Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e302e302f32342d3234203d3e203531303832.roa
File:                     3231372e32352e302e302f32342d3234203d3e203531303832.roa (raw, json)
Hash identifier:          r+Zz3WVzXA07AoYsFrhfnagmX4oriEkd7cdwYOTPd78=
Subject key identifier:   7F:F3:58:8B:04:28:91:34:12:94:75:E0:F8:7B:4F:EC:E9:4F:C6:02
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       7786038A1550C475B75DCA595ACCB21152347E73
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e302e302f32342d3234203d3e203531303832.roa
Signing time:             Mon 04 May 2026 15:22:29 +0000
ROA not before:           Mon 04 May 2026 15:17:29 +0000
ROA not after:            Mon 03 May 2027 15:22:29 +0000
asID:                     51082
IP address blocks:        217.25.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:14:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:86:03:8a:15:50:c4:75:b7:5d:ca:59:5a:cc:b2:11:52:34:7e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May  4 15:17:29 2026 GMT
            Not After : May  3 15:22:29 2027 GMT
        Subject: CN=7FF3588B04289134129475E0F87B4FECE94FC602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b9:4b:cb:bc:af:7a:ee:e1:2f:22:69:b9:e3:
                    78:4e:46:90:0e:d7:c2:75:c6:dc:20:1e:00:c8:b5:
                    94:ab:52:74:54:c2:7a:05:46:2a:11:3b:66:5a:f1:
                    88:a1:2f:40:1a:46:a3:8e:b6:44:05:e7:28:25:3e:
                    b1:dd:05:a9:d4:31:25:91:c0:82:73:a4:d7:59:06:
                    37:11:b8:ed:9d:40:26:34:c4:f1:4e:69:55:77:c4:
                    af:ac:02:a6:e1:8a:8d:24:c4:e9:3d:87:bb:88:fd:
                    e3:7b:5a:c3:db:ba:f2:e4:ca:9a:86:e1:57:f8:9e:
                    07:76:5f:d8:db:3d:62:68:a3:7b:39:1b:45:b4:14:
                    29:07:3f:39:b6:d4:4e:55:db:e5:c7:8a:24:80:24:
                    91:01:d2:9c:a7:bf:8c:44:17:08:ce:a7:da:a1:36:
                    60:9d:47:85:67:dd:48:95:ab:a9:39:b6:2f:35:d5:
                    e2:53:2a:c7:cb:96:46:b8:a0:44:c4:00:b7:4f:b1:
                    75:99:bd:36:69:6f:33:82:db:f5:7b:0c:eb:26:c5:
                    05:65:36:35:d4:fb:de:48:b9:71:50:43:a0:dc:f6:
                    98:a5:41:f4:3b:c1:1e:88:a6:c4:9f:a4:6d:03:72:
                    8e:d6:64:f0:43:c8:2c:1d:b4:48:f6:cf:5f:94:3d:
                    42:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F3:58:8B:04:28:91:34:12:94:75:E0:F8:7B:4F:EC:E9:4F:C6:02
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e302e302f32342d3234203d3e203531303832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:4d:b4:2d:cd:b7:73:22:32:bf:47:42:32:ca:cf:47:6e:45:
         51:f1:8e:c6:1e:04:2e:08:89:f9:b6:9c:7a:89:50:fd:40:50:
         eb:24:b9:34:29:80:4d:25:37:1e:11:27:34:14:4a:fd:86:26:
         33:8d:3c:f5:3f:e5:6f:16:b8:80:28:59:26:8c:82:37:8f:e0:
         8e:f8:98:84:bf:c8:da:58:9e:c6:ef:e5:99:6a:fc:71:33:58:
         ef:02:fb:7d:55:0c:ca:ba:10:c1:e3:a7:9f:92:a8:2c:bc:4b:
         f5:47:d1:ba:ff:3d:6c:cd:22:e7:57:cf:68:3c:2e:ca:69:f1:
         1f:13:bb:54:1b:ed:35:f8:c5:cd:33:70:79:1a:a3:5b:bc:5f:
         b7:78:c0:04:93:58:50:86:0a:0e:04:8f:64:12:65:fc:68:20:
         80:00:b7:08:d2:47:fa:5d:fe:15:04:dc:6d:9d:8b:42:ef:8e:
         99:a5:ca:96:77:1e:63:40:79:f4:bc:d7:fc:01:d8:aa:fb:f2:
         76:bd:df:1a:f5:38:86:3d:c5:b1:2a:c6:81:a4:50:ca:55:97:
         bb:8f:cc:75:8d:9b:dc:03:cb:3a:ce:6c:22:c9:d6:05:a5:3e:
         f7:e8:51:68:22:ee:29:c9:c2:98:a0:83:79:df:95:ab:f3:09:
         5a:2f:c4:af
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUd4YDihVQxHW3XcpZWsyyEVI0fnMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MDQxNTE3MjlaFw0yNzA1MDMxNTIyMjlaMDMxMTAvBgNV
BAMTKDdGRjM1ODhCMDQyODkxMzQxMjk0NzVFMEY4N0I0RkVDRTk0RkM2MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiuUvLvK967uEvImm543hORpAO
18J1xtwgHgDItZSrUnRUwnoFRioRO2Za8YihL0AaRqOOtkQF5yglPrHdBanUMSWR
wIJzpNdZBjcRuO2dQCY0xPFOaVV3xK+sAqbhio0kxOk9h7uI/eN7WsPbuvLkypqG
4Vf4ngd2X9jbPWJoo3s5G0W0FCkHPzm21E5V2+XHiiSAJJEB0pynv4xEFwjOp9qh
NmCdR4Vn3UiVq6k5ti811eJTKsfLlka4oETEALdPsXWZvTZpbzOC2/V7DOsmxQVl
NjXU+95IuXFQQ6Dc9pilQfQ7wR6IpsSfpG0Dco7WZPBDyCwdtEj2z1+UPUI7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUf/NYiwQokTQSlHXg+HtP7OlPxgIwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzEzMDM4MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADZGQAw
DQYJKoZIhvcNAQELBQADggEBAJJNtC3Nt3MiMr9HQjLKz0duRVHxjsYeBC4Iifm2
nHqJUP1AUOskuTQpgE0lNx4RJzQUSv2GJjONPPU/5W8WuIAoWSaMgjeP4I74mIS/
yNpYnsbv5Zlq/HEzWO8C+31VDMq6EMHjp5+SqCy8S/VH0br/PWzNIudXz2g8Lspp
8R8Tu1Qb7TX4xc0zcHkao1u8X7d4wASTWFCGCg4Ej2QSZfxoIIAAtwjSR/pd/hUE
3G2di0LvjpmlypZ3HmNAefS81/wB2Kr78na93xr1OIY9xbEqxoGkUMpVl7uPzHWN
m9wDyzrObCLJ1gWlPvfoUWgi7inJwpigg3nflavzCVovxK8=
-----END CERTIFICATE-----