Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35382e302f32342d3332203d3e203531313637.roa
File:                     34352e39342e35382e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          6nhoVL/EylOhiIhjAoHM7M+04OsWkMPQZei1vwnM23I=
Subject key identifier:   23:E2:53:42:D0:47:9F:7B:A9:49:91:C1:BD:99:A4:6B:20:73:6E:E4
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0AAB249C2DC205D4390B67661477040AADBF5298
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35382e302f32342d3332203d3e203531313637.roa
Signing time:             Thu 04 Jun 2026 16:24:52 +0000
ROA not before:           Thu 04 Jun 2026 16:19:52 +0000
ROA not after:            Thu 03 Jun 2027 16:24:52 +0000
asID:                     51167
IP address blocks:        45.94.58.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:42:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:ab:24:9c:2d:c2:05:d4:39:0b:67:66:14:77:04:0a:ad:bf:52:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  4 16:19:52 2026 GMT
            Not After : Jun  3 16:24:52 2027 GMT
        Subject: CN=23E25342D0479F7BA94991C1BD99A46B20736EE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f1:7c:b8:2b:5a:48:ea:d4:e0:df:ed:c8:f0:
                    11:b7:cb:8a:b7:9a:b8:01:58:91:c7:b0:ef:f8:98:
                    12:bf:db:25:71:99:4f:e7:b4:a9:aa:c3:7e:6d:88:
                    15:38:6e:84:b2:a6:6a:1e:0a:84:b9:97:17:ac:67:
                    1a:1f:f9:49:02:e4:95:52:35:e3:5b:19:0e:25:e5:
                    09:e9:16:db:6f:44:ab:c9:1d:4f:60:1f:d5:99:37:
                    63:03:01:1b:6a:2c:22:9f:5f:6f:94:2d:04:68:31:
                    26:22:6f:cd:8e:7d:7d:8e:10:3d:31:7a:c4:f1:66:
                    bd:f0:9c:68:45:c8:ab:d2:34:38:91:af:70:cc:56:
                    9a:a3:6c:a0:9d:88:7b:d7:d8:27:6c:ff:34:f6:ca:
                    5a:1c:34:85:c9:72:c1:93:bf:ac:60:da:1f:44:a5:
                    9a:94:2b:47:01:18:f2:0e:ab:22:5b:3d:ba:85:8d:
                    de:e5:39:7a:99:35:0c:9f:a2:e5:af:09:b5:65:ad:
                    1c:49:76:09:32:85:d7:4e:47:df:b6:33:88:62:48:
                    7a:eb:d0:13:79:ee:07:b8:70:ce:f0:f8:18:cb:70:
                    cd:60:83:ad:22:8b:37:6c:27:92:03:ad:61:d4:3a:
                    d8:4e:9f:7c:52:43:cc:ca:5b:1d:0f:8b:97:0a:c0:
                    1d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E2:53:42:D0:47:9F:7B:A9:49:91:C1:BD:99:A4:6B:20:73:6E:E4
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35382e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:49:12:c2:4d:4c:cd:e3:b3:4f:46:3b:a7:19:63:f5:fa:1f:
         41:a5:d7:07:1f:31:f6:09:d7:72:32:15:8b:fb:3d:95:32:eb:
         c8:cc:a3:b0:07:be:18:86:94:10:d1:e6:8a:e5:3b:ef:d6:b5:
         87:4a:17:aa:32:b4:33:17:bc:8c:92:bb:77:c8:72:97:2c:8d:
         91:dd:59:98:39:20:13:0f:37:62:bc:78:c7:fd:28:63:3d:61:
         0b:b8:b4:e6:76:3e:00:ce:a9:98:22:8a:ac:17:62:5b:b4:43:
         72:0e:8b:e4:f2:40:41:a7:05:f1:4b:e1:04:5d:79:d6:97:9c:
         8a:d7:e8:5c:8d:97:79:18:14:d3:b5:b7:d1:65:49:ca:ed:3f:
         2b:83:1e:b3:db:24:e8:3f:56:3c:20:80:3e:9f:d3:4a:75:20:
         da:12:88:99:06:eb:6f:0c:06:38:51:28:cd:db:19:f2:a5:8a:
         c8:5b:83:02:7f:a4:0c:52:32:f3:44:58:4d:f0:b1:ae:18:1f:
         53:9a:b2:27:40:61:33:1a:ed:33:ec:58:54:b9:5b:df:44:bb:
         e6:ec:c2:05:d6:5b:cf:c4:90:d9:6b:03:93:83:b0:78:76:13:
         bb:15:f1:33:4c:d1:6e:5f:47:25:bb:3d:72:5a:25:28:2d:8a:
         8e:7e:71:07
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCqsknC3CBdQ5C2dmFHcECq2/UpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MDQxNjE5NTJaFw0yNzA2MDMxNjI0NTJaMDMxMTAvBgNV
BAMTKDIzRTI1MzQyRDA0NzlGN0JBOTQ5OTFDMUJEOTlBNDZCMjA3MzZFRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv8Xy4K1pI6tTg3+3I8BG3y4q3
mrgBWJHHsO/4mBK/2yVxmU/ntKmqw35tiBU4boSypmoeCoS5lxesZxof+UkC5JVS
NeNbGQ4l5QnpFttvRKvJHU9gH9WZN2MDARtqLCKfX2+ULQRoMSYib82OfX2OED0x
esTxZr3wnGhFyKvSNDiRr3DMVpqjbKCdiHvX2Cds/zT2ylocNIXJcsGTv6xg2h9E
pZqUK0cBGPIOqyJbPbqFjd7lOXqZNQyfouWvCbVlrRxJdgkyhddOR9+2M4hiSHrr
0BN57ge4cM7w+BjLcM1gg60iizdsJ5IDrWHUOthOn3xSQ8zKWx0Pi5cKwB1rAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUI+JTQtBHn3upSZHBvZmkayBzbuQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzNDJlMzUzODJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtXjow
DQYJKoZIhvcNAQELBQADggEBABJJEsJNTM3js09GO6cZY/X6H0Gl1wcfMfYJ13Iy
FYv7PZUy68jMo7AHvhiGlBDR5orlO+/WtYdKF6oytDMXvIySu3fIcpcsjZHdWZg5
IBMPN2K8eMf9KGM9YQu4tOZ2PgDOqZgiiqwXYlu0Q3IOi+TyQEGnBfFL4QRdedaX
nIrX6FyNl3kYFNO1t9FlScrtPyuDHrPbJOg/VjwggD6f00p1INoSiJkG628MBjhR
KM3bGfKlishbgwJ/pAxSMvNEWE3wsa4YH1OasidAYTMa7TPsWFS5W99Eu+bswgXW
W8/EkNlrA5ODsHh2E7sV8TNM0W5fRyW7PXJaJSgtio5+cQc=
-----END CERTIFICATE-----