Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230372e302f32342d3234203d3e20383334.roa
File:                     3231372e3231362e3230372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Fg8b1WejmVzrZyquxiq0HnXWfgmeci5x/2W7EXrhvzg=
Subject key identifier:   97:AA:3E:09:6C:C1:FC:B4:41:0C:DA:B1:60:1C:AB:73:61:E9:A2:69
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6AA31FC9BD5EFD872F4D9CCFDFE7EFB77FBE5A03
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230372e302f32342d3234203d3e20383334.roa
Signing time:             Mon 23 Mar 2026 21:02:12 +0000
ROA not before:           Mon 23 Mar 2026 20:57:12 +0000
ROA not after:            Mon 22 Mar 2027 21:02:12 +0000
asID:                     834
IP address blocks:        217.216.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:a3:1f:c9:bd:5e:fd:87:2f:4d:9c:cf:df:e7:ef:b7:7f:be:5a:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 23 20:57:12 2026 GMT
            Not After : Mar 22 21:02:12 2027 GMT
        Subject: CN=97AA3E096CC1FCB4410CDAB1601CAB7361E9A269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2a:a3:b8:61:8f:be:b7:d0:1e:33:59:4c:2e:
                    c0:12:3a:e1:23:ee:7b:d6:ad:8a:c0:e3:63:89:40:
                    2e:a2:dd:d3:ff:7d:6f:3f:11:e5:7f:6c:94:c6:7e:
                    44:0d:d9:7f:cb:c7:85:48:64:0f:cb:26:54:c1:57:
                    7c:f5:f4:b3:ae:7e:6c:a8:48:a4:ca:47:b8:7d:0a:
                    49:fc:71:29:0b:2a:c1:1e:61:8c:76:24:c7:a6:b0:
                    fb:c4:2d:a8:a4:1b:19:8a:fa:ab:22:19:ba:91:e3:
                    bd:d8:1c:ef:35:94:0c:16:ed:45:40:39:b8:12:17:
                    a0:a9:5b:41:13:e5:2f:fd:bf:35:5f:74:32:d2:cf:
                    86:b6:7c:5b:f3:d0:ad:02:68:0a:a9:33:1c:20:ea:
                    6c:b4:db:38:0d:78:73:73:8c:60:3f:09:86:23:0d:
                    7d:68:6f:5e:d9:09:1d:9d:5a:be:24:a9:e5:3a:38:
                    50:78:88:7a:f2:33:21:94:4e:81:a4:9d:1f:ba:25:
                    79:95:de:90:0d:1c:33:56:0c:33:b2:f4:43:52:33:
                    1a:ce:41:5e:4b:c2:2b:32:65:a6:af:98:f9:93:6e:
                    96:57:2e:24:92:8f:4f:71:58:ac:de:c2:78:d1:ec:
                    b7:9a:bb:50:22:d7:83:ca:8e:46:ea:9a:57:76:2f:
                    a3:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:AA:3E:09:6C:C1:FC:B4:41:0C:DA:B1:60:1C:AB:73:61:E9:A2:69
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ba:96:10:c2:48:e5:e8:82:eb:a8:80:54:ec:57:62:b1:b9:
         ce:6d:64:df:b9:ec:a1:0b:85:d6:6d:b9:a1:9f:a8:9e:ca:2d:
         dc:b6:57:bc:ce:4e:96:81:c2:66:9f:4d:d8:a0:65:da:87:76:
         11:0b:7a:84:16:fd:69:b5:48:81:95:26:3e:f1:2a:d9:83:5b:
         f0:84:c5:9b:af:54:db:3d:5b:1c:77:dc:d0:f0:7d:bc:72:c2:
         6b:91:21:45:a9:7e:7a:92:24:ab:c1:62:6a:fc:3e:b3:67:e5:
         65:f4:d1:41:55:93:aa:74:84:0a:1e:fa:d3:1b:af:2e:25:aa:
         ed:28:55:3b:f3:79:48:7a:12:61:47:6b:0e:6a:ef:84:bf:5b:
         67:a6:b4:a7:94:9a:ab:cb:6f:2a:7c:5d:5f:02:da:02:c4:99:
         2d:80:25:be:56:39:f4:c5:a2:25:5b:50:7c:5e:e2:36:46:fb:
         11:28:fa:88:d9:6b:fe:53:60:7f:a5:78:df:e3:42:3a:04:87:
         6f:0b:b9:53:58:1b:39:69:ac:23:d9:12:9a:94:c5:9c:35:5f:
         3a:0b:e9:64:ec:2b:c4:71:d1:5c:bf:1c:c8:4d:b4:97:23:a0:
         1e:95:7a:2e:6d:04:66:de:90:ee:df:63:a0:7d:6a:a1:a1:43:
         94:b0:c7:88
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUaqMfyb1e/YcvTZzP3+fvt3++WgMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMjMyMDU3MTJaFw0yNzAzMjIyMTAyMTJaMDMxMTAvBgNV
BAMTKDk3QUEzRTA5NkNDMUZDQjQ0MTBDREFCMTYwMUNBQjczNjFFOUEyNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+KqO4YY++t9AeM1lMLsASOuEj
7nvWrYrA42OJQC6i3dP/fW8/EeV/bJTGfkQN2X/Lx4VIZA/LJlTBV3z19LOufmyo
SKTKR7h9Ckn8cSkLKsEeYYx2JMemsPvELaikGxmK+qsiGbqR473YHO81lAwW7UVA
ObgSF6CpW0ET5S/9vzVfdDLSz4a2fFvz0K0CaAqpMxwg6my02zgNeHNzjGA/CYYj
DX1ob17ZCR2dWr4kqeU6OFB4iHryMyGUToGknR+6JXmV3pANHDNWDDOy9ENSMxrO
QV5LwisyZaavmPmTbpZXLiSSj09xWKzewnjR7Leau1Ai14PKjkbqmld2L6NnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUl6o+CWzB/LRBDNqxYByrc2HpomkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzAzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnY
zzANBgkqhkiG9w0BAQsFAAOCAQEAN7qWEMJI5eiC66iAVOxXYrG5zm1k37nsoQuF
1m25oZ+onsot3LZXvM5OloHCZp9N2KBl2od2EQt6hBb9abVIgZUmPvEq2YNb8ITF
m69U2z1bHHfc0PB9vHLCa5EhRal+epIkq8Fiavw+s2flZfTRQVWTqnSECh760xuv
LiWq7ShVO/N5SHoSYUdrDmrvhL9bZ6a0p5Saq8tvKnxdXwLaAsSZLYAlvlY59MWi
JVtQfF7iNkb7ESj6iNlr/lNgf6V43+NCOgSHbwu5U1gbOWmsI9kSmpTFnDVfOgvp
ZOwrxHHRXL8cyE20lyOgHpV6Lm0EZt6Q7t9joH1qoaFDlLDHiA==
-----END CERTIFICATE-----