Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32302e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e32302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          AYpBdrGv6LYh5XC/ZVu2pgugD+ae99kkEBjHsRgth28=
Subject key identifier:   CA:E6:B1:35:9F:5C:83:0A:05:5A:6F:D0:AA:27:A2:EE:41:D3:D6:38
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4E7866488690F730BD74B3F18D355534F5ABC3CD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32302e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 16 Apr 2026 11:23:40 +0000
ROA not before:           Thu 16 Apr 2026 11:18:40 +0000
ROA not after:            Thu 15 Apr 2027 11:23:40 +0000
asID:                     47583
IP address blocks:        195.35.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:14:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:78:66:48:86:90:f7:30:bd:74:b3:f1:8d:35:55:34:f5:ab:c3:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 16 11:18:40 2026 GMT
            Not After : Apr 15 11:23:40 2027 GMT
        Subject: CN=CAE6B1359F5C830A055A6FD0AA27A2EE41D3D638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3e:85:01:f0:c6:87:dc:e3:b3:3a:f1:b1:2d:
                    c3:2f:02:9e:14:88:03:e6:ec:90:b2:eb:39:63:ee:
                    81:42:78:dd:07:43:ee:2a:a8:a8:4a:b7:3e:ef:cd:
                    0b:4c:08:6b:76:2e:03:1d:a4:cf:79:49:a4:95:a2:
                    b4:7a:08:67:15:39:70:83:56:0b:c2:e0:2e:56:4f:
                    27:9a:92:52:39:d6:89:88:81:26:ba:0a:4d:78:9b:
                    21:b6:92:24:2a:24:0b:11:63:38:bd:53:80:87:3a:
                    8d:15:f2:26:f4:dd:70:f8:72:50:a8:a0:f3:58:93:
                    1e:b8:6f:a3:aa:87:32:01:ec:b4:cc:00:07:be:ad:
                    33:7a:89:ec:d2:44:28:76:a4:af:45:49:bc:df:ca:
                    64:1e:0c:72:44:eb:03:db:17:55:f1:f3:ef:35:08:
                    3a:f4:0f:69:fb:71:c6:d9:55:0a:0a:51:f4:73:4f:
                    54:14:e8:f8:c4:df:10:42:41:b5:7b:31:11:84:01:
                    9f:6c:39:a3:59:42:26:8d:71:40:1a:bb:47:b6:f5:
                    1c:5a:59:53:4d:0a:99:27:39:b6:a4:af:3d:d0:14:
                    ef:da:ee:76:c1:10:52:cd:ee:d9:d9:22:d3:7d:fa:
                    5a:6e:cb:16:43:d3:e3:f0:70:4c:84:74:9a:03:d3:
                    f7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:E6:B1:35:9F:5C:83:0A:05:5A:6F:D0:AA:27:A2:EE:41:D3:D6:38
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:18:c7:92:27:97:12:6d:44:bd:5c:8f:43:16:66:ca:3a:43:
         7b:64:b1:f1:19:14:cc:07:1a:bd:99:bc:35:43:81:99:b2:d7:
         e6:3b:35:7e:eb:39:e4:10:6c:fb:98:e3:33:e0:f3:05:a4:05:
         a0:16:d6:8f:a9:cd:c0:d5:18:30:bf:6e:a4:e2:96:6d:69:32:
         f6:11:26:2d:c3:e4:a6:76:02:8c:c8:34:75:6d:f0:ae:38:79:
         eb:42:42:10:01:8f:e6:2a:3f:8e:84:a4:36:27:a5:7b:db:13:
         38:39:be:ea:5c:e3:72:6c:d4:a5:d9:41:06:7a:63:1a:76:62:
         c0:aa:db:e7:7b:84:ae:b1:dd:f6:83:69:82:52:da:0a:e5:e3:
         20:16:be:76:23:9c:43:68:34:86:8f:0f:b9:24:72:dc:49:70:
         a6:53:7b:e6:4c:42:10:0f:71:76:f2:3a:87:8f:65:3e:f7:2f:
         f2:42:da:d7:d4:63:61:55:f9:02:58:46:89:36:83:08:1a:b4:
         70:54:07:3b:16:2e:f2:af:f6:b5:11:30:18:f6:cb:52:26:22:
         42:26:f9:a5:fc:7d:0d:ae:c4:c5:f5:c7:8d:81:89:88:a9:5c:
         10:07:f5:0e:3f:9f:f9:62:3a:1d:64:16:66:81:89:7b:9c:10:
         f5:eb:96:66
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTnhmSIaQ9zC9dLPxjTVVNPWrw80wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTYxMTE4NDBaFw0yNzA0MTUxMTIzNDBaMDMxMTAvBgNV
BAMTKENBRTZCMTM1OUY1QzgzMEEwNTVBNkZEMEFBMjdBMkVFNDFEM0Q2MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNPoUB8MaH3OOzOvGxLcMvAp4U
iAPm7JCy6zlj7oFCeN0HQ+4qqKhKtz7vzQtMCGt2LgMdpM95SaSVorR6CGcVOXCD
VgvC4C5WTyeaklI51omIgSa6Ck14myG2kiQqJAsRYzi9U4CHOo0V8ib03XD4clCo
oPNYkx64b6OqhzIB7LTMAAe+rTN6iezSRCh2pK9FSbzfymQeDHJE6wPbF1Xx8+81
CDr0D2n7ccbZVQoKUfRzT1QU6PjE3xBCQbV7MRGEAZ9sOaNZQiaNcUAau0e29Rxa
WVNNCpknObakrz3QFO/a7nbBEFLN7tnZItN9+lpuyxZD0+PwcEyEdJoD0/e/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyuaxNZ9cgwoFWm/Qqiei7kHT1jgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMjMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
FDANBgkqhkiG9w0BAQsFAAOCAQEAIRjHkieXEm1EvVyPQxZmyjpDe2Sx8RkUzAca
vZm8NUOBmbLX5js1fus55BBs+5jjM+DzBaQFoBbWj6nNwNUYML9upOKWbWky9hEm
LcPkpnYCjMg0dW3wrjh560JCEAGP5io/joSkNiele9sTODm+6lzjcmzUpdlBBnpj
GnZiwKrb53uErrHd9oNpglLaCuXjIBa+diOcQ2g0ho8PuSRy3ElwplN75kxCEA9x
dvI6h49lPvcv8kLa19RjYVX5AlhGiTaDCBq0cFQHOxYu8q/2tREwGPbLUiYiQib5
pfx9Da7ExfXHjYGJiKlcEAf1Dj+f+WI6HWQWZoGJe5wQ9euWZg==
-----END CERTIFICATE-----