Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3134382e302f32322d3234203d3e20383334.roa
File:                     3231372e3231362e3134382e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          /mB1yA50i2AZGHgKWlN3cgDpWnopcG0e4In5SSMzzWs=
Subject key identifier:   C0:5E:99:E3:2F:84:21:7A:43:63:95:66:68:BB:B0:FB:F7:C6:75:80
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       29C0307AF1FB2DE38F55B6F9ABA852159BDE444D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3134382e302f32322d3234203d3e20383334.roa
Signing time:             Wed 22 Apr 2026 12:52:08 +0000
ROA not before:           Wed 22 Apr 2026 12:47:08 +0000
ROA not after:            Wed 21 Apr 2027 12:52:08 +0000
asID:                     834
IP address blocks:        217.216.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:c0:30:7a:f1:fb:2d:e3:8f:55:b6:f9:ab:a8:52:15:9b:de:44:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 22 12:47:08 2026 GMT
            Not After : Apr 21 12:52:08 2027 GMT
        Subject: CN=C05E99E32F84217A4363956668BBB0FBF7C67580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:af:da:4b:d1:38:f4:c3:52:eb:b6:19:91:18:
                    72:ad:d3:84:a3:40:a4:fe:76:25:0e:44:55:cd:a7:
                    2d:ec:8f:a5:d6:a6:30:94:9b:89:c9:d4:3e:86:f4:
                    7a:1e:53:35:c6:43:4f:a1:b0:d9:6e:3f:c5:26:2c:
                    0d:d0:5b:f1:52:a7:3e:63:17:c1:03:8d:24:2b:5f:
                    cc:a6:02:5d:54:ce:9a:ff:26:3e:86:7a:7f:60:55:
                    68:5c:c5:20:df:9c:5d:cb:49:bf:74:bf:12:f1:7b:
                    6b:3b:80:76:83:36:db:a2:e9:79:63:5c:d6:87:be:
                    54:3c:80:5b:8b:35:7d:77:db:ab:f6:e9:d4:31:2d:
                    e4:fc:b6:72:ee:36:9e:6e:83:2b:9b:69:21:3b:3c:
                    8c:66:f1:93:39:8e:09:23:b7:17:73:6a:66:63:2c:
                    99:1a:00:af:18:a8:85:06:d5:83:9b:ad:fe:f4:a6:
                    8b:22:ed:23:a7:12:c5:c9:83:14:a7:6a:c9:7c:54:
                    4f:b7:5c:7a:ec:10:a1:bd:49:a1:45:ca:86:24:df:
                    75:1f:ad:b7:69:b1:98:3a:f9:ee:b0:c8:ea:ee:92:
                    0c:23:00:c4:d3:f5:e6:80:9e:63:a6:2f:4d:12:43:
                    47:f1:49:46:30:8d:c9:8d:88:25:65:35:c7:78:77:
                    41:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:5E:99:E3:2F:84:21:7A:43:63:95:66:68:BB:B0:FB:F7:C6:75:80
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3134382e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:5c:c8:d5:36:7f:c9:ff:21:59:82:b3:83:bd:88:15:26:9c:
         8e:5a:38:c5:37:88:35:8d:0c:25:cd:8a:b1:66:f9:93:75:2a:
         6d:35:20:ed:f0:a1:cb:63:13:ae:8f:f2:ad:8d:e7:2a:5d:ee:
         8c:a2:70:c0:b8:35:a6:66:f3:bb:db:37:02:de:7e:b9:08:27:
         99:a2:e5:88:37:50:5c:bd:09:22:fc:2a:a3:0a:20:cb:9f:e7:
         04:56:53:c1:3e:5f:a5:d8:3f:78:e0:52:b2:0c:80:5d:c5:90:
         61:8c:71:d1:e2:42:51:fe:f1:5d:dd:6c:f7:5c:ad:1d:2b:3c:
         4a:67:a7:4c:dc:d0:5e:91:3a:47:6e:df:5a:2f:67:c0:67:79:
         d6:94:63:82:a9:eb:f5:a3:6c:be:04:a8:f9:12:23:32:64:52:
         96:0b:9c:24:53:e7:b6:93:10:bd:d8:af:57:bb:70:25:36:27:
         36:96:ce:cb:79:43:a6:22:34:87:23:ef:f0:13:59:97:66:6e:
         3d:15:17:5b:c3:0e:7b:8d:a9:1b:ca:fe:70:be:31:27:77:bd:
         2a:e2:fe:24:79:a8:3e:97:2e:bf:6b:12:8b:3b:d0:1f:92:55:
         88:e7:6c:e7:ff:73:9b:0f:0d:e4:1c:3d:02:cb:90:ee:ac:9a:
         ec:2d:20:e6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKcAwevH7LeOPVbb5q6hSFZveRE0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjIxMjQ3MDhaFw0yNzA0MjExMjUyMDhaMDMxMTAvBgNV
BAMTKEMwNUU5OUUzMkY4NDIxN0E0MzYzOTU2NjY4QkJCMEZCRjdDNjc1ODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6r9pL0Tj0w1LrthmRGHKt04Sj
QKT+diUORFXNpy3sj6XWpjCUm4nJ1D6G9HoeUzXGQ0+hsNluP8UmLA3QW/FSpz5j
F8EDjSQrX8ymAl1Uzpr/Jj6Gen9gVWhcxSDfnF3LSb90vxLxe2s7gHaDNtui6Xlj
XNaHvlQ8gFuLNX1326v26dQxLeT8tnLuNp5ugyubaSE7PIxm8ZM5jgkjtxdzamZj
LJkaAK8YqIUG1YObrf70posi7SOnEsXJgxSnasl8VE+3XHrsEKG9SaFFyoYk33Uf
rbdpsZg6+e6wyOrukgwjAMTT9eaAnmOmL00SQ0fxSUYwjcmNiCVlNcd4d0FFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwF6Z4y+EIXpDY5VmaLuw+/fGdYAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMx
MzQzODJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnY
lDANBgkqhkiG9w0BAQsFAAOCAQEAfVzI1TZ/yf8hWYKzg72IFSacjlo4xTeINY0M
Jc2KsWb5k3UqbTUg7fChy2MTro/yrY3nKl3ujKJwwLg1pmbzu9s3At5+uQgnmaLl
iDdQXL0JIvwqowogy5/nBFZTwT5fpdg/eOBSsgyAXcWQYYxx0eJCUf7xXd1s91yt
HSs8SmenTNzQXpE6R27fWi9nwGd51pRjgqnr9aNsvgSo+RIjMmRSlgucJFPntpMQ
vdivV7twJTYnNpbOy3lDpiI0hyPv8BNZl2ZuPRUXW8MOe42pG8r+cL4xJ3e9KuL+
JHmoPpcuv2sSizvQH5JViOds5/9zmw8N5Bw9AsuQ7qya7C0g5g==
-----END CERTIFICATE-----