Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e32382e302f32342d3234203d3e20323132323338.roa
File:                     34352e38302e32382e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          vVbYMh1GmIbo1vOQWvfApxLTmri1jBnSvYYrdLDBsMI=
Subject key identifier:   C3:66:DC:78:3B:F1:17:78:04:1D:2C:BB:7C:F6:EC:CD:A0:49:E0:D6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6637F24498E77454B7D27A9D2BDD6740F224DBFF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e32382e302f32342d3234203d3e20323132323338.roa
Signing time:             Mon 01 Jun 2026 22:24:47 +0000
ROA not before:           Mon 01 Jun 2026 22:19:47 +0000
ROA not after:            Mon 31 May 2027 22:24:47 +0000
asID:                     212238
IP address blocks:        45.80.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:37:f2:44:98:e7:74:54:b7:d2:7a:9d:2b:dd:67:40:f2:24:db:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  1 22:19:47 2026 GMT
            Not After : May 31 22:24:47 2027 GMT
        Subject: CN=C366DC783BF11778041D2CBB7CF6ECCDA049E0D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5e:33:e7:25:fa:25:b6:d4:65:d4:9f:86:e4:
                    99:fd:36:ef:17:86:d4:ef:4c:94:9c:81:05:5d:bc:
                    df:45:cc:49:41:ee:87:68:d3:25:e2:a8:5e:aa:37:
                    23:e4:83:16:92:6c:39:d4:13:55:14:1d:d1:dd:ed:
                    a2:45:31:45:6e:bd:f5:36:1b:8c:72:7e:25:85:91:
                    95:94:af:c8:d3:22:35:a5:6b:1a:56:bb:3b:20:4a:
                    a0:8c:6d:39:cb:33:38:48:b9:55:2f:d1:0c:93:37:
                    f0:b8:0b:d8:68:13:42:e1:42:28:fc:69:b9:fc:bb:
                    b3:cd:33:78:a1:f0:60:bc:93:d5:29:49:68:50:e5:
                    f7:de:b1:0f:08:6c:7f:2a:45:dd:83:53:6b:b3:9a:
                    4e:11:fc:c1:12:8c:01:f6:19:df:b2:e6:bf:68:c9:
                    87:32:b0:61:90:1f:c2:ab:b6:94:36:b2:fd:72:bd:
                    dc:29:1f:12:ee:0b:d8:ae:7b:4d:d8:c9:a2:8d:3c:
                    c1:50:17:40:1e:0b:28:40:cd:c5:db:91:e3:cd:b1:
                    f0:b2:c2:03:4f:b4:52:28:9b:70:5a:28:74:be:02:
                    6a:07:72:ab:60:69:ac:03:d8:90:13:75:d8:1f:9c:
                    22:97:48:ec:28:81:23:ad:b9:59:0f:c3:fc:51:6c:
                    54:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:66:DC:78:3B:F1:17:78:04:1D:2C:BB:7C:F6:EC:CD:A0:49:E0:D6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e32382e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:79:04:66:60:4d:f6:39:0e:c5:4c:05:d3:62:8a:6b:15:48:
         05:f8:e5:28:3b:c6:57:c1:16:f4:1a:ed:1c:42:c3:66:3c:ed:
         fa:4c:e0:e1:64:c6:50:1d:83:1b:ae:e4:7e:3b:70:ed:cd:52:
         2b:13:73:63:c3:60:a6:f0:24:db:cb:17:55:ea:bf:d8:a4:eb:
         a6:db:ca:85:09:16:bb:09:8e:d9:81:84:8e:3e:2b:c8:9e:05:
         4f:6e:f9:e8:90:c5:fe:da:68:33:dd:f6:2b:ea:97:26:fc:63:
         69:b8:e2:0f:c8:e0:26:e0:76:f0:85:14:01:fc:cf:93:64:7d:
         b3:71:1a:64:f3:c9:6a:7c:6b:a2:ac:10:b0:88:6a:2a:1b:a9:
         27:82:3f:d0:de:bd:dc:83:af:26:d9:bd:d9:9a:ce:89:6b:20:
         3a:3f:16:7c:c5:b1:a0:8b:e2:6f:4f:21:e3:c0:3d:ce:2f:4f:
         70:99:13:fd:78:71:a5:e4:cb:73:41:5c:d1:94:f6:11:00:a9:
         bf:ec:a6:ff:8a:07:d6:14:af:52:e1:1a:a6:60:87:57:a0:6f:
         af:e8:4c:85:1b:86:43:05:6c:67:08:72:ca:0d:d4:9c:ea:bf:
         5c:0b:ef:24:27:b5:da:15:71:10:ec:9a:41:d6:d7:b5:a9:4e:
         55:ee:e3:4d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZjfyRJjndFS30nqdK91nQPIk2/8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MDEyMjE5NDdaFw0yNzA1MzEyMjI0NDdaMDMxMTAvBgNV
BAMTKEMzNjZEQzc4M0JGMTE3NzgwNDFEMkNCQjdDRjZFQ0NEQTA0OUUwRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQXjPnJfolttRl1J+G5Jn9Nu8X
htTvTJScgQVdvN9FzElB7odo0yXiqF6qNyPkgxaSbDnUE1UUHdHd7aJFMUVuvfU2
G4xyfiWFkZWUr8jTIjWlaxpWuzsgSqCMbTnLMzhIuVUv0QyTN/C4C9hoE0LhQij8
abn8u7PNM3ih8GC8k9UpSWhQ5ffesQ8IbH8qRd2DU2uzmk4R/MESjAH2Gd+y5r9o
yYcysGGQH8KrtpQ2sv1yvdwpHxLuC9iue03YyaKNPMFQF0AeCyhAzcXbkePNsfCy
wgNPtFIom3BaKHS+AmoHcqtgaawD2JATddgfnCKXSOwogSOtuVkPw/xRbFSvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUw2bceDvxF3gEHSy7fPbszaBJ4NYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzMDJlMzIzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMyMzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Q
HDANBgkqhkiG9w0BAQsFAAOCAQEAA3kEZmBN9jkOxUwF02KKaxVIBfjlKDvGV8EW
9BrtHELDZjzt+kzg4WTGUB2DG67kfjtw7c1SKxNzY8NgpvAk28sXVeq/2KTrptvK
hQkWuwmO2YGEjj4ryJ4FT2756JDF/tpoM932K+qXJvxjabjiD8jgJuB28IUUAfzP
k2R9s3EaZPPJanxroqwQsIhqKhupJ4I/0N693IOvJtm92ZrOiWsgOj8WfMWxoIvi
b08h48A9zi9PcJkT/XhxpeTLc0Fc0ZT2EQCpv+ym/4oH1hSvUuEapmCHV6Bvr+hM
hRuGQwVsZwhyyg3UnOq/XAvvJCe12hVxEOyaQdbXtalOVe7jTQ==
-----END CERTIFICATE-----