Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3135322e3138392e302f32342d3234203d3e20383334.roa
File:                     34352e3135322e3138392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          +39hP2+OfC+wKjPFRv2SqTJCHvbxqbUgt92IS4WrL6M=
Subject key identifier:   83:98:79:B3:83:47:26:F7:50:00:89:D2:78:D5:44:40:AE:1B:40:B0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       19950BB4DCCFB3EFB661D145BE4FA97AA9842CD3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3135322e3138392e302f32342d3234203d3e20383334.roa
Signing time:             Tue 04 Nov 2025 17:08:50 +0000
ROA not before:           Tue 04 Nov 2025 17:03:50 +0000
ROA not after:            Tue 03 Nov 2026 17:08:50 +0000
asID:                     834
IP address blocks:        45.152.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 04:38:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:95:0b:b4:dc:cf:b3:ef:b6:61:d1:45:be:4f:a9:7a:a9:84:2c:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov  4 17:03:50 2025 GMT
            Not After : Nov  3 17:08:50 2026 GMT
        Subject: CN=839879B3834726F7500089D278D54440AE1B40B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:8b:4f:34:56:0b:89:d1:4e:6d:a1:1f:78:a9:
                    b6:cd:78:75:79:ea:07:21:38:ad:93:76:cc:db:64:
                    95:40:d3:35:0c:10:39:13:16:9e:bc:40:38:de:bc:
                    86:a7:be:f0:60:48:38:fa:97:d7:9e:3d:d3:47:da:
                    cf:0c:af:d4:7d:68:f0:94:00:70:54:a5:90:6a:7a:
                    55:ff:ca:48:97:ad:e3:d0:88:09:b6:51:ec:0e:41:
                    17:a9:50:db:a6:d3:08:8f:f6:37:10:74:c0:ef:e4:
                    d1:60:7d:da:0e:32:51:b3:7f:2f:2d:33:06:f6:0f:
                    e7:5a:3a:72:a0:3f:33:77:0b:ed:eb:95:9d:3d:4c:
                    5f:59:1d:d1:9e:4c:e4:ac:b6:ec:ee:5f:95:4e:21:
                    ee:bf:4c:cf:24:cc:f6:09:3d:29:2b:22:e3:53:7c:
                    4f:a6:dd:88:ba:64:d5:a8:93:d5:19:c0:69:89:f6:
                    75:d5:3a:21:c3:90:e4:6d:38:07:26:af:d3:a6:8a:
                    dd:c9:34:b2:ad:63:fa:c2:d6:11:11:57:0f:f2:02:
                    41:65:aa:3b:ca:e9:ae:f3:96:a2:e9:04:f2:9c:c3:
                    d7:c5:d8:92:ef:4d:b7:ee:aa:bb:41:cc:a8:4d:e9:
                    1c:90:df:56:75:1b:c1:2b:91:a5:3f:91:80:7a:2c:
                    a1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:98:79:B3:83:47:26:F7:50:00:89:D2:78:D5:44:40:AE:1B:40:B0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3135322e3138392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:ad:b8:7d:4f:59:cd:1d:60:26:f4:11:5f:95:c7:8c:a9:9c:
         7a:d9:aa:12:0b:fb:f4:45:2c:b1:f2:d7:37:bd:2f:fb:0a:c6:
         1e:dd:01:68:ec:6c:64:5c:fa:25:8b:b0:5d:3a:a1:22:7b:70:
         17:93:85:09:a8:18:e1:39:86:42:82:b8:0d:12:8b:af:81:07:
         c9:ba:b6:cc:40:e8:1d:7d:6c:01:ea:42:21:85:7a:22:ad:07:
         7a:be:d5:5d:f2:f0:3c:f0:34:24:6f:07:41:cd:e4:1a:28:c4:
         85:20:fd:cb:b9:49:25:ba:f5:80:7d:60:34:96:41:cd:8e:82:
         c6:e5:66:10:08:d3:f9:e7:83:17:60:01:0f:f3:6c:ad:ac:7a:
         81:11:45:17:cb:1e:00:48:5b:b1:ba:0b:55:0f:94:e2:73:ce:
         48:5e:21:05:8f:89:12:fc:3d:9f:97:21:a4:99:28:9f:87:f0:
         1a:04:2c:d6:d5:39:3a:bf:e1:b8:a3:47:19:32:80:4f:07:ad:
         ea:fb:01:fc:60:d2:05:c4:33:9b:97:43:dd:5a:78:29:89:f2:
         d5:4b:7e:95:3b:73:cf:1c:eb:66:17:b9:42:cd:ca:ae:6a:88:
         19:d1:87:e9:90:6d:5c:4e:3c:23:c1:93:3f:c8:9b:dd:44:84:
         e5:3b:55:5e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGZULtNzPs++2YdFFvk+peqmELNMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTExMDQxNzAzNTBaFw0yNjExMDMxNzA4NTBaMDMxMTAvBgNV
BAMTKDgzOTg3OUIzODM0NzI2Rjc1MDAwODlEMjc4RDU0NDQwQUUxQjQwQjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDei080VguJ0U5toR94qbbNeHV5
6gchOK2TdszbZJVA0zUMEDkTFp68QDjevIanvvBgSDj6l9eePdNH2s8Mr9R9aPCU
AHBUpZBqelX/ykiXrePQiAm2UewOQRepUNum0wiP9jcQdMDv5NFgfdoOMlGzfy8t
Mwb2D+daOnKgPzN3C+3rlZ09TF9ZHdGeTOSstuzuX5VOIe6/TM8kzPYJPSkrIuNT
fE+m3Yi6ZNWok9UZwGmJ9nXVOiHDkORtOAcmr9Omit3JNLKtY/rC1hERVw/yAkFl
qjvK6a7zlqLpBPKcw9fF2JLvTbfuqrtBzKhN6RyQ31Z1G8ErkaU/kYB6LKFHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUg5h5s4NHJvdQAInSeNVEQK4bQLAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNTMyMmUzMTM4
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtmL0w
DQYJKoZIhvcNAQELBQADggEBAIStuH1PWc0dYCb0EV+Vx4ypnHrZqhIL+/RFLLHy
1ze9L/sKxh7dAWjsbGRc+iWLsF06oSJ7cBeThQmoGOE5hkKCuA0Si6+BB8m6tsxA
6B19bAHqQiGFeiKtB3q+1V3y8DzwNCRvB0HN5BooxIUg/cu5SSW69YB9YDSWQc2O
gsblZhAI0/nngxdgAQ/zbK2seoERRRfLHgBIW7G6C1UPlOJzzkheIQWPiRL8PZ+X
IaSZKJ+H8BoELNbVOTq/4bijRxkygE8Hrer7Afxg0gXEM5uXQ91aeCmJ8tVLfpU7
c88c62YXuULNyq5qiBnRh+mQbVxOPCPBkz/Im91EhOU7VV4=
-----END CERTIFICATE-----