Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3234302e302f32302d3234203d3e2037303239.roa
File:                     3134352e37392e3234302e302f32302d3234203d3e2037303239.roa (raw, json)
Hash identifier:          oMvAwaaSRKjXzLo2N8PebAwTiDWP5NadjBiAYNBasmo=
Subject key identifier:   B4:18:15:40:16:23:0F:AA:FE:49:C3:71:56:2C:3D:34:57:96:5C:42
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       21AACE858B821392C1AC9334B1FC5BBD309B53D0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3234302e302f32302d3234203d3e2037303239.roa
Signing time:             Thu 09 Apr 2026 09:04:24 +0000
ROA not before:           Thu 09 Apr 2026 08:59:24 +0000
ROA not after:            Thu 08 Apr 2027 09:04:24 +0000
asID:                     7029
IP address blocks:        145.79.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:14:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:aa:ce:85:8b:82:13:92:c1:ac:93:34:b1:fc:5b:bd:30:9b:53:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr  9 08:59:24 2026 GMT
            Not After : Apr  8 09:04:24 2027 GMT
        Subject: CN=B418154016230FAAFE49C371562C3D3457965C42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:36:4a:cc:44:b0:ac:92:be:8f:70:93:89:b7:
                    b7:83:e0:73:10:d2:ab:8f:07:71:26:31:e2:d4:b8:
                    4d:10:c3:d7:df:f9:b4:67:6e:57:fb:38:1e:70:32:
                    2f:fe:af:14:3d:6c:88:ab:3f:f4:6e:0b:a4:2d:27:
                    63:45:8e:21:f3:56:af:9c:1b:a8:7e:db:f6:e8:08:
                    96:52:07:d1:d6:fe:f8:9e:75:b5:1e:73:32:19:7c:
                    c2:6e:6b:30:3a:fb:2f:84:b4:70:75:c3:8a:0f:37:
                    81:23:f4:a2:81:e8:b7:f0:68:d8:eb:2f:30:0d:d5:
                    df:8f:e3:44:be:3a:86:51:0b:19:cf:ed:60:71:26:
                    75:dc:84:4f:91:e7:1f:97:3d:e6:33:96:76:fa:97:
                    b2:a6:b7:62:3f:a2:70:b8:35:4f:aa:97:6e:8a:dd:
                    82:ee:c5:71:20:8d:f0:84:7c:85:ce:1d:27:83:1a:
                    0f:8b:e1:9a:70:42:9f:f8:87:a4:86:17:74:00:b8:
                    55:11:a4:f2:0e:58:36:05:61:d5:0e:50:4f:c7:0d:
                    ca:4c:62:3c:f9:23:39:5d:20:9a:ff:e6:75:ee:29:
                    ba:8c:9c:be:f4:8d:51:33:7e:5a:cc:40:9e:c5:5d:
                    8c:0d:30:68:d4:8d:f9:db:2b:ed:d7:4d:b1:53:53:
                    85:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:18:15:40:16:23:0F:AA:FE:49:C3:71:56:2C:3D:34:57:96:5C:42
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3234302e302f32302d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         70:b5:bc:e1:49:db:8d:03:dc:46:ed:3f:be:ed:c9:c8:7c:c2:
         5c:39:d5:5a:ce:1f:aa:d2:35:54:a7:4d:4a:a9:c1:d1:86:da:
         ef:52:da:62:c9:71:52:52:85:7d:c7:ca:77:81:02:a6:67:09:
         c0:16:2b:8d:d6:ef:2d:f9:94:1a:88:3e:29:11:cf:09:cf:d9:
         bc:41:ec:74:0c:30:03:17:83:e3:89:b8:31:e4:42:9d:1a:34:
         fa:97:06:b8:9d:35:d4:f1:d4:d2:28:d7:c2:eb:0d:35:0c:29:
         37:90:ce:f8:6e:ee:31:95:ee:f6:33:79:47:20:f8:a3:0e:96:
         f6:4e:81:3c:d1:e2:b8:d0:3d:1c:59:45:58:98:61:ed:4b:d9:
         c1:67:b1:c8:3d:6d:97:b7:5c:d9:bc:8e:5f:e3:7d:4b:66:8b:
         2c:0b:20:75:b7:29:04:a8:74:d3:65:41:ce:7d:ec:39:f8:19:
         d5:35:f3:a6:9e:3a:68:05:fd:b5:53:63:6a:74:df:4e:61:1e:
         c9:51:9e:a0:e0:d6:6d:30:f8:84:bf:f6:53:a6:4a:e6:9d:10:
         bf:a0:0e:90:08:cf:7f:e1:23:26:b1:09:8a:f6:96:5d:79:c4:
         1c:65:da:18:cf:5d:78:8e:0e:ac:b7:8a:22:4b:3e:4b:c8:70:
         d1:37:be:71
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIarOhYuCE5LBrJM0sfxbvTCbU9AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MDkwODU5MjRaFw0yNzA0MDgwOTA0MjRaMDMxMTAvBgNV
BAMTKEI0MTgxNTQwMTYyMzBGQUFGRTQ5QzM3MTU2MkMzRDM0NTc5NjVDNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGNkrMRLCskr6PcJOJt7eD4HMQ
0quPB3EmMeLUuE0Qw9ff+bRnblf7OB5wMi/+rxQ9bIirP/RuC6QtJ2NFjiHzVq+c
G6h+2/boCJZSB9HW/viedbUeczIZfMJuazA6+y+EtHB1w4oPN4Ej9KKB6LfwaNjr
LzAN1d+P40S+OoZRCxnP7WBxJnXchE+R5x+XPeYzlnb6l7Kmt2I/onC4NU+ql26K
3YLuxXEgjfCEfIXOHSeDGg+L4ZpwQp/4h6SGF3QAuFURpPIOWDYFYdUOUE/HDcpM
Yjz5IzldIJr/5nXuKbqMnL70jVEzflrMQJ7FXYwNMGjUjfnbK+3XTbFTU4UvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUtBgVQBYjD6r+ScNxViw9NFeWXEIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMjM0
MzAyZTMwMmYzMjMwMmQzMjM0MjAzZDNlMjAzNzMwMzIzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBJFP
8DANBgkqhkiG9w0BAQsFAAOCAQEAcLW84UnbjQPcRu0/vu3JyHzCXDnVWs4fqtI1
VKdNSqnB0Yba71LaYslxUlKFfcfKd4ECpmcJwBYrjdbvLfmUGog+KRHPCc/ZvEHs
dAwwAxeD44m4MeRCnRo0+pcGuJ011PHU0ijXwusNNQwpN5DO+G7uMZXu9jN5RyD4
ow6W9k6BPNHiuNA9HFlFWJhh7UvZwWexyD1tl7dc2byOX+N9S2aLLAsgdbcpBKh0
02VBzn3sOfgZ1TXzpp46aAX9tVNjanTfTmEeyVGeoODWbTD4hL/2U6ZK5p0Qv6AO
kAjPf+EjJrEJivaWXXnEHGXaGM9deI4OrLeKIks+S8hw0Te+cQ==
-----END CERTIFICATE-----