Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e3139302e37322e302f32312d3332203d3e203430303231.roa
File:                     38302e3139302e37322e302f32312d3332203d3e203430303231.roa (raw, json)
Hash identifier:          IVMWkBfSpXn2GvP4gAJ1NFCA+J//OoCwYZtuNuoyZ5A=
Subject key identifier:   0F:40:D4:EA:BD:4A:55:78:B8:97:4B:FA:74:66:EB:41:29:8A:B8:D7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6D5EAE07D7129FF4D801E0984D34F3AF38ED4961
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e3139302e37322e302f32312d3332203d3e203430303231.roa
Signing time:             Tue 20 Jan 2026 11:23:10 +0000
ROA not before:           Tue 20 Jan 2026 11:18:10 +0000
ROA not after:            Tue 19 Jan 2027 11:23:10 +0000
asID:                     40021
IP address blocks:        80.190.72.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:04:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:5e:ae:07:d7:12:9f:f4:d8:01:e0:98:4d:34:f3:af:38:ed:49:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 20 11:18:10 2026 GMT
            Not After : Jan 19 11:23:10 2027 GMT
        Subject: CN=0F40D4EABD4A5578B8974BFA7466EB41298AB8D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2e:54:09:08:44:4a:2a:9f:5b:88:21:f3:dc:
                    1c:bf:19:4d:ce:18:44:99:16:30:48:ac:ab:a0:ae:
                    7b:13:23:bd:6a:54:ca:77:d9:76:e2:95:fd:7a:68:
                    96:ce:79:d7:c3:7b:d8:f6:36:ff:2d:f5:3c:24:d8:
                    ac:2e:81:d2:47:ba:26:69:55:06:73:a4:10:fd:fd:
                    7e:e3:9c:0b:42:73:f4:e5:eb:66:a0:d7:e0:c2:cb:
                    36:08:e9:6f:25:85:fd:69:07:c1:64:be:d3:49:62:
                    cf:9c:21:9c:a9:69:d4:90:5e:07:0d:4d:54:31:7f:
                    39:70:1f:34:b1:d0:00:d9:f7:9d:98:9c:1c:a3:3f:
                    a7:70:70:2a:7c:f9:9e:43:c4:fc:e8:9f:28:d6:2a:
                    dc:95:17:13:48:9c:89:52:83:48:8e:d7:da:e5:cd:
                    77:2a:a7:8c:88:28:75:38:58:fc:22:b1:17:81:ab:
                    55:e4:4a:14:4f:97:78:6d:60:b1:a7:55:2c:a6:27:
                    de:c3:46:0a:df:02:ae:75:a9:5e:5e:80:cf:ad:72:
                    83:98:cf:a4:63:65:85:e5:b7:b0:ff:79:e0:1e:17:
                    25:da:80:93:e5:fd:28:c0:19:fd:5f:fe:bf:a6:3f:
                    df:7c:27:23:8c:95:e5:98:1e:f3:74:83:f6:53:f2:
                    52:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:40:D4:EA:BD:4A:55:78:B8:97:4B:FA:74:66:EB:41:29:8A:B8:D7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38302e3139302e37322e302f32312d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.190.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5a:3b:dc:fb:ef:13:8b:a9:37:d2:fb:75:33:eb:6a:c9:ed:8e:
         47:5d:56:6f:04:d8:d1:88:27:ca:c5:1d:ea:a1:3d:b9:bb:30:
         3a:f4:b0:1b:d3:e4:93:7d:80:e1:90:c8:e4:b2:18:cd:9d:da:
         ee:7c:28:61:66:92:fa:48:26:cd:57:c6:0c:f0:a6:98:7b:46:
         2e:7f:6d:73:5d:6e:da:67:94:ce:09:ef:1c:a5:84:80:ac:2b:
         55:5a:92:b5:4f:2b:09:58:64:8c:06:12:a5:b9:07:e2:d8:a2:
         33:5d:54:a5:d2:35:71:9a:60:f8:0d:37:73:a1:2e:2d:9b:19:
         96:d4:95:85:3d:37:d9:f5:6e:5b:a8:bb:d3:7c:17:e0:63:c1:
         2d:9e:e1:3b:f2:42:ea:ad:a8:ec:11:85:81:de:be:11:3d:97:
         1b:c8:71:3c:af:c1:25:b3:9d:3a:32:38:a7:f2:59:d0:55:49:
         ac:82:6a:f4:2c:04:9b:76:45:44:59:12:d9:34:4f:d8:fa:4f:
         5e:aa:23:54:6a:b6:9a:15:a8:0e:00:6a:d2:db:94:d2:42:98:
         ef:da:32:a1:21:b3:aa:e1:49:12:0b:45:28:7a:37:4b:0a:d2:
         a1:4a:fb:62:79:ea:4a:1c:38:8e:a4:b6:14:4c:a3:54:be:af:
         d4:2d:3a:d5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbV6uB9cSn/TYAeCYTTTzrzjtSWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAxMjAxMTE4MTBaFw0yNzAxMTkxMTIzMTBaMDMxMTAvBgNV
BAMTKDBGNDBENEVBQkQ0QTU1NzhCODk3NEJGQTc0NjZFQjQxMjk4QUI4RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LlQJCERKKp9biCHz3By/GU3O
GESZFjBIrKugrnsTI71qVMp32Xbilf16aJbOedfDe9j2Nv8t9Twk2KwugdJHuiZp
VQZzpBD9/X7jnAtCc/Tl62ag1+DCyzYI6W8lhf1pB8FkvtNJYs+cIZypadSQXgcN
TVQxfzlwHzSx0ADZ952YnByjP6dwcCp8+Z5DxPzonyjWKtyVFxNInIlSg0iO19rl
zXcqp4yIKHU4WPwisReBq1XkShRPl3htYLGnVSymJ97DRgrfAq51qV5egM+tcoOY
z6RjZYXlt7D/eeAeFyXagJPl/SjAGf1f/r+mP998JyOMleWYHvN0g/ZT8lJHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUD0DU6r1KVXi4l0v6dGbrQSmKuNcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzMDJlMzEzOTMwMmUzNzMy
MmUzMDJmMzIzMTJkMzMzMjIwM2QzZTIwMzQzMDMwMzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1C+
SDANBgkqhkiG9w0BAQsFAAOCAQEAWjvc++8Ti6k30vt1M+tqye2OR11WbwTY0Ygn
ysUd6qE9ubswOvSwG9Pkk32A4ZDI5LIYzZ3a7nwoYWaS+kgmzVfGDPCmmHtGLn9t
c11u2meUzgnvHKWEgKwrVVqStU8rCVhkjAYSpbkH4tiiM11UpdI1cZpg+A03c6Eu
LZsZltSVhT032fVuW6i703wX4GPBLZ7hO/JC6q2o7BGFgd6+ET2XG8hxPK/BJbOd
OjI4p/JZ0FVJrIJq9CwEm3ZFRFkS2TRP2PpPXqojVGq2mhWoDgBq0tuU0kKY79oy
oSGzquFJEgtFKHo3SwrSoUr7YnnqShw4jqS2FEyjVL6v1C061Q==
-----END CERTIFICATE-----