Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e35352e302f32342d3332203d3e203531313637.roa
File:                     3135392e34382e35352e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          1ID2rFSIIRhPMl0Mv1OaELWImJkD8ND5QmtPP7wkDUg=
Subject key identifier:   7D:AF:7E:91:48:C0:39:5A:5B:2F:CB:1B:BF:AF:12:9C:23:4D:08:D7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       032D9FAD142A9D1ED4D556C2BC9FD50C01F28C98
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e35352e302f32342d3332203d3e203531313637.roa
Signing time:             Thu 02 Apr 2026 21:23:34 +0000
ROA not before:           Thu 02 Apr 2026 21:18:34 +0000
ROA not after:            Thu 01 Apr 2027 21:23:34 +0000
asID:                     51167
IP address blocks:        159.48.55.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:2d:9f:ad:14:2a:9d:1e:d4:d5:56:c2:bc:9f:d5:0c:01:f2:8c:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr  2 21:18:34 2026 GMT
            Not After : Apr  1 21:23:34 2027 GMT
        Subject: CN=7DAF7E9148C0395A5B2FCB1BBFAF129C234D08D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a8:ee:e4:60:94:a4:06:61:4d:5f:46:b1:73:
                    f3:95:21:e2:0d:f5:e5:df:54:6a:71:eb:dd:ff:90:
                    1d:b3:49:6c:8e:d7:15:b1:91:38:c0:be:09:9a:60:
                    ea:b3:43:a5:2e:01:a4:27:c6:20:89:c9:8a:02:be:
                    3e:b2:cc:ba:2e:d1:91:b1:88:c7:31:c0:8f:bb:f8:
                    3f:9a:3d:6b:c8:4b:a6:b2:bf:ca:6b:81:10:df:34:
                    59:25:97:4e:f9:29:88:3f:ab:f9:25:ff:97:20:3d:
                    8d:5e:bb:f5:8f:43:75:c8:25:84:d2:4b:fc:9e:16:
                    70:86:0d:3a:42:75:16:f1:b4:ee:c4:d0:22:75:e8:
                    37:32:4a:f4:ec:61:98:85:cd:7b:26:6b:18:05:f7:
                    91:03:58:a9:a6:62:e7:a8:fe:91:3a:da:ac:30:9d:
                    a3:20:18:de:a0:6c:76:19:31:3e:c5:a2:b3:47:d1:
                    88:1f:2d:ff:b1:60:ba:3c:41:22:22:65:4e:61:8a:
                    45:fb:51:64:de:dd:b1:e8:45:b9:bf:40:e1:81:a7:
                    fa:90:ef:a2:88:3d:ef:48:72:9f:b2:5e:9b:3e:11:
                    24:e4:36:b2:20:d5:6d:a7:70:b6:ab:22:a1:e6:ee:
                    68:67:f9:a7:d2:c9:86:ab:a5:77:b9:10:90:da:50:
                    3b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:AF:7E:91:48:C0:39:5A:5B:2F:CB:1B:BF:AF:12:9C:23:4D:08:D7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3135392e34382e35352e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.48.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:92:99:36:01:94:6a:d7:8c:1b:a5:18:08:2f:f9:a0:dd:43:
         98:96:d8:f1:7e:25:e3:e3:43:2e:b3:7d:57:b5:53:e6:71:b7:
         73:eb:9f:d2:6a:6f:84:37:29:b4:21:42:98:21:0a:42:31:99:
         d1:fa:d5:59:fa:a0:12:57:f3:30:46:5c:aa:08:3f:3c:7c:80:
         d5:6d:d4:0d:5b:e6:92:a5:02:0f:eb:b4:3e:7f:79:88:48:4b:
         5c:b2:1b:6e:91:a1:30:c1:76:c0:16:25:f7:37:28:23:36:9e:
         56:59:0d:33:ac:f2:f7:40:ef:c2:d6:bb:7d:49:33:45:ab:a8:
         15:39:d9:12:4b:95:fd:ed:05:b7:e5:4b:66:52:fd:d2:c8:3e:
         a4:c0:9f:d0:46:68:94:e3:d5:bc:fa:bd:5c:bc:85:11:48:24:
         fb:5b:a0:cc:1b:15:08:dd:31:db:83:fb:3e:81:bf:06:e9:a5:
         a7:2b:89:31:5c:e2:9c:fc:b4:fb:fb:ba:43:b0:43:2d:0f:db:
         96:f2:dc:59:61:2c:6f:32:16:04:54:5a:2e:81:05:af:74:19:
         f5:c6:c5:6d:6a:d4:1d:82:b4:92:79:8a:9f:55:22:0f:2b:09:
         d8:f3:aa:41:bf:8f:5b:5b:b1:12:d0:97:ec:dd:0b:3c:bc:d8:
         19:8a:78:d2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAy2frRQqnR7U1VbCvJ/VDAHyjJgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MDIyMTE4MzRaFw0yNzA0MDEyMTIzMzRaMDMxMTAvBgNV
BAMTKDdEQUY3RTkxNDhDMDM5NUE1QjJGQ0IxQkJGQUYxMjlDMjM0RDA4RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyqO7kYJSkBmFNX0axc/OVIeIN
9eXfVGpx693/kB2zSWyO1xWxkTjAvgmaYOqzQ6UuAaQnxiCJyYoCvj6yzLou0ZGx
iMcxwI+7+D+aPWvIS6ayv8prgRDfNFkll075KYg/q/kl/5cgPY1eu/WPQ3XIJYTS
S/yeFnCGDTpCdRbxtO7E0CJ16DcySvTsYZiFzXsmaxgF95EDWKmmYueo/pE62qww
naMgGN6gbHYZMT7ForNH0YgfLf+xYLo8QSIiZU5hikX7UWTe3bHoRbm/QOGBp/qQ
76KIPe9Icp+yXps+ESTkNrIg1W2ncLarIqHm7mhn+afSyYarpXe5EJDaUDvvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfa9+kUjAOVpbL8sbv68SnCNNCNcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNTM5MmUzNDM4MmUzNTM1
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJ8w
NzANBgkqhkiG9w0BAQsFAAOCAQEATpKZNgGUateMG6UYCC/5oN1DmJbY8X4l4+ND
LrN9V7VT5nG3c+uf0mpvhDcptCFCmCEKQjGZ0frVWfqgElfzMEZcqgg/PHyA1W3U
DVvmkqUCD+u0Pn95iEhLXLIbbpGhMMF2wBYl9zcoIzaeVlkNM6zy90Dvwta7fUkz
RauoFTnZEkuV/e0Ft+VLZlL90sg+pMCf0EZolOPVvPq9XLyFEUgk+1ugzBsVCN0x
24P7PoG/BumlpyuJMVzinPy0+/u6Q7BDLQ/blvLcWWEsbzIWBFRaLoEFr3QZ9cbF
bWrUHYK0knmKn1UiDysJ2POqQb+PW1uxEtCX7N0LPLzYGYp40g==
-----END CERTIFICATE-----