Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36372e302f32342d3234203d3e203332303433.roa
File:                     3134352e37392e36372e302f32342d3234203d3e203332303433.roa (raw, json)
Hash identifier:          ZsoRLIp8RsSyd4hjJ3zevkmkv0uL01j40B2EYdvbTi4=
Subject key identifier:   B7:CF:93:AF:DF:F7:E2:38:0F:A8:27:9E:6F:B0:3F:2D:AA:8C:25:15
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6529A7047BF3836BABCA80AB6FFC11015D4B8DDA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36372e302f32342d3234203d3e203332303433.roa
Signing time:             Wed 10 Jun 2026 11:25:06 +0000
ROA not before:           Wed 10 Jun 2026 11:20:06 +0000
ROA not after:            Wed 09 Jun 2027 11:25:06 +0000
asID:                     32043
IP address blocks:        145.79.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:42:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:29:a7:04:7b:f3:83:6b:ab:ca:80:ab:6f:fc:11:01:5d:4b:8d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 10 11:20:06 2026 GMT
            Not After : Jun  9 11:25:06 2027 GMT
        Subject: CN=B7CF93AFDFF7E2380FA8279E6FB03F2DAA8C2515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b9:58:4d:22:b8:42:41:15:14:3e:95:23:d2:
                    c8:79:f1:a4:87:95:b3:8a:01:56:3b:03:a1:ac:11:
                    d0:2d:b4:77:01:cb:e2:50:71:40:43:e8:ca:c6:cd:
                    e4:e1:69:15:f3:63:23:4d:52:c9:4a:43:d2:2e:f5:
                    c1:76:df:6c:09:2f:49:d7:fe:2a:40:a6:64:ca:30:
                    73:06:73:e8:32:e4:82:83:ba:ae:42:7c:97:54:63:
                    94:2b:d4:93:4c:0e:38:c8:0d:cf:d5:6c:fd:13:d8:
                    2d:61:57:09:42:12:29:93:01:09:15:f5:3e:24:a6:
                    a2:93:63:83:cd:15:17:92:16:ea:9d:44:24:0c:c8:
                    1f:84:3a:51:ea:50:fe:0a:31:69:02:0e:07:9f:e5:
                    ce:6b:c2:60:2a:71:72:f2:c1:6a:ac:69:23:e0:62:
                    71:95:6d:6e:08:c8:b4:5b:27:3d:a8:08:78:cd:40:
                    ee:d6:da:00:21:27:0b:ca:f9:a3:5b:a6:00:d5:5e:
                    e4:33:e3:29:0d:01:23:4f:8e:49:c4:09:42:3b:7a:
                    0a:e4:c8:a5:6d:79:1e:b2:dc:23:12:5c:52:a5:b4:
                    65:a9:1b:a6:49:43:e7:79:ef:c2:db:14:16:ce:cd:
                    a3:a4:4c:c9:44:86:90:e5:5c:7e:7e:42:73:6c:08:
                    fe:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:CF:93:AF:DF:F7:E2:38:0F:A8:27:9E:6F:B0:3F:2D:AA:8C:25:15
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e36372e302f32342d3234203d3e203332303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:3f:b3:b4:f8:b5:da:9a:5e:8f:df:92:b3:fd:08:49:da:8f:
         5f:8a:74:2c:4e:b9:41:43:8d:16:ad:75:b9:df:49:6d:60:0a:
         9e:c5:03:bf:eb:c9:5f:fc:49:a8:20:3f:1a:05:f9:77:75:e3:
         98:35:1e:da:a5:bf:32:f9:54:55:3a:b5:d2:3f:33:b1:da:b9:
         ca:dd:2c:0d:dd:ac:5e:c7:26:70:90:05:7f:2c:af:9b:99:d5:
         76:b2:4f:d6:79:53:f8:b8:79:28:6d:3f:d1:a5:67:bc:b4:4b:
         ee:d4:cd:5e:fa:74:a9:c1:0f:f0:9b:ba:6c:9b:69:87:19:24:
         30:03:c9:5c:21:bb:a1:c5:c6:55:ab:f4:e5:d4:69:c9:b0:4e:
         48:9a:e6:05:2b:2c:72:93:fa:55:24:7c:94:f5:1a:7e:b8:d2:
         e3:96:a6:3c:3f:51:01:0e:0f:80:48:17:65:43:d3:b8:ce:9e:
         42:63:ce:53:75:b4:54:59:97:06:3c:f8:dc:e5:ac:06:bf:90:
         89:05:3c:aa:af:1c:bb:0c:f8:04:ff:a2:51:6d:9b:0a:f2:8e:
         93:78:77:3b:0a:34:a2:7e:44:3b:50:ff:0c:24:e1:b0:f2:50:
         7f:98:85:ad:35:c3:cc:27:c6:d6:42:20:05:cb:8e:b5:86:0f:
         3c:85:57:fd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZSmnBHvzg2uryoCrb/wRAV1LjdowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MTAxMTIwMDZaFw0yNzA2MDkxMTI1MDZaMDMxMTAvBgNV
BAMTKEI3Q0Y5M0FGREZGN0UyMzgwRkE4Mjc5RTZGQjAzRjJEQUE4QzI1MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3uVhNIrhCQRUUPpUj0sh58aSH
lbOKAVY7A6GsEdAttHcBy+JQcUBD6MrGzeThaRXzYyNNUslKQ9Iu9cF232wJL0nX
/ipApmTKMHMGc+gy5IKDuq5CfJdUY5Qr1JNMDjjIDc/VbP0T2C1hVwlCEimTAQkV
9T4kpqKTY4PNFReSFuqdRCQMyB+EOlHqUP4KMWkCDgef5c5rwmAqcXLywWqsaSPg
YnGVbW4IyLRbJz2oCHjNQO7W2gAhJwvK+aNbpgDVXuQz4ykNASNPjknECUI7egrk
yKVteR6y3CMSXFKltGWpG6ZJQ+d578LbFBbOzaOkTMlEhpDlXH5+QnNsCP5DAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUt8+Tr9/34jgPqCeeb7A/LaqMJRUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNjM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMjMwMzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
QzANBgkqhkiG9w0BAQsFAAOCAQEAGD+ztPi12ppej9+Ss/0ISdqPX4p0LE65QUON
Fq11ud9JbWAKnsUDv+vJX/xJqCA/GgX5d3XjmDUe2qW/MvlUVTq10j8zsdq5yt0s
Dd2sXscmcJAFfyyvm5nVdrJP1nlT+Lh5KG0/0aVnvLRL7tTNXvp0qcEP8Ju6bJtp
hxkkMAPJXCG7ocXGVav05dRpybBOSJrmBSsscpP6VSR8lPUafrjS45amPD9RAQ4P
gEgXZUPTuM6eQmPOU3W0VFmXBjz43OWsBr+QiQU8qq8cuwz4BP+iUW2bCvKOk3h3
Owo0on5EO1D/DCThsPJQf5iFrTXDzCfG1kIgBcuOtYYPPIVX/Q==
-----END CERTIFICATE-----