Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134372e39332e37382e302f32332d3234203d3e203437353833.roa
File:                     3134372e39332e37382e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          WPt3KZZtgCtNR0JVAjSVLCe/6IrCeAseFLKpSFsEt3I=
Subject key identifier:   55:D6:59:0E:BB:FE:88:CD:38:1A:3F:89:85:F1:C8:1F:9E:35:44:4C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       35DC6F43C85303FB48D93EF1E30443175DB9A8E9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134372e39332e37382e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 26 Jan 2026 10:23:11 +0000
ROA not before:           Mon 26 Jan 2026 10:18:11 +0000
ROA not after:            Mon 25 Jan 2027 10:23:11 +0000
asID:                     47583
IP address blocks:        147.93.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:04:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:dc:6f:43:c8:53:03:fb:48:d9:3e:f1:e3:04:43:17:5d:b9:a8:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 26 10:18:11 2026 GMT
            Not After : Jan 25 10:23:11 2027 GMT
        Subject: CN=55D6590EBBFE88CD381A3F8985F1C81F9E35444C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2f:eb:20:0e:3c:21:87:8f:14:f3:f5:dd:5f:
                    11:7a:b4:78:65:e9:ca:01:65:0c:9f:ee:4a:ed:80:
                    86:85:2e:cf:60:ec:d5:81:01:29:5d:45:9e:64:6a:
                    8e:25:f2:7e:2e:41:57:47:50:e5:cf:0c:c1:1e:06:
                    ac:c1:2a:b9:3b:aa:d2:51:ba:2d:e9:f8:2a:96:6c:
                    68:dd:cf:b3:06:d1:26:2c:96:20:64:42:d2:d9:87:
                    b1:6c:38:a6:81:d3:7f:4a:10:95:09:3b:93:4c:6a:
                    b3:ba:26:7d:d7:0c:f4:92:2f:23:5d:8e:f2:25:ac:
                    26:87:85:f0:be:14:1c:fe:8b:a3:02:73:8b:0e:bc:
                    30:63:53:c4:f6:49:16:f4:99:11:14:d7:69:2d:59:
                    95:51:6e:d5:c4:0d:e0:92:1d:2e:3d:ce:30:df:06:
                    a1:18:44:59:cf:90:1b:c8:15:06:16:66:20:c4:15:
                    5d:e8:90:b4:0f:b0:8d:94:43:a0:6a:10:71:87:d3:
                    de:fe:4d:91:4a:0a:71:6b:c6:99:ad:09:e8:a6:27:
                    2a:2e:7b:02:07:13:fb:4b:14:a8:19:71:34:d4:13:
                    43:b5:e5:b3:3b:8f:ce:f5:c3:8d:d1:51:1c:48:59:
                    c0:24:1b:c5:b5:3e:4d:06:a3:02:e8:04:51:8a:92:
                    94:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:D6:59:0E:BB:FE:88:CD:38:1A:3F:89:85:F1:C8:1F:9E:35:44:4C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134372e39332e37382e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.93.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:0f:7b:75:23:82:34:a5:09:a0:14:a9:25:e7:f8:ba:fa:87:
         23:01:5e:11:3a:bf:34:7e:e0:08:4b:9f:a9:ff:ca:f9:ca:ac:
         b6:5b:99:1c:d5:70:7d:1e:6b:93:5a:ed:9d:0c:69:d5:54:b4:
         2a:2b:ff:f5:3e:01:19:ba:9a:09:38:6e:ba:4c:02:e2:73:6f:
         fe:6f:55:f7:7b:9f:16:62:de:50:09:58:38:61:d5:e8:04:46:
         ed:65:61:7f:09:c6:bf:7f:05:8f:68:43:0e:5f:43:d9:8f:0d:
         06:91:f5:80:f8:70:14:a3:97:33:f3:93:8b:20:05:45:2b:d8:
         35:ca:9b:a3:25:66:23:b1:5f:0b:f4:a9:95:06:e7:f1:91:d0:
         6b:72:ee:68:bb:91:19:19:14:5e:2b:cb:b5:ca:da:83:23:c2:
         46:65:75:ff:ba:5a:73:2e:f5:14:99:e6:cc:e9:d3:fd:d4:fb:
         d7:29:f5:fa:43:1b:57:4e:47:48:33:47:06:1b:36:55:ee:69:
         7a:d1:fa:a5:0d:b4:25:a4:96:be:cd:27:0c:bd:67:82:3d:41:
         87:48:ae:29:87:ab:38:13:e0:bd:cd:8f:56:5d:ff:cd:d8:90:
         8c:a6:87:6b:72:02:9c:02:04:6e:c2:0d:e8:1d:67:4f:33:cd:
         70:af:32:2c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNdxvQ8hTA/tI2T7x4wRDF125qOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAxMjYxMDE4MTFaFw0yNzAxMjUxMDIzMTFaMDMxMTAvBgNV
BAMTKDU1RDY1OTBFQkJGRTg4Q0QzODFBM0Y4OTg1RjFDODFGOUUzNTQ0NEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaL+sgDjwhh48U8/XdXxF6tHhl
6coBZQyf7krtgIaFLs9g7NWBASldRZ5kao4l8n4uQVdHUOXPDMEeBqzBKrk7qtJR
ui3p+CqWbGjdz7MG0SYsliBkQtLZh7FsOKaB039KEJUJO5NMarO6Jn3XDPSSLyNd
jvIlrCaHhfC+FBz+i6MCc4sOvDBjU8T2SRb0mREU12ktWZVRbtXEDeCSHS49zjDf
BqEYRFnPkBvIFQYWZiDEFV3okLQPsI2UQ6BqEHGH097+TZFKCnFrxpmtCeimJyou
ewIHE/tLFKgZcTTUE0O15bM7j871w43RURxIWcAkG8W1Pk0GowLoBFGKkpTBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVdZZDrv+iM04Gj+JhfHIH541REwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM3MmUzOTMzMmUzNzM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZNd
TjANBgkqhkiG9w0BAQsFAAOCAQEAhw97dSOCNKUJoBSpJef4uvqHIwFeETq/NH7g
CEufqf/K+cqstluZHNVwfR5rk1rtnQxp1VS0Kiv/9T4BGbqaCThuukwC4nNv/m9V
93ufFmLeUAlYOGHV6ARG7WVhfwnGv38Fj2hDDl9D2Y8NBpH1gPhwFKOXM/OTiyAF
RSvYNcqboyVmI7FfC/SplQbn8ZHQa3LuaLuRGRkUXivLtcragyPCRmV1/7pacy71
FJnmzOnT/dT71yn1+kMbV05HSDNHBhs2Ve5petH6pQ20JaSWvs0nDL1ngj1Bh0iu
KYerOBPgvc2PVl3/zdiQjKaHa3ICnAIEbsIN6B1nTzPNcK8yLA==
-----END CERTIFICATE-----