Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2037383433.roa
File:                     3134352e37392e3137322e302f32322d3234203d3e2037383433.roa (raw, json)
Hash identifier:          K/8HNqic+2Ru4Djm8oaxghQQs5aT8S8gAHtWfXN1NUc=
Subject key identifier:   18:68:41:E8:18:B3:0E:9B:67:B4:7E:E9:10:24:79:33:C2:A0:B0:B6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       01A4B836CA8D329B8096ED7BF0205877377C82FD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2037383433.roa
Signing time:             Tue 05 May 2026 20:24:02 +0000
ROA not before:           Tue 05 May 2026 20:19:02 +0000
ROA not after:            Tue 04 May 2027 20:24:02 +0000
asID:                     7843
IP address blocks:        145.79.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 13:39:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:a4:b8:36:ca:8d:32:9b:80:96:ed:7b:f0:20:58:77:37:7c:82:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May  5 20:19:02 2026 GMT
            Not After : May  4 20:24:02 2027 GMT
        Subject: CN=186841E818B30E9B67B47EE910247933C2A0B0B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e2:d8:f0:2a:6a:38:26:ee:8c:2d:db:9d:9e:
                    40:76:c1:7c:8f:47:68:5d:86:ea:21:0a:9a:1f:dd:
                    b0:ba:19:73:28:0f:76:41:cc:87:0e:7c:f4:07:d5:
                    e2:0b:b6:c1:2a:fa:16:d5:c5:f1:5a:52:26:e7:07:
                    1a:31:0a:84:fd:97:50:f1:30:34:db:ad:79:e7:3b:
                    43:0a:f0:7c:b5:02:09:51:c9:79:45:5f:a4:dc:94:
                    b8:a1:c5:e4:e3:54:2a:8e:8e:ec:0c:dc:2e:a3:3d:
                    d3:6d:a2:49:69:4b:b1:75:de:ed:53:d5:7c:73:d3:
                    cd:d9:97:e3:c3:b0:44:b8:62:d3:38:16:78:d1:e9:
                    45:d6:b3:42:8b:1f:42:c6:f3:6d:0a:a1:35:b8:8f:
                    68:f6:83:ba:57:0b:a7:0b:83:6a:7b:da:7e:0b:a3:
                    07:89:24:0f:41:35:4a:be:a4:5a:0f:bc:93:8f:68:
                    40:c7:73:c2:6d:60:0d:65:03:07:a4:dc:d4:be:c4:
                    7e:eb:97:d1:1e:94:7b:66:e7:36:e2:4c:26:6b:31:
                    c0:f8:f6:df:b1:5f:06:98:7c:3a:00:26:b7:e5:c4:
                    7f:ec:56:05:a9:a1:f9:bf:94:4a:e2:b7:4f:86:af:
                    0c:09:ef:9c:b1:f2:dd:ec:54:35:68:d3:96:11:bf:
                    9a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:68:41:E8:18:B3:0E:9B:67:B4:7E:E9:10:24:79:33:C2:A0:B0:B6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e37392e3137322e302f32322d3234203d3e2037383433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.79.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:f2:49:12:ce:b1:ee:f6:0f:43:64:52:51:f2:27:6d:d5:94:
         30:be:20:b6:d1:98:d2:d3:9f:29:c6:c0:d7:c1:8c:4f:09:27:
         06:d4:57:a5:ae:d9:f2:5d:13:e7:9f:1e:f0:c9:2b:13:4a:78:
         7d:bd:b0:d6:e4:7d:92:76:83:19:e3:fc:42:11:a2:51:72:bf:
         01:39:0f:a0:1a:f6:23:0d:cd:be:2b:00:f4:aa:5b:25:5c:d0:
         95:bb:96:43:d7:bc:fa:78:7a:46:fb:9d:9b:c0:aa:95:80:01:
         ef:10:23:bf:68:d0:01:35:b0:51:e1:e7:6e:04:f5:4a:d8:1f:
         8a:68:3d:9d:43:54:87:ca:1d:09:e3:60:f3:d3:b1:92:be:36:
         0b:2f:b3:7c:f1:5b:a9:b7:bc:53:bd:d0:fe:ae:74:9c:1e:72:
         fa:f8:9e:ad:e0:7f:d8:30:a7:e6:cd:37:83:3f:ac:9a:3e:a4:
         6a:35:a7:ea:2c:e3:de:38:dc:3d:fe:2c:43:d8:aa:47:a9:24:
         85:4a:ea:62:f5:08:57:ca:43:86:ae:6b:e2:7c:5d:05:27:12:
         fb:ae:74:4a:6a:27:d2:6c:98:e8:c5:94:fd:0d:32:38:9e:17:
         1e:24:13:b4:6e:4c:0f:f2:fc:7c:63:4e:76:1f:6f:cb:f4:d3:
         dd:c2:99:7d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAaS4NsqNMpuAlu178CBYdzd8gv0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MDUyMDE5MDJaFw0yNzA1MDQyMDI0MDJaMDMxMTAvBgNV
BAMTKDE4Njg0MUU4MThCMzBFOUI2N0I0N0VFOTEwMjQ3OTMzQzJBMEIwQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM4tjwKmo4Ju6MLdudnkB2wXyP
R2hdhuohCpof3bC6GXMoD3ZBzIcOfPQH1eILtsEq+hbVxfFaUibnBxoxCoT9l1Dx
MDTbrXnnO0MK8Hy1AglRyXlFX6TclLihxeTjVCqOjuwM3C6jPdNtoklpS7F13u1T
1Xxz083Zl+PDsES4YtM4FnjR6UXWs0KLH0LG820KoTW4j2j2g7pXC6cLg2p72n4L
oweJJA9BNUq+pFoPvJOPaEDHc8JtYA1lAwek3NS+xH7rl9EelHtm5zbiTCZrMcD4
9t+xXwaYfDoAJrflxH/sVgWpofm/lErit0+GrwwJ75yx8t3sVDVo05YRv5qVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGGhB6BizDptntH7pECR5M8KgsLYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzNzM5MmUzMTM3
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzM4MzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApFP
rDANBgkqhkiG9w0BAQsFAAOCAQEAefJJEs6x7vYPQ2RSUfInbdWUML4gttGY0tOf
KcbA18GMTwknBtRXpa7Z8l0T558e8MkrE0p4fb2w1uR9knaDGeP8QhGiUXK/ATkP
oBr2Iw3NvisA9KpbJVzQlbuWQ9e8+nh6Rvudm8CqlYAB7xAjv2jQATWwUeHnbgT1
Stgfimg9nUNUh8odCeNg89Oxkr42Cy+zfPFbqbe8U73Q/q50nB5y+viereB/2DCn
5s03gz+smj6kajWn6izj3jjcPf4sQ9iqR6kkhUrqYvUIV8pDhq5r4nxdBScS+650
Smon0myY6MWU/Q0yOJ4XHiQTtG5MD/L8fGNOdh9vy/TT3cKZfQ==
-----END CERTIFICATE-----