Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135352e302f32342d3234203d3e20383334.roa
File:                     3134352e37392e3135352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          kwKBtj6NSTUvYDSRwghV2v0HZG2ppIEhPcKuZRMLGW8=
Subject key identifier:   A8:5C:0C:EF:75:67:5B:35:F2:A1:0E:ED:CE:53:06:E2:42:42:CA:51
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       51B06DD9B556B057396E2382EE0FD1E24343ABDE
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135352e302f32342d3234203d3e20383334.roa
Signing time:             Mon 15 Jun 2026 06:58:39 +0000
ROA not before:           Mon 15 Jun 2026 06:53:39 +0000
ROA not after:            Mon 14 Jun 2027 06:58:39 +0000
asID:                     834
IP address blocks:        145.79.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:b0:6d:d9:b5:56:b0:57:39:6e:23:82:ee:0f:d1:e2:43:43:ab:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 15 06:53:39 2026 GMT
            Not After : Jun 14 06:58:39 2027 GMT
        Subject: CN=A85C0CEF75675B35F2A10EEDCE5306E24242CA51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3f:94:1a:eb:1f:41:97:e9:97:c6:76:84:64:
                    e1:19:a5:57:99:51:f8:fe:aa:01:ff:61:71:5c:f3:
                    65:90:89:20:4e:a5:ae:da:b0:e9:ea:b1:a2:68:98:
                    e2:f7:e4:c5:4c:34:6e:7b:b1:6c:71:86:8c:c1:12:
                    9e:43:ac:cd:9b:13:1a:eb:63:66:c8:83:5e:a5:b5:
                    af:bb:7e:d8:56:60:ee:13:05:b7:61:d6:01:94:f1:
                    e8:36:0a:c0:a5:a8:5e:44:f0:95:2e:6a:df:ac:8e:
                    64:f0:d1:67:65:31:be:7b:a2:d8:79:7c:8c:58:f9:
                    c8:57:02:6a:77:99:95:0a:9f:c2:8b:37:f2:01:99:
                    a1:5b:c6:53:62:c6:37:c9:c0:00:ca:ea:02:6e:e4:
                    84:cf:62:4d:12:43:21:3f:26:83:38:6e:55:9e:15:
                    20:a4:ec:86:b9:4a:3f:9b:28:2c:07:58:f4:02:f1:
                    88:ef:52:85:23:59:ce:26:e1:db:f8:75:c3:1a:e6:
                    b2:b6:c7:a2:69:3c:28:59:a7:a5:c9:69:3d:ed:f5:
                    a9:9f:dd:79:04:7f:d2:ce:cf:5b:dc:2b:83:73:72:
                    65:bc:41:8d:a4:67:20:b1:39:7a:54:fc:81:41:30:
                    52:86:90:34:71:a2:2b:20:e5:da:79:e6:58:25:07:
                    30:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:5C:0C:EF:75:67:5B:35:F2:A1:0E:ED:CE:53:06:E2:42:42:CA:51
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3135352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:dc:7f:c2:ca:db:00:e0:d0:9a:64:56:8c:d4:01:5e:07:d5:
         ed:d7:f4:e0:50:c4:a9:8f:94:88:55:5b:29:82:65:14:ac:64:
         51:33:b6:33:6c:e7:20:4c:4b:ad:2b:6d:e5:e8:19:65:92:dd:
         39:ae:80:77:00:10:74:7a:11:f9:6f:a8:74:f5:01:07:e5:6d:
         9d:10:e5:ea:56:df:ec:38:ac:57:26:78:a6:1c:91:9a:d3:12:
         26:fb:69:25:fa:c1:b1:2f:39:2a:32:a9:2d:5a:14:fd:4f:3d:
         80:f4:d3:de:1f:38:d1:fb:8f:07:29:8e:a8:37:76:2b:12:e0:
         82:41:b1:e4:4a:59:af:e2:aa:4b:4b:a2:74:31:18:39:6f:21:
         6e:a6:6a:1c:72:8d:42:9e:98:09:cc:8f:da:27:77:53:3d:eb:
         e7:94:ee:6d:c9:50:e9:21:14:40:28:72:e2:60:c9:f5:f0:24:
         93:75:d5:64:45:9a:b0:5c:4f:6d:be:b3:d5:a9:cf:84:5d:b0:
         cb:5a:d2:24:a0:04:5a:82:7c:2e:c8:d5:ca:26:f7:2d:8f:6a:
         e9:ad:f3:bf:01:e0:c1:4c:a4:ce:e2:92:85:3c:45:26:b3:e3:
         f5:96:9f:34:c0:43:6a:2f:2d:93:07:20:cd:10:82:10:8b:ce:
         fc:ea:a6:70
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUbBt2bVWsFc5biOC7g/R4kNDq94wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MTUwNjUzMzlaFw0yNzA2MTQwNjU4MzlaMDMxMTAvBgNV
BAMTKEE4NUMwQ0VGNzU2NzVCMzVGMkExMEVFRENFNTMwNkUyNDI0MkNBNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbP5Qa6x9Bl+mXxnaEZOEZpVeZ
Ufj+qgH/YXFc82WQiSBOpa7asOnqsaJomOL35MVMNG57sWxxhozBEp5DrM2bExrr
Y2bIg16lta+7fthWYO4TBbdh1gGU8eg2CsClqF5E8JUuat+sjmTw0WdlMb57oth5
fIxY+chXAmp3mZUKn8KLN/IBmaFbxlNixjfJwADK6gJu5ITPYk0SQyE/JoM4blWe
FSCk7Ia5Sj+bKCwHWPQC8YjvUoUjWc4m4dv4dcMa5rK2x6JpPChZp6XJaT3t9amf
3XkEf9LOz1vcK4NzcmW8QY2kZyCxOXpU/IFBMFKGkDRxoisg5dp55lglBzA5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUqFwM73VnWzXyoQ7tzlMG4kJCylEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM1
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACRT5sw
DQYJKoZIhvcNAQELBQADggEBAFPcf8LK2wDg0JpkVozUAV4H1e3X9OBQxKmPlIhV
WymCZRSsZFEztjNs5yBMS60rbeXoGWWS3TmugHcAEHR6EflvqHT1AQflbZ0Q5epW
3+w4rFcmeKYckZrTEib7aSX6wbEvOSoyqS1aFP1PPYD0094fONH7jwcpjqg3disS
4IJBseRKWa/iqktLonQxGDlvIW6mahxyjUKemAnMj9ond1M96+eU7m3JUOkhFEAo
cuJgyfXwJJN11WRFmrBcT22+s9Wpz4RdsMta0iSgBFqCfC7I1com9y2Paumt878B
4MFMpM7ikoU8RSaz4/WWnzTAQ2ovLZMHIM0QghCLzvzqpnA=
-----END CERTIFICATE-----