Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32332d3233203d3e20383334.roa
File:                     3139342e3139352e39342e302f32332d3233203d3e20383334.roa (raw, json)
Hash identifier:          ZKZsG9ssqp6HfFjO4fc3GOlSt89+Ca6K0T2jqVZPxU4=
Subject key identifier:   45:B1:57:57:34:24:B9:91:70:21:D8:69:90:C4:C1:F7:A6:FF:F6:54
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5E663B40F4739F6E53985CDB739BB566946C5041
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32332d3233203d3e20383334.roa
Signing time:             Tue 31 Mar 2026 13:23:32 +0000
ROA not before:           Tue 31 Mar 2026 13:18:32 +0000
ROA not after:            Tue 30 Mar 2027 13:23:32 +0000
asID:                     834
IP address blocks:        194.195.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:66:3b:40:f4:73:9f:6e:53:98:5c:db:73:9b:b5:66:94:6c:50:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 31 13:18:32 2026 GMT
            Not After : Mar 30 13:23:32 2027 GMT
        Subject: CN=45B157573424B9917021D86990C4C1F7A6FFF654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:54:d4:55:5b:20:35:dc:41:6a:29:ec:38:ab:
                    92:20:fe:5f:88:70:83:e2:5e:77:da:e6:ce:54:57:
                    69:9e:2b:7e:2c:80:ff:ec:fb:db:b4:44:14:c6:ae:
                    52:de:a7:5c:5c:eb:f6:c6:da:ec:5a:a2:89:1c:de:
                    92:41:a9:b1:d9:3f:49:3a:5d:3f:ea:d2:f0:28:98:
                    61:fe:ac:ef:ee:3f:aa:56:b8:df:9c:cf:5e:8e:b7:
                    12:89:7c:25:2b:ad:5e:00:fc:7f:92:cd:7f:22:31:
                    62:8e:e8:30:dd:14:89:24:0f:30:a5:97:b1:19:58:
                    e0:ca:dc:ea:49:62:f8:97:3c:e6:e0:e0:8f:c2:5e:
                    a1:7a:d9:d7:d1:c2:fc:39:65:75:b3:d8:df:50:03:
                    fa:26:8d:35:21:4d:d5:b4:79:81:e9:bf:4f:35:fa:
                    80:d1:d9:ca:e9:1d:23:b5:d1:a0:56:3f:d1:6b:c2:
                    c6:68:96:2b:d3:c3:32:d2:16:9a:a5:b3:e4:ff:bc:
                    32:36:fa:70:d1:19:8d:11:0d:a9:73:57:4e:cb:a4:
                    5a:4d:c4:e1:b8:6d:c2:93:36:37:a5:03:92:7d:06:
                    9d:8f:92:dc:87:d4:a2:7c:e6:3c:a5:59:46:bf:41:
                    36:80:7a:a9:01:0f:cb:ca:8b:cb:ae:7d:b5:96:90:
                    ab:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:B1:57:57:34:24:B9:91:70:21:D8:69:90:C4:C1:F7:A6:FF:F6:54
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32332d3233203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:ad:8e:27:7f:a7:62:50:35:7c:46:26:c5:5f:2f:b2:b5:ca:
         1d:63:ad:24:b8:8f:55:67:50:aa:1f:77:92:cf:cc:cb:ed:05:
         cd:05:9c:bf:e0:49:55:72:28:69:1a:c3:21:a9:0e:80:23:f3:
         52:4a:4b:71:2d:37:47:74:30:45:3c:8a:f5:9a:c3:00:e2:60:
         66:bf:9f:81:63:4d:70:11:d8:99:3c:17:f5:87:1a:73:5e:a6:
         1c:5b:83:98:d9:20:16:68:aa:4e:49:f0:7a:fc:9f:8d:83:0e:
         9f:f9:4c:b9:56:5f:0b:8a:63:24:e4:bc:b2:70:34:10:af:ed:
         60:63:09:d4:4f:f3:04:78:2d:b1:fe:51:d1:50:8d:fa:b8:9c:
         90:cb:5c:8c:fd:bb:33:a8:9f:46:70:22:35:fb:a4:62:bf:80:
         f7:d3:6f:01:f6:76:07:d7:ab:08:9d:da:57:cb:a5:c7:15:c5:
         ae:35:92:1e:41:13:a1:cb:06:c4:79:cb:72:8d:df:c6:d4:b4:
         7f:ed:b7:9f:9c:49:03:4a:c5:75:41:08:5c:24:25:e4:9b:53:
         14:0a:4c:78:ed:e1:67:1c:33:7e:05:5f:56:6f:20:98:5c:b5:
         e8:5b:35:21:cf:a1:9c:f8:e7:4b:32:64:27:f0:fb:e8:23:1b:
         5d:3b:3b:04
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXmY7QPRzn25TmFzbc5u1ZpRsUEEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMzExMzE4MzJaFw0yNzAzMzAxMzIzMzJaMDMxMTAvBgNV
BAMTKDQ1QjE1NzU3MzQyNEI5OTE3MDIxRDg2OTkwQzRDMUY3QTZGRkY2NTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6VNRVWyA13EFqKew4q5Ig/l+I
cIPiXnfa5s5UV2meK34sgP/s+9u0RBTGrlLep1xc6/bG2uxaookc3pJBqbHZP0k6
XT/q0vAomGH+rO/uP6pWuN+cz16OtxKJfCUrrV4A/H+SzX8iMWKO6DDdFIkkDzCl
l7EZWODK3OpJYviXPObg4I/CXqF62dfRwvw5ZXWz2N9QA/omjTUhTdW0eYHpv081
+oDR2crpHSO10aBWP9FrwsZolivTwzLSFpqls+T/vDI2+nDRGY0RDalzV07LpFpN
xOG4bcKTNjelA5J9Bp2PktyH1KJ85jylWUa/QTaAeqkBD8vKi8uufbWWkKtPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQURbFXVzQkuZFwIdhpkMTB96b/9lQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM0MmUzMTM5MzUyZTM5
MzQyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCw14w
DQYJKoZIhvcNAQELBQADggEBADStjid/p2JQNXxGJsVfL7K1yh1jrSS4j1VnUKof
d5LPzMvtBc0FnL/gSVVyKGkawyGpDoAj81JKS3EtN0d0MEU8ivWawwDiYGa/n4Fj
TXAR2Jk8F/WHGnNephxbg5jZIBZoqk5J8Hr8n42DDp/5TLlWXwuKYyTkvLJwNBCv
7WBjCdRP8wR4LbH+UdFQjfq4nJDLXIz9uzOon0ZwIjX7pGK/gPfTbwH2dgfXqwid
2lfLpccVxa41kh5BE6HLBsR5y3KN38bUtH/tt5+cSQNKxXVBCFwkJeSbUxQKTHjt
4WccM34FX1ZvIJhctehbNSHPoZz450syZCfw++gjG107OwQ=
-----END CERTIFICATE-----