Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3234203d3e203437353833.roa
File:                     3139352e33352e34342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          4swOPmDZum3Jx5OkqVGG/YyF/rWhZ50Z8GCHl2n3PfE=
Subject key identifier:   F3:41:89:32:15:CD:B7:BF:20:41:31:1D:2A:57:60:DC:38:AF:4B:5B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1AF0FB12449DB3495197306B88D6E93777952F06
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 16 Apr 2026 11:23:42 +0000
ROA not before:           Thu 16 Apr 2026 11:18:42 +0000
ROA not after:            Thu 15 Apr 2027 11:23:42 +0000
asID:                     47583
IP address blocks:        195.35.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:f0:fb:12:44:9d:b3:49:51:97:30:6b:88:d6:e9:37:77:95:2f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 16 11:18:42 2026 GMT
            Not After : Apr 15 11:23:42 2027 GMT
        Subject: CN=F341893215CDB7BF2041311D2A5760DC38AF4B5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c8:45:a4:6e:22:a4:39:b8:a7:60:43:f5:4d:
                    ba:9d:6d:60:0f:b4:f6:d0:cb:1b:bc:82:e8:dc:1e:
                    27:ef:b2:1c:72:73:44:cb:98:52:0a:03:f9:af:c3:
                    5c:3e:c9:44:12:7c:eb:8b:b8:49:58:f1:60:21:fe:
                    a6:54:ea:4d:92:c4:a0:e4:41:52:33:ca:05:43:b1:
                    75:8e:c2:e6:e7:ad:78:18:58:47:0f:14:ed:e7:a4:
                    cc:a2:d6:41:40:49:a6:b3:88:3a:14:34:94:3f:65:
                    b0:b6:51:02:ad:cb:8a:f1:4d:89:7b:70:02:d1:c9:
                    f4:42:f5:56:c2:28:23:2e:e3:fb:01:15:e2:71:e4:
                    9f:0d:4c:86:8f:25:31:58:bc:17:e1:3b:8d:3e:10:
                    59:47:6a:31:60:dd:f7:f7:fc:09:3b:2c:6f:c9:11:
                    9f:c9:70:12:f0:7a:12:83:0a:18:ff:50:36:e6:6c:
                    fe:8b:ba:1e:43:a9:a9:e0:93:a9:45:6c:67:a1:db:
                    11:78:03:9f:c8:95:c3:85:94:7b:3b:9e:d7:95:14:
                    4b:ef:44:86:1c:8b:96:7d:8f:24:71:f9:c0:3f:a1:
                    77:bc:0e:91:1f:19:28:37:e3:cb:6f:89:ae:c7:e5:
                    50:c2:2b:31:b0:fe:89:06:c5:6c:e8:59:8a:c3:55:
                    62:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:41:89:32:15:CD:B7:BF:20:41:31:1D:2A:57:60:DC:38:AF:4B:5B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139352e33352e34342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:12:5b:74:42:5b:ed:1d:4c:da:b9:67:61:98:a9:72:f3:e5:
         79:55:36:69:ff:f9:75:3e:5e:0f:86:9f:48:55:46:5a:bd:4c:
         69:8f:dc:71:00:c7:98:55:21:a7:91:39:4a:ba:3f:89:d7:6b:
         6e:6f:6d:3a:58:db:0f:2e:ad:d1:c6:21:86:08:ce:56:bc:fd:
         14:02:b7:f7:6c:26:0e:47:21:0d:6b:e5:a1:74:1b:80:80:e8:
         5c:87:c9:b6:70:6a:cd:c2:40:81:cd:b0:93:e1:fd:3f:e7:74:
         64:2a:02:3a:5f:d4:e6:52:73:ec:63:75:28:d6:bc:79:7b:b0:
         cb:33:89:f4:bc:7c:04:39:71:0e:16:94:00:06:bd:7d:15:0a:
         13:32:0c:e4:4e:58:f6:cc:25:99:19:08:81:6d:2e:8f:77:41:
         b9:c9:0a:0a:2c:3f:15:7d:e2:c0:88:e7:d0:71:07:37:42:5d:
         cd:68:fb:30:c3:b7:39:2d:e9:58:d7:ae:b6:00:34:73:53:17:
         8b:cf:71:ce:63:b7:ba:7d:5b:e2:b2:33:56:11:0a:5f:c9:8b:
         ca:68:c5:7a:97:ac:7e:76:36:03:72:3c:61:a3:fd:cc:c3:54:
         ea:77:91:8c:95:11:ad:f5:78:06:6f:65:fc:6d:d6:d4:f0:57:
         f3:31:8a:c2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGvD7EkSds0lRlzBriNbpN3eVLwYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTYxMTE4NDJaFw0yNzA0MTUxMTIzNDJaMDMxMTAvBgNV
BAMTKEYzNDE4OTMyMTVDREI3QkYyMDQxMzExRDJBNTc2MERDMzhBRjRCNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmyEWkbiKkObinYEP1TbqdbWAP
tPbQyxu8gujcHifvshxyc0TLmFIKA/mvw1w+yUQSfOuLuElY8WAh/qZU6k2SxKDk
QVIzygVDsXWOwubnrXgYWEcPFO3npMyi1kFASaaziDoUNJQ/ZbC2UQKty4rxTYl7
cALRyfRC9VbCKCMu4/sBFeJx5J8NTIaPJTFYvBfhO40+EFlHajFg3ff3/Ak7LG/J
EZ/JcBLwehKDChj/UDbmbP6Luh5Dqangk6lFbGeh2xF4A5/IlcOFlHs7nteVFEvv
RIYci5Z9jyRx+cA/oXe8DpEfGSg348tvia7H5VDCKzGw/okGxWzoWYrDVWLPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU80GJMhXNt78gQTEdKldg3DivS1swHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM1MmUzMzM1MmUzNDM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsMj
LDANBgkqhkiG9w0BAQsFAAOCAQEAMhJbdEJb7R1M2rlnYZipcvPleVU2af/5dT5e
D4afSFVGWr1MaY/ccQDHmFUhp5E5Sro/iddrbm9tOljbDy6t0cYhhgjOVrz9FAK3
92wmDkchDWvloXQbgIDoXIfJtnBqzcJAgc2wk+H9P+d0ZCoCOl/U5lJz7GN1KNa8
eXuwyzOJ9Lx8BDlxDhaUAAa9fRUKEzIM5E5Y9swlmRkIgW0uj3dBuckKCiw/FX3i
wIjn0HEHN0JdzWj7MMO3OS3pWNeutgA0c1MXi89xzmO3un1b4rIzVhEKX8mLymjF
epesfnY2A3I8YaP9zMNU6neRjJURrfV4Bm9l/G3W1PBX8zGKwg==
-----END CERTIFICATE-----