Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134382e302f32342d3234203d3e20383334.roa
File:                     3134352e37392e3134382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          pTjr87/w+mDEY67TrS+zuAG/O78ZTe6Sp7yasM6jpUU=
Subject key identifier:   82:87:54:00:1E:A4:CE:1B:C7:64:DF:7D:A2:F2:FE:9C:7E:23:77:72
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       65D2E2469E3F2101D63654E191138A4B7F3B08FB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134382e302f32342d3234203d3e20383334.roa
Signing time:             Sat 20 Jun 2026 07:16:00 +0000
ROA not before:           Sat 20 Jun 2026 07:11:00 +0000
ROA not after:            Sat 19 Jun 2027 07:16:00 +0000
asID:                     834
IP address blocks:        145.79.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:d2:e2:46:9e:3f:21:01:d6:36:54:e1:91:13:8a:4b:7f:3b:08:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 20 07:11:00 2026 GMT
            Not After : Jun 19 07:16:00 2027 GMT
        Subject: CN=828754001EA4CE1BC764DF7DA2F2FE9C7E237772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:f1:27:96:fc:95:9a:c4:07:8a:25:38:57:f4:
                    3f:84:47:6f:4f:67:a3:70:3e:0c:bc:0a:8a:d0:ac:
                    6e:f2:dc:0b:0e:82:24:e8:8a:c3:14:9d:78:7b:98:
                    83:1e:d1:57:36:04:1b:79:c0:d9:4f:2f:23:00:99:
                    72:d6:6a:e8:5d:f1:98:3c:b5:7a:28:57:4a:6c:4c:
                    11:cb:1a:7b:e6:85:07:e5:54:28:fd:36:3d:7d:e8:
                    91:64:74:da:16:51:55:7f:dd:ca:71:e0:a3:cd:b6:
                    5a:4a:86:a0:3b:37:16:5d:09:3c:96:60:c6:93:94:
                    dc:91:48:aa:09:fa:65:b9:d9:c9:3a:a9:b4:f7:f9:
                    a1:45:b8:17:89:62:4c:5f:1d:2a:37:79:bd:2f:66:
                    88:a6:84:2b:95:d8:f6:b8:68:33:55:a3:8e:00:6a:
                    da:c0:01:9f:bc:cb:5f:f7:db:d6:3b:36:96:92:f0:
                    33:df:56:92:b0:1b:a2:b1:b0:41:3a:2e:55:cf:7b:
                    32:a5:be:5a:ca:61:bc:40:15:28:94:84:14:66:66:
                    7d:49:db:ec:62:f0:64:e9:88:35:aa:66:14:47:25:
                    12:3f:99:22:92:4e:b1:23:74:a9:d0:18:f1:04:cc:
                    66:14:73:db:74:b0:c2:09:ec:7c:d4:c7:84:af:d4:
                    26:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:87:54:00:1E:A4:CE:1B:C7:64:DF:7D:A2:F2:FE:9C:7E:23:77:72
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3134382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:66:12:b7:d8:e8:87:11:25:f0:43:25:0c:9c:1e:5e:6c:a6:
         34:1c:48:6c:db:fa:8a:37:d2:d4:ee:d8:c8:d3:ac:85:a0:17:
         b0:61:ab:a8:52:5e:ad:4f:fa:d0:27:1e:52:5b:c3:21:bf:a4:
         10:04:ed:b4:4c:e3:35:19:00:27:7a:55:96:bb:13:31:81:9b:
         3c:5b:99:04:e4:c9:ca:e2:76:25:66:b7:31:33:b7:f3:29:56:
         12:eb:0b:de:10:23:f2:71:c6:5e:4e:0b:bf:29:cf:f3:66:d6:
         6c:bc:cd:39:00:cc:a2:b9:94:5c:a4:00:b7:29:7a:a7:1c:36:
         81:1a:da:4b:c7:11:cd:40:da:18:cc:be:4c:68:22:53:06:ef:
         4a:ce:c8:2a:a6:37:7f:df:b0:07:6f:c3:cf:0b:d2:f6:6d:cb:
         a8:6e:0c:d4:17:79:af:c7:e5:f2:1c:c1:4b:53:c7:b8:61:13:
         2b:89:df:f6:ce:17:9d:05:71:54:43:65:31:60:2d:5f:84:57:
         6b:91:c7:a6:a8:a1:38:1d:08:1b:ee:31:98:9e:b7:d8:26:b9:
         39:62:bf:e2:df:f9:cb:5a:73:0d:d6:01:09:d0:46:2f:33:e2:
         a7:14:f4:9a:1c:9b:71:9f:72:1b:62:b7:01:5f:fd:0f:73:fd:
         82:87:bc:ad
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZdLiRp4/IQHWNlThkROKS387CPswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MjAwNzExMDBaFw0yNzA2MTkwNzE2MDBaMDMxMTAvBgNV
BAMTKDgyODc1NDAwMUVBNENFMUJDNzY0REY3REEyRjJGRTlDN0UyMzc3NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo8SeW/JWaxAeKJThX9D+ER29P
Z6NwPgy8CorQrG7y3AsOgiToisMUnXh7mIMe0Vc2BBt5wNlPLyMAmXLWauhd8Zg8
tXooV0psTBHLGnvmhQflVCj9Nj196JFkdNoWUVV/3cpx4KPNtlpKhqA7NxZdCTyW
YMaTlNyRSKoJ+mW52ck6qbT3+aFFuBeJYkxfHSo3eb0vZoimhCuV2Pa4aDNVo44A
atrAAZ+8y1/329Y7NpaS8DPfVpKwG6KxsEE6LlXPezKlvlrKYbxAFSiUhBRmZn1J
2+xi8GTpiDWqZhRHJRI/mSKSTrEjdKnQGPEEzGYUc9t0sMIJ7HzUx4Sv1CZPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUgodUAB6kzhvHZN99ovL+nH4jd3IwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM0
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT5Qw
DQYJKoZIhvcNAQELBQADggEBAChmErfY6IcRJfBDJQycHl5spjQcSGzb+oo30tTu
2MjTrIWgF7Bhq6hSXq1P+tAnHlJbwyG/pBAE7bRM4zUZACd6VZa7EzGBmzxbmQTk
ycridiVmtzEzt/MpVhLrC94QI/Jxxl5OC78pz/Nm1my8zTkAzKK5lFykALcpeqcc
NoEa2kvHEc1A2hjMvkxoIlMG70rOyCqmN3/fsAdvw88L0vZty6huDNQXea/H5fIc
wUtTx7hhEyuJ3/bOF50FcVRDZTFgLV+EV2uRx6aooTgdCBvuMZiet9gmuTliv+Lf
+ctacw3WAQnQRi8z4qcU9Jocm3GfchtitwFf/Q9z/YKHvK0=
-----END CERTIFICATE-----