Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37312e302f32342d3234203d3e203332303433.roa
File:                     3134352e37392e37312e302f32342d3234203d3e203332303433.roa (raw, json)
Hash identifier:          RyGbS2q5mMjIE3eGpb+L7QAlpWHHcwxltIf+latPrbk=
Subject key identifier:   2A:67:B9:AC:6F:BD:8E:20:FC:DF:31:7B:53:C1:A3:96:F6:B2:4A:2F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2065EC17DBBB5F4327FBE29041DE19527EB94FAA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37312e302f32342d3234203d3e203332303433.roa
Signing time:             Wed 10 Jun 2026 11:25:09 +0000
ROA not before:           Wed 10 Jun 2026 11:20:09 +0000
ROA not after:            Wed 09 Jun 2027 11:25:09 +0000
asID:                     32043
IP address blocks:        145.79.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:42:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:65:ec:17:db:bb:5f:43:27:fb:e2:90:41:de:19:52:7e:b9:4f:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 10 11:20:09 2026 GMT
            Not After : Jun  9 11:25:09 2027 GMT
        Subject: CN=2A67B9AC6FBD8E20FCDF317B53C1A396F6B24A2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:81:30:ca:3d:bc:7d:ea:c5:31:e6:b3:8b:12:
                    63:5b:15:8e:ca:1c:08:51:87:7f:fd:8d:47:cc:35:
                    f4:b0:ca:62:cc:ec:e7:18:df:02:c0:60:0e:e6:5e:
                    4a:28:ed:4a:0f:df:a3:f6:6d:44:1d:04:4b:be:fe:
                    1c:39:17:69:61:a8:07:17:36:73:be:f5:f7:c8:b1:
                    0b:c8:c0:44:74:92:88:14:0e:0d:77:8d:fb:80:1f:
                    3e:78:74:0a:e8:63:10:64:9e:5b:62:ee:57:18:56:
                    9f:6e:6b:9d:b0:f3:1b:e0:73:e6:52:16:85:cd:61:
                    f6:9b:27:62:b6:2c:75:20:39:75:26:13:a3:5f:af:
                    0e:0a:4c:ed:1a:ac:3f:ce:ac:df:43:39:4d:fb:31:
                    30:04:7f:a2:5b:5a:07:86:9d:3c:ef:b7:55:12:a9:
                    7d:fa:e9:ed:4c:a1:27:90:ee:98:24:ea:35:13:4a:
                    36:f7:af:8b:12:d4:f8:d0:74:79:0b:81:a7:ea:85:
                    1e:17:88:a5:6a:96:55:ec:d9:63:92:15:a6:47:fc:
                    23:28:13:23:b6:f8:d4:c2:c6:e7:03:8b:02:b3:79:
                    e9:3c:79:ed:33:a2:0d:7a:db:32:5f:be:d7:6f:6a:
                    32:ac:1f:50:b0:8f:92:bc:01:e7:7b:5e:24:88:f1:
                    d6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:67:B9:AC:6F:BD:8E:20:FC:DF:31:7B:53:C1:A3:96:F6:B2:4A:2F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e37312e302f32342d3234203d3e203332303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:e8:c1:79:00:01:c6:5f:29:7d:ef:40:8b:18:9a:f9:a6:c3:
         d8:1c:54:e2:6d:2c:31:b6:8b:b4:89:38:21:af:5b:cb:a7:bd:
         e8:44:1a:3f:54:d5:79:e2:3f:62:8d:a9:69:da:d6:23:78:c5:
         5b:3d:c7:37:75:9b:fd:45:e1:86:c7:2d:9f:ff:15:10:14:81:
         a2:c1:9b:7e:98:1e:85:1a:17:11:b4:b8:f2:95:ce:2d:48:8c:
         38:7c:dc:3c:05:5f:d0:d5:75:5d:4a:8d:56:dc:f5:bc:1b:9d:
         36:0c:8b:f5:4d:6a:78:aa:0f:ef:fd:ab:8f:8a:88:8f:8f:01:
         2d:06:31:de:a1:dd:1a:67:02:46:64:ff:61:a6:6f:a5:22:ae:
         a2:4e:b1:53:ad:a3:30:d8:cc:a2:61:8d:88:4c:bd:55:7c:08:
         7c:bb:bc:0a:60:b9:9d:4c:43:a6:a2:94:49:45:f5:61:63:71:
         a9:8b:ac:f5:6a:21:7c:cc:9f:9d:bc:4b:d8:24:be:9e:05:c3:
         4d:30:a2:81:0f:be:7d:20:41:4a:b2:f9:70:3d:58:bb:7b:15:
         48:ec:4b:37:9a:4f:5c:01:ce:1e:10:2e:3f:11:3e:4b:91:f1:
         59:dc:11:f9:d2:cd:70:c3:f1:78:e7:93:25:2f:b0:59:b4:38:
         22:5c:17:fb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIGXsF9u7X0Mn++KQQd4ZUn65T6owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MTAxMTIwMDlaFw0yNzA2MDkxMTI1MDlaMDMxMTAvBgNV
BAMTKDJBNjdCOUFDNkZCRDhFMjBGQ0RGMzE3QjUzQzFBMzk2RjZCMjRBMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrgTDKPbx96sUx5rOLEmNbFY7K
HAhRh3/9jUfMNfSwymLM7OcY3wLAYA7mXkoo7UoP36P2bUQdBEu+/hw5F2lhqAcX
NnO+9ffIsQvIwER0kogUDg13jfuAHz54dAroYxBknlti7lcYVp9ua52w8xvgc+ZS
FoXNYfabJ2K2LHUgOXUmE6Nfrw4KTO0arD/OrN9DOU37MTAEf6JbWgeGnTzvt1US
qX366e1MoSeQ7pgk6jUTSjb3r4sS1PjQdHkLgafqhR4XiKVqllXs2WOSFaZH/CMo
EyO2+NTCxucDiwKzeek8ee0zog162zJfvtdvajKsH1Cwj5K8Aed7XiSI8dYDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKme5rG+9jiD83zF7U8GjlvaySi8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzNzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMjMwMzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJFP
RzANBgkqhkiG9w0BAQsFAAOCAQEANujBeQABxl8pfe9Aixia+abD2BxU4m0sMbaL
tIk4Ia9by6e96EQaP1TVeeI/Yo2padrWI3jFWz3HN3Wb/UXhhsctn/8VEBSBosGb
fpgehRoXEbS48pXOLUiMOHzcPAVf0NV1XUqNVtz1vBudNgyL9U1qeKoP7/2rj4qI
j48BLQYx3qHdGmcCRmT/YaZvpSKuok6xU62jMNjMomGNiEy9VXwIfLu8CmC5nUxD
pqKUSUX1YWNxqYus9WohfMyfnbxL2CS+ngXDTTCigQ++fSBBSrL5cD1Yu3sVSOxL
N5pPXAHOHhAuPxE+S5HxWdwR+dLNcMPxeOeTJS+wWbQ4IlwX+w==
-----END CERTIFICATE-----