Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e36342e302f32322d3232203d3e20323031333431.roa
File:                     34352e39342e36342e302f32322d3232203d3e20323031333431.roa (raw, json)
Hash identifier:          oyDcjIm5V9u1b5YfXIgaLP7Y393GGXQS+6t4PF6cJWo=
Subject key identifier:   8E:09:13:67:7C:C3:61:D7:9D:7C:FC:BC:47:18:8D:5F:89:4F:30:D4
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       717655778FA297F07879AD2C5759240A27060594
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e36342e302f32322d3232203d3e20323031333431.roa
Signing time:             Thu 04 Jun 2026 16:24:51 +0000
ROA not before:           Thu 04 Jun 2026 16:19:51 +0000
ROA not after:            Thu 03 Jun 2027 16:24:51 +0000
asID:                     201341
IP address blocks:        45.94.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:42:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:76:55:77:8f:a2:97:f0:78:79:ad:2c:57:59:24:0a:27:06:05:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  4 16:19:51 2026 GMT
            Not After : Jun  3 16:24:51 2027 GMT
        Subject: CN=8E0913677CC361D79D7CFCBC47188D5F894F30D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:74:f0:9b:9f:02:0d:c8:4d:b1:a5:38:e3:13:
                    f6:44:6b:70:f6:d0:a4:10:a8:bb:60:c9:2c:5f:df:
                    1e:b7:13:d5:33:83:4b:e1:9c:bf:c1:c5:da:9a:39:
                    b3:d8:18:ee:c3:6a:97:e3:55:6f:a7:11:c3:e7:37:
                    30:0a:8a:1e:13:94:fa:57:ad:ae:a7:f0:1d:48:3f:
                    3f:72:e8:a2:1e:8f:e5:dd:39:75:9a:00:c2:58:e2:
                    1b:3d:e6:1b:93:d4:46:7f:fd:52:61:55:12:e6:e9:
                    43:a4:8c:aa:fe:8d:49:23:37:22:58:98:b4:e9:cf:
                    11:7d:fc:f8:76:09:4a:f1:b0:59:06:ab:c2:4a:35:
                    04:cf:b5:d8:6b:2f:8a:72:af:ea:9b:4f:39:a8:c8:
                    4d:02:a4:86:bd:49:00:d1:2b:be:9c:a5:bc:4d:40:
                    4b:3f:eb:5f:30:87:2c:77:51:7a:8c:ec:1f:1e:2f:
                    ea:f1:de:1e:2e:5f:73:60:c7:30:37:6d:a5:c2:3c:
                    ad:86:a3:08:1f:f8:7b:76:99:c2:6c:d4:e5:99:e6:
                    7d:36:3c:df:a7:2e:1b:18:21:64:66:39:e1:26:cf:
                    55:e0:eb:69:70:a9:83:0c:1c:fd:53:37:18:65:77:
                    6a:d1:3f:98:60:bc:06:74:e1:21:40:ed:92:19:be:
                    74:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:09:13:67:7C:C3:61:D7:9D:7C:FC:BC:47:18:8D:5F:89:4F:30:D4
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e36342e302f32322d3232203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:49:4b:eb:40:b6:56:b2:5f:82:a8:44:19:e0:3f:83:aa:d5:
         dc:96:99:f7:56:c0:35:20:6d:ff:9e:d5:94:b0:7a:9d:5b:55:
         f6:bb:0b:ab:04:96:72:59:15:a7:4a:ca:38:95:5e:88:a9:94:
         ec:7e:b9:22:40:2e:66:58:ef:7c:57:b7:50:5b:90:17:21:6c:
         de:37:77:f0:9a:af:ce:d9:50:c3:43:51:27:0e:79:c8:db:37:
         38:46:df:50:38:20:a2:a4:c6:eb:37:df:1e:ab:74:ff:ff:7c:
         b1:71:07:37:47:78:9e:f8:23:5a:dc:d2:ee:09:8a:28:72:1b:
         72:7a:80:0b:37:55:f9:da:ff:d2:38:78:b9:89:2b:fe:6c:0e:
         93:53:89:ec:91:6c:c9:2b:45:a8:47:a3:c4:03:72:56:36:29:
         7a:0a:fc:95:25:93:cb:5e:c6:d4:e0:1f:c7:d0:6f:75:b4:36:
         29:86:f9:96:70:d5:5e:ce:ce:d7:08:9f:07:48:0b:40:58:3c:
         2f:24:90:7e:70:00:b0:a7:45:8e:f1:37:9e:f6:6d:2b:ae:ec:
         02:a3:de:1a:0c:f9:27:4a:ce:3b:3a:f3:03:1a:db:ff:c7:b2:
         80:5e:c8:26:0f:fd:78:10:fc:b5:8b:2e:7c:a4:38:2d:ca:e2:
         98:42:39:76
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcXZVd4+il/B4ea0sV1kkCicGBZQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MDQxNjE5NTFaFw0yNzA2MDMxNjI0NTFaMDMxMTAvBgNV
BAMTKDhFMDkxMzY3N0NDMzYxRDc5RDdDRkNCQzQ3MTg4RDVGODk0RjMwRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dPCbnwINyE2xpTjjE/ZEa3D2
0KQQqLtgySxf3x63E9Uzg0vhnL/BxdqaObPYGO7DapfjVW+nEcPnNzAKih4TlPpX
ra6n8B1IPz9y6KIej+XdOXWaAMJY4hs95huT1EZ//VJhVRLm6UOkjKr+jUkjNyJY
mLTpzxF9/Ph2CUrxsFkGq8JKNQTPtdhrL4pyr+qbTzmoyE0CpIa9SQDRK76cpbxN
QEs/618whyx3UXqM7B8eL+rx3h4uX3NgxzA3baXCPK2Gowgf+Ht2mcJs1OWZ5n02
PN+nLhsYIWRmOeEmz1Xg62lwqYMMHP1TNxhld2rRP5hgvAZ04SFA7ZIZvnQ3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjgkTZ3zDYdedfPy8RxiNX4lPMNQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzNDJlMzYzNDJl
MzAyZjMyMzIyZDMyMzIyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1e
QDANBgkqhkiG9w0BAQsFAAOCAQEAd0lL60C2VrJfgqhEGeA/g6rV3JaZ91bANSBt
/57VlLB6nVtV9rsLqwSWclkVp0rKOJVeiKmU7H65IkAuZljvfFe3UFuQFyFs3jd3
8JqvztlQw0NRJw55yNs3OEbfUDggoqTG6zffHqt0//98sXEHN0d4nvgjWtzS7gmK
KHIbcnqACzdV+dr/0jh4uYkr/mwOk1OJ7JFsyStFqEejxANyVjYpegr8lSWTy17G
1OAfx9BvdbQ2KYb5lnDVXs7O1wifB0gLQFg8LySQfnAAsKdFjvE3nvZtK67sAqPe
Ggz5J0rOOzrzAxrb/8eygF7IJg/9eBD8tYsufKQ4LcrimEI5dg==
-----END CERTIFICATE-----