Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e382e302f32342d3234203d3e20313531333839.roa
File:                     3231372e32352e382e302f32342d3234203d3e20313531333839.roa (raw, json)
Hash identifier:          ION442ZnInYYQy2Ta0C69D4We7O4SxjZisdqNNvMBQ8=
Subject key identifier:   35:A0:B0:85:84:30:5B:BC:71:29:42:B8:97:9B:F4:3C:11:0F:77:25
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       0595FB714D9A6F8DBE2F86F1588988B0840E81F4
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e382e302f32342d3234203d3e20313531333839.roa
Signing time:             Fri 08 May 2026 06:06:40 +0000
ROA not before:           Fri 08 May 2026 06:01:40 +0000
ROA not after:            Fri 07 May 2027 06:06:40 +0000
asID:                     151389
IP address blocks:        217.25.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:14:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:95:fb:71:4d:9a:6f:8d:be:2f:86:f1:58:89:88:b0:84:0e:81:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May  8 06:01:40 2026 GMT
            Not After : May  7 06:06:40 2027 GMT
        Subject: CN=35A0B08584305BBC712942B8979BF43C110F7725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a4:be:7b:52:2b:22:61:ce:ef:59:ed:b9:87:
                    ad:ec:b9:a5:ce:8c:24:33:90:b5:de:b5:79:1b:4b:
                    c0:24:f5:5e:11:63:31:c7:39:05:83:c4:26:ac:fe:
                    99:4d:db:69:46:be:b9:6d:91:cb:b1:29:05:68:09:
                    b7:6b:8f:48:48:80:d9:e8:b6:15:f1:29:cf:88:e0:
                    2e:33:13:4c:e2:85:1a:e7:6e:d5:42:a1:e1:04:91:
                    ec:f0:bb:3b:e2:4f:72:42:f0:2a:97:77:11:66:fc:
                    ce:ee:92:68:22:c2:06:6a:a0:13:03:90:14:8d:ea:
                    6e:d5:73:bb:b6:c8:79:a7:e8:24:d7:4a:4c:d0:a4:
                    a9:92:a0:65:f3:df:c0:de:9a:6b:96:4c:24:ad:e0:
                    05:7b:6d:61:12:f3:c6:dc:87:b9:ea:78:81:35:ab:
                    db:eb:51:ae:94:19:87:68:f3:87:57:d6:20:b1:8c:
                    5f:1d:7c:e1:fb:3a:79:86:83:2e:52:9d:ca:86:d4:
                    ad:4d:6b:6d:cc:13:9c:43:50:3d:bf:55:24:bb:cf:
                    5b:ac:bc:62:ff:1b:25:d4:65:ed:96:1a:84:fc:aa:
                    9c:73:88:0a:84:fe:02:d8:41:14:53:cc:63:c1:0d:
                    f7:a0:8a:2f:be:89:33:cf:2d:d6:d4:10:e6:57:9d:
                    95:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A0:B0:85:84:30:5B:BC:71:29:42:B8:97:9B:F4:3C:11:0F:77:25
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e382e302f32342d3234203d3e20313531333839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:89:33:6b:7c:85:fb:6f:0a:0a:1f:89:9d:fd:b9:1b:98:e5:
         00:3e:e1:7d:98:60:c6:fb:06:d7:ce:57:04:e0:56:09:45:17:
         4c:63:18:33:3c:d6:fb:a5:4e:2a:ff:e3:ab:62:0a:91:29:ac:
         65:ba:5b:42:f3:f8:1f:ff:36:c0:74:6f:01:71:f4:66:73:a4:
         36:e5:4e:84:17:be:f3:fd:3e:1d:da:d2:96:bd:98:6d:73:0c:
         78:bd:29:b0:45:87:26:62:f8:40:5b:8d:c9:9e:4b:e2:de:8e:
         a5:35:9c:b8:e8:e2:69:b0:5f:4a:fd:54:e4:48:e5:24:6e:85:
         a3:be:04:5a:f9:7d:2f:ee:e7:da:c1:df:06:3f:58:b7:92:ec:
         6a:a8:c8:6c:fb:b8:0f:9f:32:5b:f2:0b:ef:d4:e6:0e:0c:34:
         6a:5e:41:28:53:ca:dd:17:38:dc:4d:0d:0e:89:f9:46:7f:da:
         b2:f5:d4:d7:7b:90:98:76:e4:c7:34:db:97:21:88:1b:f7:eb:
         f2:75:6c:51:34:db:40:f9:9b:ab:1d:97:da:89:53:00:fc:60:
         f2:ef:dd:b0:53:9f:2e:67:ae:0d:09:46:56:01:c1:66:9c:f9:
         de:f6:eb:17:50:17:b1:1a:3a:a2:5e:e8:40:52:a7:81:58:e7:
         e8:63:84:14
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBZX7cU2ab42+L4bxWImIsIQOgfQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MDgwNjAxNDBaFw0yNzA1MDcwNjA2NDBaMDMxMTAvBgNV
BAMTKDM1QTBCMDg1ODQzMDVCQkM3MTI5NDJCODk3OUJGNDNDMTEwRjc3MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbpL57UisiYc7vWe25h63suaXO
jCQzkLXetXkbS8Ak9V4RYzHHOQWDxCas/plN22lGvrltkcuxKQVoCbdrj0hIgNno
thXxKc+I4C4zE0zihRrnbtVCoeEEkezwuzviT3JC8CqXdxFm/M7ukmgiwgZqoBMD
kBSN6m7Vc7u2yHmn6CTXSkzQpKmSoGXz38DemmuWTCSt4AV7bWES88bch7nqeIE1
q9vrUa6UGYdo84dX1iCxjF8dfOH7OnmGgy5SncqG1K1Na23ME5xDUD2/VSS7z1us
vGL/GyXUZe2WGoT8qpxziAqE/gLYQRRTzGPBDfegii++iTPPLdbUEOZXnZVVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUNaCwhYQwW7xxKUK4l5v0PBEPdyUwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzMTMzMzgzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
CDANBgkqhkiG9w0BAQsFAAOCAQEATIkza3yF+28KCh+Jnf25G5jlAD7hfZhgxvsG
185XBOBWCUUXTGMYMzzW+6VOKv/jq2IKkSmsZbpbQvP4H/82wHRvAXH0ZnOkNuVO
hBe+8/0+HdrSlr2YbXMMeL0psEWHJmL4QFuNyZ5L4t6OpTWcuOjiabBfSv1U5Ejl
JG6Fo74EWvl9L+7n2sHfBj9Yt5LsaqjIbPu4D58yW/IL79TmDgw0al5BKFPK3Rc4
3E0NDon5Rn/asvXU13uQmHbkxzTblyGIG/fr8nVsUTTbQPmbqx2X2olTAPxg8u/d
sFOfLmeuDQlGVgHBZpz53vbrF1AXsRo6ol7oQFKngVjn6GOEFA==
-----END CERTIFICATE-----