Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e32342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          K3UwHiA2pbizwe0NVuFpOMw6yU/j2CLEuNDO/Ma4Oa0=
Subject key identifier:   DF:ED:BD:65:F3:46:3A:62:AC:23:B8:30:A3:03:C4:0A:69:94:7E:13
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6391391AFCE9AC265D871D58E703B8C0C8A1A5D6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 16 Apr 2026 11:23:40 +0000
ROA not before:           Thu 16 Apr 2026 11:18:40 +0000
ROA not after:            Thu 15 Apr 2027 11:23:40 +0000
asID:                     47583
IP address blocks:        195.35.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:14:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:91:39:1a:fc:e9:ac:26:5d:87:1d:58:e7:03:b8:c0:c8:a1:a5:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 16 11:18:40 2026 GMT
            Not After : Apr 15 11:23:40 2027 GMT
        Subject: CN=DFEDBD65F3463A62AC23B830A303C40A69947E13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:24:56:f1:a8:ea:ad:19:0c:5c:c0:20:a1:bc:
                    24:e6:a4:17:44:ba:9a:d9:d4:40:59:78:8f:43:bc:
                    04:5b:f1:32:f6:44:52:02:e6:77:eb:c9:2c:34:a3:
                    b2:e4:66:8b:9e:62:95:85:7a:39:61:e8:bd:21:33:
                    a7:4f:cd:6a:80:40:33:6f:c9:4f:17:cd:86:2c:50:
                    0d:34:6d:70:ad:00:b5:93:58:0b:87:8a:6c:7a:b0:
                    50:f7:4e:47:94:ac:f7:dd:fd:02:cc:49:d2:29:ff:
                    d7:a9:c0:cf:82:97:ef:68:69:35:4b:62:92:61:08:
                    fa:6a:cd:62:bf:18:d9:88:f9:1e:b6:77:a6:17:6c:
                    b5:30:9a:ac:2c:43:7c:4d:75:c1:bb:89:97:11:92:
                    d7:08:89:c9:9c:78:75:3d:30:0c:0c:09:ce:63:52:
                    55:4c:9b:1b:b3:57:01:03:db:b5:fe:3f:d2:da:41:
                    23:26:5a:c0:e3:e0:4b:d6:b1:c5:0b:51:7c:7e:6e:
                    c7:15:c4:11:83:59:09:e0:45:8e:7c:3e:48:06:4a:
                    13:34:02:04:56:be:2a:d2:11:d4:ea:a0:ac:99:46:
                    3d:36:b7:2b:b9:ea:14:07:a6:b9:bf:7b:45:d8:4a:
                    59:1a:a4:57:0d:d4:7c:0e:7e:95:b0:8e:8c:2d:ca:
                    17:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:ED:BD:65:F3:46:3A:62:AC:23:B8:30:A3:03:C4:0A:69:94:7E:13
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e32342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:d7:7e:46:7e:2c:69:ad:dd:e3:32:08:6e:86:bb:23:f8:a4:
         66:e8:a6:6d:56:5c:a2:17:fe:9c:7e:d8:c5:11:fd:21:61:26:
         5f:ee:e6:2c:d4:53:c2:e8:72:5d:33:fd:60:3f:1a:cd:1b:84:
         4c:1c:46:f8:cd:ff:fe:cf:64:dc:b9:17:43:8d:20:91:e3:2f:
         bc:35:f1:ca:6a:e8:57:1e:d3:63:75:6a:a8:5e:d8:5a:52:f1:
         be:f6:1a:3f:30:39:97:33:d0:fe:5a:c0:e2:65:bc:da:d9:f1:
         c8:a5:08:8e:a8:94:24:b8:45:d7:c4:2b:cf:6a:95:7c:52:a5:
         0b:82:2e:09:b9:1b:b8:f5:a5:a1:b1:ae:c9:2d:9e:9f:32:28:
         c8:3a:cf:d8:fc:6e:12:47:98:76:31:96:ba:b5:5e:0d:38:06:
         e7:88:98:ed:e1:8c:2b:e4:88:f0:b5:72:d6:39:4e:d8:22:5f:
         99:d3:c4:e9:3e:7c:87:0b:e5:62:cc:39:3c:03:bc:87:3d:0f:
         c1:90:34:e6:54:a4:01:4c:da:99:de:b7:b7:60:7d:75:45:bd:
         fa:60:e5:84:bd:e5:6a:2e:44:af:f2:96:7d:4f:2d:99:d9:ff:
         ea:03:96:57:b9:c5:b1:d5:74:e2:31:24:9d:51:b0:28:d9:a2:
         df:0c:11:91
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUY5E5GvzprCZdhx1Y5wO4wMihpdYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTYxMTE4NDBaFw0yNzA0MTUxMTIzNDBaMDMxMTAvBgNV
BAMTKERGRURCRDY1RjM0NjNBNjJBQzIzQjgzMEEzMDNDNDBBNjk5NDdFMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1JFbxqOqtGQxcwCChvCTmpBdE
uprZ1EBZeI9DvARb8TL2RFIC5nfrySw0o7LkZoueYpWFejlh6L0hM6dPzWqAQDNv
yU8XzYYsUA00bXCtALWTWAuHimx6sFD3TkeUrPfd/QLMSdIp/9epwM+Cl+9oaTVL
YpJhCPpqzWK/GNmI+R62d6YXbLUwmqwsQ3xNdcG7iZcRktcIicmceHU9MAwMCc5j
UlVMmxuzVwED27X+P9LaQSMmWsDj4EvWscULUXx+bscVxBGDWQngRY58PkgGShM0
AgRWvirSEdTqoKyZRj02tyu56hQHprm/e0XYSlkapFcN1HwOfpWwjowtyhdXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU3+29ZfNGOmKsI7gwowPECmmUfhMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzMjM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
GDANBgkqhkiG9w0BAQsFAAOCAQEAUtd+Rn4saa3d4zIIboa7I/ikZuimbVZcohf+
nH7YxRH9IWEmX+7mLNRTwuhyXTP9YD8azRuETBxG+M3//s9k3LkXQ40gkeMvvDXx
ymroVx7TY3VqqF7YWlLxvvYaPzA5lzPQ/lrA4mW82tnxyKUIjqiUJLhF18Qrz2qV
fFKlC4IuCbkbuPWlobGuyS2enzIoyDrP2PxuEkeYdjGWurVeDTgG54iY7eGMK+SI
8LVy1jlO2CJfmdPE6T58hwvlYsw5PAO8hz0PwZA05lSkAUzamd63t2B9dUW9+mDl
hL3lai5Er/KWfU8tmdn/6gOWV7nFsdV04jEknVGwKNmi3wwRkQ==
-----END CERTIFICATE-----