Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e362e302f32342d3234203d3e20313531333839.roa
File:                     3231372e32352e362e302f32342d3234203d3e20313531333839.roa (raw, json)
Hash identifier:          7io71Z7e3prfZYGBiZo+qcVjsUHTCxzskRDmwMsuWN4=
Subject key identifier:   13:D7:91:84:3A:0D:FC:93:6A:CA:FE:E1:90:7E:9E:17:80:7C:33:E3
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       2A55646EDDF815399F877FDCA3C59CF727B6AD40
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e362e302f32342d3234203d3e20313531333839.roa
Signing time:             Thu 07 May 2026 15:34:40 +0000
ROA not before:           Thu 07 May 2026 15:29:40 +0000
ROA not after:            Thu 06 May 2027 15:34:40 +0000
asID:                     151389
IP address blocks:        217.25.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:14:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:55:64:6e:dd:f8:15:39:9f:87:7f:dc:a3:c5:9c:f7:27:b6:ad:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May  7 15:29:40 2026 GMT
            Not After : May  6 15:34:40 2027 GMT
        Subject: CN=13D791843A0DFC936ACAFEE1907E9E17807C33E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ec:aa:23:8e:3d:1d:1e:2d:2f:cc:9d:ac:27:
                    f5:ad:f2:46:33:fd:b8:0b:58:83:08:cc:72:1b:90:
                    9e:49:9b:74:02:8e:6f:5d:e6:ea:91:45:a1:e9:89:
                    5a:9a:e4:08:29:b8:f6:66:e0:ce:97:20:45:cd:9f:
                    54:e8:83:2e:f3:26:ab:f5:1b:2a:09:a1:50:95:1b:
                    aa:04:8f:20:f0:4b:54:92:c6:75:56:ba:1e:ff:c5:
                    81:9d:8b:8c:d0:35:b4:cd:ce:10:25:f1:25:b9:09:
                    15:cf:6d:1d:06:55:01:2b:1c:00:5c:1b:cd:39:fc:
                    23:4e:bb:b0:31:0b:3e:cd:35:62:e2:36:32:d8:d0:
                    cd:5b:85:08:14:ca:ed:18:2d:45:ad:35:f2:10:3c:
                    a1:e8:8b:2f:ef:c0:df:c6:d3:72:ec:34:8d:e7:c0:
                    a6:53:f3:1a:a4:de:7c:a0:a2:29:f3:fc:e4:99:3c:
                    58:44:2e:c3:da:7b:d8:c0:3d:ec:c0:e8:56:51:0f:
                    83:86:4d:b0:8e:63:f7:44:1b:ac:25:28:99:64:43:
                    3f:a5:67:8d:ae:47:b3:17:cc:11:67:bc:f6:80:aa:
                    0a:27:36:a2:c9:22:77:1a:60:c7:8f:ac:98:b0:ae:
                    7f:6f:74:23:93:9f:82:52:6d:f5:c1:5d:6f:05:4a:
                    f5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D7:91:84:3A:0D:FC:93:6A:CA:FE:E1:90:7E:9E:17:80:7C:33:E3
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e362e302f32342d3234203d3e20313531333839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:c9:98:e2:fb:61:bd:14:f4:a3:67:d5:db:ac:50:f7:e3:c0:
         41:bd:20:86:cc:cc:b9:f1:82:b7:2d:96:0f:59:29:38:c0:fe:
         35:cb:48:33:84:9e:d8:79:9b:db:10:43:a7:26:7a:05:b9:bd:
         5d:7a:3c:c8:6f:6b:07:0b:d1:c2:3f:3e:39:68:3d:c5:d0:32:
         a7:c0:6b:97:ca:ba:1f:10:03:c4:91:3e:35:59:a0:63:67:2f:
         72:aa:08:19:d6:72:3b:47:5c:d4:57:26:13:1e:0b:08:66:eb:
         d2:53:9b:53:fd:23:f8:75:99:38:98:c4:2e:90:08:07:ff:13:
         4d:3c:58:d5:46:dd:e0:c7:2e:92:6e:d0:c4:ce:6f:4e:9c:42:
         c4:34:27:0a:a5:49:aa:52:98:4d:af:db:dd:28:35:61:76:0e:
         32:5f:06:ff:0c:25:25:f5:18:d6:07:4c:2c:24:a5:6f:45:b7:
         a8:cd:93:42:ca:ab:fd:25:64:f1:73:66:ce:64:e0:38:3d:37:
         d7:46:02:c6:90:ba:34:64:58:3d:dd:ac:da:4b:96:ee:9b:d6:
         8f:39:20:46:3f:21:79:10:90:e9:7e:48:08:b0:3e:97:26:a5:
         0a:8e:fb:af:fd:e9:44:b7:ff:c1:4f:84:48:93:ee:3c:bb:09:
         90:8f:0a:28
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKlVkbt34FTmfh3/co8Wc9ye2rUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MDcxNTI5NDBaFw0yNzA1MDYxNTM0NDBaMDMxMTAvBgNV
BAMTKDEzRDc5MTg0M0EwREZDOTM2QUNBRkVFMTkwN0U5RTE3ODA3QzMzRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU7Kojjj0dHi0vzJ2sJ/Wt8kYz
/bgLWIMIzHIbkJ5Jm3QCjm9d5uqRRaHpiVqa5AgpuPZm4M6XIEXNn1Togy7zJqv1
GyoJoVCVG6oEjyDwS1SSxnVWuh7/xYGdi4zQNbTNzhAl8SW5CRXPbR0GVQErHABc
G805/CNOu7AxCz7NNWLiNjLY0M1bhQgUyu0YLUWtNfIQPKHoiy/vwN/G03LsNI3n
wKZT8xqk3nygoinz/OSZPFhELsPae9jAPezA6FZRD4OGTbCOY/dEG6wlKJlkQz+l
Z42uR7MXzBFnvPaAqgonNqLJIncaYMePrJiwrn9vdCOTn4JSbfXBXW8FSvWPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUE9eRhDoN/JNqyv7hkH6eF4B8M+MwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzMTMzMzgzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
BjANBgkqhkiG9w0BAQsFAAOCAQEAS8mY4vthvRT0o2fV26xQ9+PAQb0ghszMufGC
ty2WD1kpOMD+NctIM4Se2Hmb2xBDpyZ6Bbm9XXo8yG9rBwvRwj8+OWg9xdAyp8Br
l8q6HxADxJE+NVmgY2cvcqoIGdZyO0dc1FcmEx4LCGbr0lObU/0j+HWZOJjELpAI
B/8TTTxY1Ubd4Mcukm7QxM5vTpxCxDQnCqVJqlKYTa/b3Sg1YXYOMl8G/wwlJfUY
1gdMLCSlb0W3qM2TQsqr/SVk8XNmzmTgOD0310YCxpC6NGRYPd2s2kuW7pvWjzkg
Rj8heRCQ6X5ICLA+lyalCo77r/3pRLf/wU+ESJPuPLsJkI8KKA==
-----END CERTIFICATE-----