Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS34989.roa
File:                     AS34989.roa (raw, json)
Hash identifier:          4CfXhR4asd0Fz9i3lng5Ft40oXODUNkBssR4E1AHGi0=
Subject key identifier:   9F:73:CC:EB:86:4F:44:75:27:B2:20:E5:5A:C2:13:DC:AB:56:C1:E8
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       03ED44E12C095F252FD8120503143FEB9CC62B19
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS34989.roa
Signing time:             Wed 20 May 2026 13:21:44 +0000
ROA not before:           Wed 20 May 2026 13:16:44 +0000
ROA not after:            Wed 19 May 2027 13:21:44 +0000
asID:                     34989
IP address blocks:        155.117.184.0/24 maxlen: 24
                          167.148.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Jun 2026 20:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:ed:44:e1:2c:09:5f:25:2f:d8:12:05:03:14:3f:eb:9c:c6:2b:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 20 13:16:44 2026 GMT
            Not After : May 19 13:21:44 2027 GMT
        Subject: CN=9F73CCEB864F447527B220E55AC213DCAB56C1E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:31:ac:c3:21:81:ae:46:47:00:2e:35:52:d3:
                    6f:d3:f4:bb:55:13:0d:b1:33:80:34:52:26:86:6d:
                    2b:39:54:a8:c7:df:e1:62:1d:c8:77:b4:de:c0:45:
                    0c:65:90:f5:ef:ff:50:f2:bf:e2:78:4f:8a:58:6c:
                    54:f4:dd:ae:5f:08:9c:89:80:13:b0:26:a3:99:d0:
                    d0:bb:f0:10:08:cd:a5:9e:0b:4f:33:b5:bd:e2:3d:
                    eb:4f:0f:e9:f7:a0:b1:47:d0:f1:c8:70:eb:bb:b9:
                    4e:2f:4b:7e:83:8f:99:dc:be:95:bc:58:7e:89:53:
                    01:02:f4:ef:d6:da:97:2d:31:87:4b:69:64:92:40:
                    78:d7:d8:5d:78:4a:69:b9:9a:28:0b:b6:25:c1:1b:
                    fd:69:19:7e:e4:a7:2b:f0:d2:05:b9:38:7d:7e:14:
                    c2:fa:01:3e:7c:08:1f:87:95:c0:33:f4:dc:78:53:
                    ca:76:ba:25:c2:06:1b:fb:15:c1:4b:d5:53:b3:3e:
                    1e:48:1c:86:8a:3e:87:04:64:9c:d4:fd:18:99:a7:
                    6e:1b:c7:14:c2:81:a5:cf:c2:96:dc:2d:d8:7f:5b:
                    02:58:70:a8:4f:a4:fd:86:66:89:36:b3:8a:20:4a:
                    18:f5:47:6f:90:20:92:e9:ba:9a:36:4e:4a:a8:a5:
                    39:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:73:CC:EB:86:4F:44:75:27:B2:20:E5:5A:C2:13:DC:AB:56:C1:E8
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS34989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.184.0/24
                  167.148.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:ec:c4:9f:71:8d:ef:dd:b5:e0:de:8c:99:c5:f5:45:ec:f3:
         38:3f:d4:49:3f:48:04:a7:d5:70:ef:d2:a2:e8:0d:9a:e2:27:
         c9:f8:56:6a:b2:78:44:1a:e8:96:a5:be:13:09:0e:42:8d:fc:
         d4:68:67:b2:e3:2f:44:01:b2:fe:4c:bb:67:27:e6:e7:89:99:
         42:1f:b3:02:ab:78:50:0f:e9:64:4e:7c:56:7a:16:79:a8:7d:
         49:83:65:b3:94:b3:ed:38:41:48:ba:0a:38:0d:8c:1f:1f:6f:
         a2:0f:3f:b8:d3:ea:52:98:b5:26:59:73:e0:7e:29:c4:8f:ad:
         17:32:12:bd:6d:a0:73:ee:92:3f:26:62:4e:e8:18:23:0e:67:
         15:aa:cb:1f:ba:81:63:d1:74:7d:66:3e:41:01:9e:28:69:d6:
         3e:6b:a3:99:22:f3:f2:a1:75:52:1c:b3:a5:00:94:d8:56:21:
         36:08:0d:e4:28:53:f9:44:b6:a5:10:d0:89:9c:82:7d:bf:17:
         e4:3a:19:37:7d:f4:37:df:1c:49:e4:86:e6:3e:58:14:8d:3f:
         57:cb:af:45:28:bd:02:c3:f6:c8:b5:1a:26:e0:57:53:22:13:
         8a:1e:ee:26:6d:6e:e9:c2:15:61:40:d9:74:d4:7b:e1:ab:49:
         1e:dd:90:85
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUA+1E4SwJXyUv2BIFAxQ/65zGKxkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjAxMzE2NDRaFw0yNzA1MTkxMzIxNDRaMDMxMTAvBgNV
BAMTKDlGNzNDQ0VCODY0RjQ0NzUyN0IyMjBFNTVBQzIxM0RDQUI1NkMxRTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1MazDIYGuRkcALjVS02/T9LtV
Ew2xM4A0UiaGbSs5VKjH3+FiHch3tN7ARQxlkPXv/1Dyv+J4T4pYbFT03a5fCJyJ
gBOwJqOZ0NC78BAIzaWeC08ztb3iPetPD+n3oLFH0PHIcOu7uU4vS36Dj5ncvpW8
WH6JUwEC9O/W2pctMYdLaWSSQHjX2F14Smm5migLtiXBG/1pGX7kpyvw0gW5OH1+
FML6AT58CB+HlcAz9Nx4U8p2uiXCBhv7FcFL1VOzPh5IHIaKPocEZJzU/RiZp24b
xxTCgaXPwpbcLdh/WwJYcKhPpP2GZok2s4ogShj1R2+QIJLpupo2TkqopTnxAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUn3PM64ZPRHUnsiDlWsIT3KtWwegwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzQ5ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACbdbgD
BACnlHswDQYJKoZIhvcNAQELBQADggEBAF/sxJ9xje/dteDejJnF9UXs8zg/1Ek/
SASn1XDv0qLoDZriJ8n4VmqyeEQa6JalvhMJDkKN/NRoZ7LjL0QBsv5Mu2cn5ueJ
mUIfswKreFAP6WROfFZ6FnmofUmDZbOUs+04QUi6CjgNjB8fb6IPP7jT6lKYtSZZ
c+B+KcSPrRcyEr1toHPukj8mYk7oGCMOZxWqyx+6gWPRdH1mPkEBnihp1j5ro5ki
8/KhdVIcs6UAlNhWITYIDeQoU/lEtqUQ0Imcgn2/F+Q6GTd99DffHEnkhuY+WBSN
P1fLr0UovQLD9si1GibgV1MiE4oe7iZtbunCFWFA2XTUe+GrSR7dkIU=
-----END CERTIFICATE-----