Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34302e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e34302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          YHEo0H1BuWaXhiT39fqCHqQFsEe5nKFFXYpAxg5159U=
Subject key identifier:   C8:A8:E8:83:81:F9:2B:1B:FC:D3:E1:82:7D:ED:3B:38:FE:B8:CD:0F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       084CDB4233AD56280D6679BD8DADBBB314D05D07
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34302e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 16 Apr 2026 11:23:41 +0000
ROA not before:           Thu 16 Apr 2026 11:18:41 +0000
ROA not after:            Thu 15 Apr 2027 11:23:41 +0000
asID:                     47583
IP address blocks:        195.35.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:4c:db:42:33:ad:56:28:0d:66:79:bd:8d:ad:bb:b3:14:d0:5d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 16 11:18:41 2026 GMT
            Not After : Apr 15 11:23:41 2027 GMT
        Subject: CN=C8A8E88381F92B1BFCD3E1827DED3B38FEB8CD0F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:12:3a:85:02:67:27:02:01:38:19:18:d6:35:
                    ca:b7:6b:be:47:07:d7:a6:37:cf:0a:be:68:a2:0b:
                    0f:d7:fd:24:22:19:68:e3:31:18:5d:19:ae:28:1b:
                    14:0a:a4:d6:29:45:6a:60:f1:d1:b1:45:a2:14:60:
                    e1:f5:ea:a4:8e:60:4d:43:33:c6:e4:2b:a9:38:33:
                    82:14:6f:d3:e1:7d:c7:de:0e:4b:88:39:b6:e9:6d:
                    ad:a3:bf:9f:33:88:9a:40:aa:b9:d8:46:36:8c:5e:
                    ab:6c:a7:5b:ad:be:ca:e0:70:3b:92:d2:8e:b0:fe:
                    6b:da:73:cf:db:57:7c:6e:e8:ef:44:70:6b:19:02:
                    dd:ef:ce:e0:f8:37:2f:d0:28:2e:57:1a:bb:de:69:
                    b5:18:89:69:05:29:db:5f:ab:bb:ff:69:7e:08:10:
                    0a:52:77:80:c4:c4:ae:48:8d:9d:5b:5c:ac:e2:60:
                    bc:eb:15:81:86:68:df:1c:11:a9:56:20:9b:9c:aa:
                    55:e7:dd:ac:59:79:f1:df:29:27:f1:07:3f:e3:55:
                    bc:e3:36:1a:f2:55:88:b1:08:74:09:5b:73:dd:7f:
                    96:8f:2d:b3:08:ac:1a:f3:02:f7:8d:07:76:92:f6:
                    b1:b6:d8:61:c8:f3:94:16:4a:60:cf:ab:28:b5:ee:
                    23:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A8:E8:83:81:F9:2B:1B:FC:D3:E1:82:7D:ED:3B:38:FE:B8:CD:0F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:81:f8:1d:38:25:12:47:36:9e:99:57:f6:84:80:0c:5e:4b:
         c5:b3:cb:aa:52:b6:06:6c:e1:ea:e3:05:5e:81:fc:b3:77:81:
         f7:c6:48:cb:14:05:d4:a1:b0:9d:8e:24:c3:e8:56:5e:69:a4:
         01:bf:53:6d:51:30:e5:a7:a9:04:e5:47:3d:e6:34:50:2b:2f:
         54:f6:98:99:c8:fd:e4:9d:67:79:43:58:25:c3:86:29:16:10:
         d3:2d:e7:b3:30:e7:c2:e5:7e:e7:90:19:35:f9:3d:a2:72:86:
         17:d2:7f:e2:25:a4:9c:a9:62:00:ec:30:b0:bb:85:93:d2:d6:
         4d:0e:19:81:4c:7e:21:06:21:bf:d6:bd:a8:c2:b9:3d:ef:13:
         8c:ec:61:1c:d1:aa:4c:8e:64:65:03:4e:12:19:6a:c2:3e:88:
         fc:8b:3b:12:29:46:17:c6:86:50:4a:aa:a7:ae:48:52:67:2f:
         7f:74:d9:2f:c6:e8:9a:29:32:6a:64:ff:51:15:a1:6e:9e:ea:
         87:f2:25:8c:5a:e6:c2:01:22:c9:e7:88:85:ca:78:bf:be:1e:
         13:e8:ca:ba:b7:b9:cd:37:c3:10:3f:a6:31:11:ed:d8:2a:af:
         c7:63:f7:85:41:57:93:d0:81:43:0b:d3:c9:ab:0e:45:54:2d:
         cf:93:e8:da
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCEzbQjOtVigNZnm9ja27sxTQXQcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTYxMTE4NDFaFw0yNzA0MTUxMTIzNDFaMDMxMTAvBgNV
BAMTKEM4QThFODgzODFGOTJCMUJGQ0QzRTE4MjdERUQzQjM4RkVCOENEMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4EjqFAmcnAgE4GRjWNcq3a75H
B9emN88KvmiiCw/X/SQiGWjjMRhdGa4oGxQKpNYpRWpg8dGxRaIUYOH16qSOYE1D
M8bkK6k4M4IUb9PhfcfeDkuIObbpba2jv58ziJpAqrnYRjaMXqtsp1utvsrgcDuS
0o6w/mvac8/bV3xu6O9EcGsZAt3vzuD4Ny/QKC5XGrveabUYiWkFKdtfq7v/aX4I
EApSd4DExK5IjZ1bXKziYLzrFYGGaN8cEalWIJucqlXn3axZefHfKSfxBz/jVbzj
NhryVYixCHQJW3Pdf5aPLbMIrBrzAveNB3aS9rG22GHI85QWSmDPqyi17iNPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyKjog4H5Kxv80+GCfe07OP64zQ8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
KDANBgkqhkiG9w0BAQsFAAOCAQEAVYH4HTglEkc2nplX9oSADF5LxbPLqlK2Bmzh
6uMFXoH8s3eB98ZIyxQF1KGwnY4kw+hWXmmkAb9TbVEw5aepBOVHPeY0UCsvVPaY
mcj95J1neUNYJcOGKRYQ0y3nszDnwuV+55AZNfk9onKGF9J/4iWknKliAOwwsLuF
k9LWTQ4ZgUx+IQYhv9a9qMK5Pe8TjOxhHNGqTI5kZQNOEhlqwj6I/Is7EilGF8aG
UEqqp65IUmcvf3TZL8bomikyamT/URWhbp7qh/IljFrmwgEiyeeIhcp4v74eE+jK
ure5zTfDED+mMRHt2Cqvx2P3hUFXk9CBQwvTyasORVQtz5Po2g==
-----END CERTIFICATE-----