Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e35362e33362e302f32322d3332203d3e203430303231.roa
File:                     3231322e35362e33362e302f32322d3332203d3e203430303231.roa (raw, json)
Hash identifier:          RFQORJfL+HLy9tpeIwziFJnztqI2ho5CaFUBAGYQX3k=
Subject key identifier:   67:73:A1:F3:3D:CF:BC:4A:80:A5:4E:0B:88:BA:50:A6:C7:74:74:18
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1CDBDE010046784D273299B868DB0A33DADDB87E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e35362e33362e302f32322d3332203d3e203430303231.roa
Signing time:             Wed 15 Oct 2025 19:47:52 +0000
ROA not before:           Wed 15 Oct 2025 19:42:52 +0000
ROA not after:            Wed 14 Oct 2026 19:47:52 +0000
asID:                     40021
IP address blocks:        212.56.36.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:db:de:01:00:46:78:4d:27:32:99:b8:68:db:0a:33:da:dd:b8:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 15 19:42:52 2025 GMT
            Not After : Oct 14 19:47:52 2026 GMT
        Subject: CN=6773A1F33DCFBC4A80A54E0B88BA50A6C7747418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5a:de:35:54:72:0a:e3:66:c3:4f:97:e4:be:
                    c5:48:91:11:55:a4:f5:e3:2c:dd:c8:90:d6:52:c6:
                    09:bb:ec:52:43:a3:f0:ab:70:3a:aa:25:b1:cb:98:
                    b8:81:73:c9:94:94:c4:79:4f:82:93:59:43:ef:ea:
                    7f:ae:bf:c8:6a:3e:40:dc:7d:1c:9d:ba:b0:3e:2f:
                    2e:4a:3b:cc:7f:8e:9e:79:1b:1d:99:3e:66:42:97:
                    02:cb:f3:ec:f5:97:f6:12:e4:a9:cb:88:4c:dd:cd:
                    8c:06:1f:6d:64:07:5c:5e:82:2a:7e:56:05:2f:25:
                    77:d4:a4:1e:ec:1f:3b:6a:16:f2:ef:53:7c:3b:29:
                    b2:4c:3e:e2:83:06:15:72:fe:ac:b1:19:3f:2d:c0:
                    19:b9:af:43:ea:6a:f0:c7:7a:bd:be:60:61:0c:75:
                    19:d0:25:d2:ec:80:ff:6b:da:61:d7:75:3d:42:40:
                    82:92:9d:5f:bf:26:ae:57:46:ee:dd:eb:da:5c:10:
                    67:43:e8:99:db:3b:c4:01:f5:b1:24:eb:7e:0b:83:
                    14:69:80:e2:4c:47:ef:8e:2b:a4:82:08:20:56:67:
                    2b:49:ee:a2:89:be:31:e4:f5:6a:a3:bf:ed:cf:4f:
                    62:e8:03:f1:10:c8:80:fc:10:4c:e7:c4:a1:f1:2b:
                    f5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:73:A1:F3:3D:CF:BC:4A:80:A5:4E:0B:88:BA:50:A6:C7:74:74:18
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e35362e33362e302f32322d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.56.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:67:d6:8e:8f:89:8c:12:16:7e:97:6f:ca:92:4c:85:b7:9d:
         79:c1:ea:40:4c:2e:46:80:4a:b1:65:a6:de:b4:be:1c:62:b5:
         bc:1c:3f:67:5e:65:72:07:7c:92:77:44:38:47:7d:c4:ab:77:
         f5:91:19:f6:47:89:85:4d:4d:ab:bb:2d:e1:31:98:2a:eb:d1:
         af:1b:be:dc:77:a2:71:86:a3:cf:8f:89:84:8a:70:70:72:5b:
         27:5c:0d:c9:25:f7:0c:75:e1:3a:e7:43:dc:7c:a6:0c:c4:14:
         cf:7a:9a:a6:af:b3:a6:26:9a:a4:f0:a0:17:96:6e:3c:85:96:
         e1:81:4f:72:f9:77:fb:8d:c2:09:12:7f:ce:12:4f:77:3b:a7:
         77:9d:22:c2:5f:33:31:66:b5:ea:af:22:09:cb:90:f5:aa:4b:
         df:1b:8b:dd:66:c4:84:1d:e1:f4:0d:25:a4:84:da:3a:6d:11:
         2d:40:5c:6f:bd:a4:49:b2:be:e9:f3:35:72:11:74:53:38:f3:
         ad:ff:47:00:17:96:88:aa:6c:8f:10:34:69:b2:ed:51:15:97:
         a7:60:88:9b:ab:ec:ef:fb:bd:1f:b3:71:5f:d7:8d:9d:39:f1:
         14:c0:58:47:3f:19:7e:ea:7e:26:4a:85:2d:60:b8:7f:98:01:
         5c:88:7c:00
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHNveAQBGeE0nMpm4aNsKM9rduH4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMTUxOTQyNTJaFw0yNjEwMTQxOTQ3NTJaMDMxMTAvBgNV
BAMTKDY3NzNBMUYzM0RDRkJDNEE4MEE1NEUwQjg4QkE1MEE2Qzc3NDc0MTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmWt41VHIK42bDT5fkvsVIkRFV
pPXjLN3IkNZSxgm77FJDo/CrcDqqJbHLmLiBc8mUlMR5T4KTWUPv6n+uv8hqPkDc
fRydurA+Ly5KO8x/jp55Gx2ZPmZClwLL8+z1l/YS5KnLiEzdzYwGH21kB1xegip+
VgUvJXfUpB7sHztqFvLvU3w7KbJMPuKDBhVy/qyxGT8twBm5r0PqavDHer2+YGEM
dRnQJdLsgP9r2mHXdT1CQIKSnV+/Jq5XRu7d69pcEGdD6JnbO8QB9bEk634LgxRp
gOJMR++OK6SCCCBWZytJ7qKJvjHk9Wqjv+3PT2LoA/EQyID8EEznxKHxK/UXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUZ3Oh8z3PvEqApU4LiLpQpsd0dBgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTMyMmUzNTM2MmUzMzM2
MmUzMDJmMzIzMjJkMzMzMjIwM2QzZTIwMzQzMDMwMzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtQ4
JDANBgkqhkiG9w0BAQsFAAOCAQEAeGfWjo+JjBIWfpdvypJMhbedecHqQEwuRoBK
sWWm3rS+HGK1vBw/Z15lcgd8kndEOEd9xKt39ZEZ9keJhU1Nq7st4TGYKuvRrxu+
3HeicYajz4+JhIpwcHJbJ1wNySX3DHXhOudD3HymDMQUz3qapq+zpiaapPCgF5Zu
PIWW4YFPcvl3+43CCRJ/zhJPdzund50iwl8zMWa16q8iCcuQ9apL3xuL3WbEhB3h
9A0lpITaOm0RLUBcb72kSbK+6fM1chF0Uzjzrf9HABeWiKpsjxA0abLtURWXp2CI
m6vs7/u9H7NxX9eNnTnxFMBYRz8Zfup+JkqFLWC4f5gBXIh8AA==
-----END CERTIFICATE-----