:84:6e:17:84:20:2e:
         70:dc:36:63:44:c5:23:b3:77:00:f1:58:ea:18:cf:13:18:8c:
         94:ac:ef:43:93:9c:58:97:14:7a:9b:e7:08:3a:fb:29:cf:6f:
         54:24:e9:28:5d:15:83:3e:82:b1:10:cd:41:f4:2e:8e:83:bb:
         59:ca:40:41:2f:17:2b:65:10:d9:26:fa:f9:91:f3:21:0e:66:
         fb:83:26:7e:b0:5c:2f:89:85:54:05:33:f9:ee:b4:f3:39:86:
         0b:7e:a3:ea:74:1f:6b:37:e3:f7:27:38:a1:d8:94:c6:d9:a6:
         62:24:c4:de:8e:21:91:39:c5:76:5e:10:af:12:a7:c0:6a:c1:
         dc:46:1d:ac
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNb2z1Pa8Efvl70GAgVhwBkcG+yYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAyMjQwOTI0MzNaFw0yNzAyMjMwOTI5MzNaMDMxMTAvBgNV
BAMTKEUwM0QyQkMwN0VBRDlDN0U3RURCMkJDRjcwRTg0RDUwNkY0MTQ3QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZinIZdYH8o/Wdjx/XlYGpSfUh
PE3tmatTjLC21vhCUuv4ST92m6kHbG9LU2wikvWp2SiBP8LsorNMWYZYCwZCI0lD
GxlIpYQLTmHVs8MO3BeIffzzs90TpiNxSPAyR3bDzDfHcPMwxoy4vUPFQc7wEHEl
Q2EBZ6I/QY5uVaAmIm/3SUY4TxWq5295rf6ErZ8JWvT6PpOWC02mSpROHKnRe03k
84fJandzOo8z4K054/PTlPdeFlYendUn0W6BFCOzsZ9EoOwuW8HSBUuZ1wv80cIT
7qUQ0VXdTA4V6IFqBVpi7ibU1b582yijUuz24pfMxyBOUzUR2M/OpNrOtE7tAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4D0rwH6tnH5+2yvPcOhNUG9BR8gwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM2
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
pzANBgkqhkiG9w0BAQsFAAOCAQEAfwoMc3DuP23lA1uy7C8RKwuC6I+THvdNgpXw
RWjoArYau3bRJhF/Qgb8LkM0h7SasAcYT6+aVf9sOVkd+aIF8W3Ol6TzkMYMMlMq
LhZvaTCppbp4LKUE49NDOAAEuzV/miRE2YPq8BzyLsevYOY3lMeNCbcUsg/chG4X
hCAucNw2Y0TFI7N3APFY6hjPExiMlKzvQ5OcWJcUepvnCDr7Kc9vVCTpKF0Vgz6C
sRDNQfQujoO7WcpAQS8XK2UQ2Sb6+ZHzIQ5m+4MmfrBcL4mFVAUz+e608zmGC36j
6nQfazfj9yc4odiUxtmmYiTE3o4hkTnFdl4QrxKnwGrB3EYdrA==
-----END CERTIFICATE-----