Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3139302e302f32332d3234203d3e20383334.roa
File:                     3134352e37392e3139302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          E3xXgEXsBgrt1fhi1zLDFJDUrM0HA5IvRiGbIH2LyDo=
Subject key identifier:   CD:A0:83:28:AC:9F:29:63:E1:09:15:CA:FD:BD:ED:B4:93:45:E0:7E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       287674892885B184C2EB88D2B6D16A89278B6F94
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3139302e302f32332d3234203d3e20383334.roa
Signing time:             Fri 05 Jun 2026 13:25:03 +0000
ROA not before:           Fri 05 Jun 2026 13:20:03 +0000
ROA not after:            Fri 04 Jun 2027 13:25:03 +0000
asID:                     834
IP address blocks:        145.79.190.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:42:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:76:74:89:28:85:b1:84:c2:eb:88:d2:b6:d1:6a:89:27:8b:6f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  5 13:20:03 2026 GMT
            Not After : Jun  4 13:25:03 2027 GMT
        Subject: CN=CDA08328AC9F2963E10915CAFDBDEDB49345E07E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1c:7d:41:1c:ad:5e:91:c8:2d:ff:d9:91:bf:
                    6f:00:29:a2:e4:ef:4c:43:31:af:86:be:5f:84:18:
                    cc:f5:ab:17:b9:9b:9f:93:8c:1f:a2:29:eb:89:a0:
                    57:09:cb:f8:d4:c9:c9:48:93:c9:c0:de:86:75:6b:
                    a7:25:07:15:8e:a2:ae:ca:68:5a:50:92:23:80:ba:
                    9b:a0:74:8a:de:4b:16:e5:46:4d:9f:d3:da:56:52:
                    97:70:2c:60:5d:06:bf:58:e6:aa:ea:dd:60:ef:73:
                    01:0a:d7:d4:7e:96:5b:22:4f:5c:71:db:07:fb:25:
                    ac:45:64:19:7a:75:0d:c9:44:26:22:dc:5c:3d:eb:
                    9f:86:a6:8c:bc:ae:9d:5a:42:3b:fe:b9:cb:28:34:
                    d0:f5:92:de:37:57:32:14:bc:e9:91:f7:1a:40:a5:
                    88:44:7c:2f:d6:e8:c2:cc:76:7c:99:02:66:56:5b:
                    43:ce:40:ce:ea:2c:13:5f:6e:86:bc:c1:b8:02:62:
                    ce:c0:99:d9:f8:e1:bf:fc:c9:18:69:96:32:99:a6:
                    dc:62:ae:a5:9b:c5:50:a6:f8:39:ed:96:a0:f1:5f:
                    fe:52:f2:45:d7:de:90:c3:8f:10:ae:9a:a6:bb:64:
                    36:9c:cd:82:7e:3e:f2:15:9f:c0:b9:a1:b6:f0:0a:
                    1f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:A0:83:28:AC:9F:29:63:E1:09:15:CA:FD:BD:ED:B4:93:45:E0:7E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3139302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:dc:27:42:b3:7c:8d:c5:b9:eb:d6:74:37:cc:9d:0c:95:82:
         86:60:b6:65:d1:40:b3:8e:13:d8:be:25:f4:c4:b3:0d:f2:2f:
         73:88:10:73:69:14:d4:4a:98:08:f3:4b:be:19:6b:39:58:ed:
         04:8b:76:34:e2:20:c4:71:9a:fd:7e:ff:cb:2f:0c:e5:56:f1:
         fd:15:b1:8f:7a:a1:7f:cf:b1:26:85:20:8f:78:0a:90:e4:83:
         b6:7d:71:00:85:d4:50:3c:30:38:b4:c2:f3:fe:77:02:89:36:
         18:59:01:7a:70:89:72:62:e9:fd:fa:c4:b8:17:ff:b5:6a:ea:
         98:c0:51:01:5c:6c:b1:88:0e:5c:c9:1c:71:1e:83:6c:b8:de:
         9f:56:a4:9e:0b:17:28:bd:c6:63:a7:e0:5f:0c:0b:c0:8c:08:
         f1:a0:ad:92:23:9a:2a:b7:42:2e:47:8d:91:d9:ed:f7:3b:80:
         bd:cd:23:68:0c:02:66:e1:66:d1:7a:48:8c:69:f5:18:ac:17:
         fb:1e:ec:0c:95:de:e1:fc:2d:e7:e1:62:72:2b:3a:ec:2b:b7:
         f8:b5:ef:55:a5:a3:42:4e:06:f3:e6:d6:c4:1a:5d:a0:85:92:
         17:62:b8:e0:c9:8b:62:8a:17:ab:63:03:d0:55:32:cf:40:35:
         2a:83:ac:3c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKHZ0iSiFsYTC64jSttFqiSeLb5QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MDUxMzIwMDNaFw0yNzA2MDQxMzI1MDNaMDMxMTAvBgNV
BAMTKENEQTA4MzI4QUM5RjI5NjNFMTA5MTVDQUZEQkRFREI0OTM0NUUwN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuHH1BHK1ekcgt/9mRv28AKaLk
70xDMa+Gvl+EGMz1qxe5m5+TjB+iKeuJoFcJy/jUyclIk8nA3oZ1a6clBxWOoq7K
aFpQkiOAupugdIreSxblRk2f09pWUpdwLGBdBr9Y5qrq3WDvcwEK19R+llsiT1xx
2wf7JaxFZBl6dQ3JRCYi3Fw965+Gpoy8rp1aQjv+ucsoNND1kt43VzIUvOmR9xpA
pYhEfC/W6MLMdnyZAmZWW0POQM7qLBNfboa8wbgCYs7Amdn44b/8yRhpljKZptxi
rqWbxVCm+DntlqDxX/5S8kXX3pDDjxCumqa7ZDaczYJ+PvIVn8C5obbwCh9nAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUzaCDKKyfKWPhCRXK/b3ttJNF4H4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM5
MzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGRT74w
DQYJKoZIhvcNAQELBQADggEBAEDcJ0KzfI3FuevWdDfMnQyVgoZgtmXRQLOOE9i+
JfTEsw3yL3OIEHNpFNRKmAjzS74ZazlY7QSLdjTiIMRxmv1+/8svDOVW8f0VsY96
oX/PsSaFII94CpDkg7Z9cQCF1FA8MDi0wvP+dwKJNhhZAXpwiXJi6f36xLgX/7Vq
6pjAUQFcbLGIDlzJHHEeg2y43p9WpJ4LFyi9xmOn4F8MC8CMCPGgrZIjmiq3Qi5H
jZHZ7fc7gL3NI2gMAmbhZtF6SIxp9RisF/se7AyV3uH8LefhYnIrOuwrt/i171Wl
o0JOBvPm1sQaXaCFkhdiuODJi2KKF6tjA9BVMs9ANSqDrDw=
-----END CERTIFICATE-----