Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38382e302f32312d3234203d3e2035363530.roa
File:                     3134352e31312e38382e302f32312d3234203d3e2035363530.roa (raw, json)
Hash identifier:          qur27ohANWQAww6CmouPd/axJd1V4rN7+KmPaKtXrz0=
Subject key identifier:   DA:41:4B:96:E5:89:CC:CE:2C:4E:D0:64:A1:6F:BA:DC:59:FD:0A:65
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7477704CF7F0C9B68EF7EBFF8A9E51BCBF691D67
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38382e302f32312d3234203d3e2035363530.roa
Signing time:             Fri 12 Sep 2025 12:31:15 +0000
ROA not before:           Fri 12 Sep 2025 12:26:15 +0000
ROA not after:            Fri 11 Sep 2026 12:31:15 +0000
asID:                     5650
IP address blocks:        145.11.88.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 00:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:77:70:4c:f7:f0:c9:b6:8e:f7:eb:ff:8a:9e:51:bc:bf:69:1d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 12 12:26:15 2025 GMT
            Not After : Sep 11 12:31:15 2026 GMT
        Subject: CN=DA414B96E589CCCE2C4ED064A16FBADC59FD0A65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4a:53:78:be:95:39:1a:0b:95:9a:d0:ce:7c:
                    55:b6:38:35:b6:44:de:a0:b7:07:ce:94:9e:35:fd:
                    c3:44:56:c6:ae:21:7d:cc:81:f9:39:c9:ba:9a:a9:
                    ac:97:7f:4f:70:94:78:be:d3:29:22:f2:53:d9:80:
                    7b:b0:12:63:f7:d6:96:3a:8b:be:64:8c:ca:37:12:
                    51:4d:95:a6:5a:99:e1:ab:6a:e5:c2:3d:e6:ad:5d:
                    c9:99:18:29:13:b9:e8:9d:0c:64:7a:84:10:d9:ee:
                    aa:f9:0e:0e:94:8f:93:08:03:74:91:a8:25:bc:83:
                    e7:e6:70:60:86:aa:b4:3a:71:7c:b5:76:fe:00:52:
                    89:b6:40:6e:1d:56:4a:5a:c6:82:40:40:92:ea:8e:
                    ed:90:a2:fe:1d:fc:06:46:55:68:99:e4:87:ee:73:
                    44:3f:1e:55:20:3e:03:60:dc:7b:f7:ab:05:03:16:
                    9b:a0:33:41:3d:b6:47:96:a1:23:52:4c:a4:64:27:
                    8b:1d:1f:ee:26:d2:cb:de:73:2b:67:49:1c:93:32:
                    bb:da:0c:03:15:01:14:2a:ed:58:7e:25:79:f9:f8:
                    bc:69:be:24:59:ed:47:9c:b9:c9:25:35:2b:0f:50:
                    c5:78:8f:bb:0c:6f:64:05:1f:e5:46:e1:7e:6b:ac:
                    81:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:41:4B:96:E5:89:CC:CE:2C:4E:D0:64:A1:6F:BA:DC:59:FD:0A:65
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e38382e302f32312d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         30:26:1c:ae:3b:be:4c:a5:91:65:7d:73:bf:14:09:0e:60:74:
         59:85:cd:46:a1:59:7b:10:54:2b:da:68:5d:a7:38:7a:ae:0c:
         1e:0f:4d:eb:a9:4a:b9:90:45:20:97:1f:6b:1f:6f:85:6a:f5:
         c6:a2:a9:5e:b6:30:8a:b7:76:b2:53:a5:5d:7b:9a:7e:87:be:
         ee:3a:17:52:92:2c:c4:47:06:38:96:ef:92:e2:86:79:c7:8c:
         af:b7:89:ec:04:2b:be:34:ce:d9:8b:1e:15:21:0e:25:b4:cb:
         8c:55:92:a5:e3:aa:94:48:e3:36:14:7e:41:26:29:d4:64:f2:
         e5:73:8b:ff:b0:ce:e8:e1:ae:b0:fb:39:cb:32:7d:e5:a5:59:
         86:62:2d:09:f7:2c:65:3d:7b:4f:fd:1c:f0:bc:0d:9b:40:55:
         17:31:c4:a7:4f:f2:25:da:85:df:e0:76:1d:21:a0:4a:71:41:
         02:89:e7:b5:f4:26:a4:f2:ec:aa:2a:71:ef:8c:41:20:b0:a7:
         d3:96:30:52:21:25:74:d1:46:a4:98:92:e1:4c:07:15:76:be:
         95:39:3e:d9:f3:fd:93:d8:53:86:83:67:44:03:c3:2a:51:40:
         1f:74:4f:ae:bf:e2:90:8b:b8:c1:7c:96:9e:e6:82:2a:a6:ae:
         08:8d:27:31
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdHdwTPfwybaO9+v/ip5RvL9pHWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MTIxMjI2MTVaFw0yNjA5MTExMjMxMTVaMDMxMTAvBgNV
BAMTKERBNDE0Qjk2RTU4OUNDQ0UyQzRFRDA2NEExNkZCQURDNTlGRDBBNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+SlN4vpU5GguVmtDOfFW2ODW2
RN6gtwfOlJ41/cNEVsauIX3Mgfk5ybqaqayXf09wlHi+0yki8lPZgHuwEmP31pY6
i75kjMo3ElFNlaZameGrauXCPeatXcmZGCkTueidDGR6hBDZ7qr5Dg6Uj5MIA3SR
qCW8g+fmcGCGqrQ6cXy1dv4AUom2QG4dVkpaxoJAQJLqju2Qov4d/AZGVWiZ5Ifu
c0Q/HlUgPgNg3Hv3qwUDFpugM0E9tkeWoSNSTKRkJ4sdH+4m0svecytnSRyTMrva
DAMVARQq7Vh+JXn5+LxpviRZ7UecucklNSsPUMV4j7sMb2QFH+VG4X5rrIFtAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU2kFLluWJzM4sTtBkoW+63Fn9CmUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzODM4
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzUzNjM1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAORC1gw
DQYJKoZIhvcNAQELBQADggEBADAmHK47vkylkWV9c78UCQ5gdFmFzUahWXsQVCva
aF2nOHquDB4PTeupSrmQRSCXH2sfb4Vq9caiqV62MIq3drJTpV17mn6Hvu46F1KS
LMRHBjiW75LihnnHjK+3iewEK740ztmLHhUhDiW0y4xVkqXjqpRI4zYUfkEmKdRk
8uVzi/+wzujhrrD7OcsyfeWlWYZiLQn3LGU9e0/9HPC8DZtAVRcxxKdP8iXahd/g
dh0hoEpxQQKJ57X0JqTy7Koqce+MQSCwp9OWMFIhJXTRRqSYkuFMBxV2vpU5Ptnz
/ZPYU4aDZ0QDwypRQB90T66/4pCLuMF8lp7mgiqmrgiNJzE=
-----END CERTIFICATE-----