Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31312e302f32342d3234203d3e203432383331.roa
File:                     3231372e32352e31312e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          LBGC7WX7bJkBy0/v1ZbPU/RfYLNVgPcvPJyw+DpE2j8=
Subject key identifier:   85:AD:9A:5B:22:98:2A:F3:24:82:B8:AA:19:B9:77:C9:C3:E4:4B:7C
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       43A9226320294E075BE9F12164CF52C30B7D784C
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31312e302f32342d3234203d3e203432383331.roa
Signing time:             Sat 25 Apr 2026 14:02:51 +0000
ROA not before:           Sat 25 Apr 2026 13:57:51 +0000
ROA not after:            Sat 24 Apr 2027 14:02:51 +0000
asID:                     42831
IP address blocks:        217.25.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:14:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:a9:22:63:20:29:4e:07:5b:e9:f1:21:64:cf:52:c3:0b:7d:78:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Apr 25 13:57:51 2026 GMT
            Not After : Apr 24 14:02:51 2027 GMT
        Subject: CN=85AD9A5B22982AF32482B8AA19B977C9C3E44B7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ba:44:96:ac:6b:64:4c:75:36:06:ea:bc:4a:
                    4f:dc:ad:a3:47:a7:e4:c0:16:ed:cf:ea:3d:d4:b9:
                    f3:d3:6f:55:2a:2f:9c:19:33:48:5a:00:12:e6:e7:
                    c6:43:ef:81:a2:9b:8c:5d:af:31:77:a8:8c:b5:1f:
                    e9:ce:6c:78:9d:ff:7b:59:a3:67:e9:1a:b0:51:7b:
                    70:32:88:04:ff:57:d9:8d:ed:54:f2:a4:8f:94:7a:
                    09:98:f1:06:23:d2:28:6f:7e:b3:76:f6:54:81:5c:
                    80:7d:ec:4c:b0:92:74:ca:41:0b:c6:1e:d3:40:51:
                    1d:53:8c:2a:ae:e5:99:9d:ae:75:ec:bb:57:d9:bb:
                    07:84:e7:d4:54:28:3b:b9:64:90:f7:0e:99:bf:fc:
                    6a:93:21:ed:02:de:e9:f3:99:69:e1:a5:d5:31:fb:
                    3f:87:34:c4:df:1f:75:78:51:49:8c:63:5a:6c:77:
                    cf:2c:b6:5e:0a:dd:37:d1:f0:42:52:74:9e:b2:25:
                    2c:bb:d4:e0:fd:bb:23:20:fc:79:18:06:0d:fe:b1:
                    bd:8a:b8:a3:cd:2e:00:27:08:94:36:bb:6e:f4:ac:
                    3e:ed:6e:c7:4d:26:8a:97:9f:1f:bb:e4:68:cb:8d:
                    ab:a1:a9:16:a5:ac:12:cf:39:7f:7e:bf:1e:70:04:
                    c8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:AD:9A:5B:22:98:2A:F3:24:82:B8:AA:19:B9:77:C9:C3:E4:4B:7C
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31312e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:fb:52:fe:59:08:68:0d:31:40:8e:a5:75:4c:91:f9:93:5e:
         bc:bf:a7:64:ba:0e:9c:b6:86:c3:66:01:5e:9b:a8:e1:4f:e7:
         cc:cc:50:ef:ff:73:dd:b5:fe:6f:f6:60:da:fc:76:07:95:69:
         ea:b9:a1:21:b8:f3:4e:2a:01:d1:ba:d9:fc:34:a7:bc:e5:99:
         4f:68:d8:0a:97:eb:fa:31:2a:80:21:2b:be:9a:23:cb:d4:f4:
         c2:bf:7e:97:80:b0:d7:79:75:3f:68:2f:d9:ed:f0:8d:31:e1:
         b5:71:b7:bc:35:7f:21:9b:dc:03:a2:b8:51:43:41:9d:83:b9:
         fa:f9:bc:0d:28:92:ae:6f:80:aa:76:9e:99:df:9a:52:f8:ac:
         cd:86:59:5e:b0:63:83:44:8e:0c:51:32:02:d5:78:48:bd:3a:
         9a:e6:54:5d:74:2c:eb:87:fc:c4:70:e6:cd:88:4e:00:4b:be:
         b7:a6:fe:d1:18:4f:0b:e9:1c:19:d1:3a:fe:d7:7b:eb:ce:5e:
         25:85:ef:7d:28:ac:9a:b5:4f:8d:9f:f8:ea:98:36:4a:52:98:
         ce:61:8f:a9:97:f2:86:2c:2e:ca:8c:e3:a1:12:8d:69:3c:dd:
         cb:f2:77:7a:f0:99:66:c1:37:e8:6b:ac:db:90:35:d4:ca:da:
         c0:7a:89:06
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQ6kiYyApTgdb6fEhZM9Swwt9eEwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MjUxMzU3NTFaFw0yNzA0MjQxNDAyNTFaMDMxMTAvBgNV
BAMTKDg1QUQ5QTVCMjI5ODJBRjMyNDgyQjhBQTE5Qjk3N0M5QzNFNDRCN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdukSWrGtkTHU2Buq8Sk/craNH
p+TAFu3P6j3UufPTb1UqL5wZM0haABLm58ZD74Gim4xdrzF3qIy1H+nObHid/3tZ
o2fpGrBRe3AyiAT/V9mN7VTypI+UegmY8QYj0ihvfrN29lSBXIB97EywknTKQQvG
HtNAUR1TjCqu5ZmdrnXsu1fZuweE59RUKDu5ZJD3Dpm//GqTIe0C3unzmWnhpdUx
+z+HNMTfH3V4UUmMY1psd88stl4K3TfR8EJSdJ6yJSy71OD9uyMg/HkYBg3+sb2K
uKPNLgAnCJQ2u270rD7tbsdNJoqXnx+75GjLjauhqRalrBLPOX9+vx5wBMgBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUha2aWyKYKvMkgriqGbl3ycPkS3wwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM4MzMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
CzANBgkqhkiG9w0BAQsFAAOCAQEAN/tS/lkIaA0xQI6ldUyR+ZNevL+nZLoOnLaG
w2YBXpuo4U/nzMxQ7/9z3bX+b/Zg2vx2B5Vp6rmhIbjzTioB0brZ/DSnvOWZT2jY
Cpfr+jEqgCErvpojy9T0wr9+l4Cw13l1P2gv2e3wjTHhtXG3vDV/IZvcA6K4UUNB
nYO5+vm8DSiSrm+Aqnaemd+aUviszYZZXrBjg0SODFEyAtV4SL06muZUXXQs64f8
xHDmzYhOAEu+t6b+0RhPC+kcGdE6/td7685eJYXvfSismrVPjZ/46pg2SlKYzmGP
qZfyhiwuyozjoRKNaTzdy/J3evCZZsE36Gus25A11MrawHqJBg==
-----END CERTIFICATE-----