Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e302e302f32302d3234203d3e20383334.roa
File:                     3231372e3231372e302e302f32302d3234203d3e20383334.roa (raw, json)
Hash identifier:          nddnDa0HtohBt8EcmRgOKIM5pCJYa/2LvbjbGePLLB0=
Subject key identifier:   3C:DC:70:7A:21:D9:4C:32:9C:07:36:E5:2B:B2:16:E8:74:C1:72:9F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       53E1CD13BF24778FE21B06381F6F507A7D44B313
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e302e302f32302d3234203d3e20383334.roa
Signing time:             Wed 22 Apr 2026 13:07:47 +0000
ROA not before:           Wed 22 Apr 2026 13:02:47 +0000
ROA not after:            Wed 21 Apr 2027 13:07:47 +0000
asID:                     834
IP address blocks:        217.217.0.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:e1:cd:13:bf:24:77:8f:e2:1b:06:38:1f:6f:50:7a:7d:44:b3:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 22 13:02:47 2026 GMT
            Not After : Apr 21 13:07:47 2027 GMT
        Subject: CN=3CDC707A21D94C329C0736E52BB216E874C1729F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:83:ae:d8:22:46:4a:cf:c9:9a:7c:1d:5b:11:
                    dd:08:72:94:29:fe:b4:1a:35:f7:8b:e6:42:0b:f4:
                    fe:f8:8f:a0:57:48:68:d8:09:af:28:4a:15:00:9f:
                    78:ed:97:27:0b:ee:14:52:16:4d:4d:46:2d:58:e3:
                    fb:e6:ec:d0:34:78:59:8c:94:92:f8:21:9a:de:98:
                    26:ef:da:f5:44:3d:b6:61:7d:1f:2f:61:89:ac:ec:
                    bf:99:c2:8c:c7:f2:e4:02:e0:f4:df:e5:23:43:8b:
                    2f:a4:48:a5:90:9c:0f:c2:1b:73:c0:14:b9:c2:3a:
                    49:da:1f:20:61:51:05:6c:c4:cd:94:3d:38:a0:40:
                    b2:61:93:36:87:6b:b5:8d:e2:91:05:94:73:6b:8c:
                    8e:4c:00:be:e8:31:92:a3:4e:99:b7:29:ab:05:2f:
                    32:2c:97:ca:ca:cf:f5:02:1e:f2:53:19:31:52:45:
                    85:3f:b9:bd:97:bb:98:7d:2f:24:83:3c:93:8c:40:
                    51:81:70:da:84:14:bb:33:36:a5:f9:90:ce:ef:71:
                    21:91:25:ec:67:7a:49:9e:e8:31:cb:fd:6b:d7:56:
                    55:e5:cd:a3:35:4d:5a:16:ec:e4:09:19:a1:f9:18:
                    da:6b:a6:c9:b6:f0:b7:f2:e2:3d:34:09:73:9d:95:
                    7b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:DC:70:7A:21:D9:4C:32:9C:07:36:E5:2B:B2:16:E8:74:C1:72:9F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e302e302f32302d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6b:47:d1:e9:30:18:7e:91:82:1d:53:77:61:41:1b:d7:fa:f6:
         2c:07:ef:72:84:b2:5d:6d:73:6d:9f:c4:ae:42:54:b9:88:e7:
         2f:b9:6a:c9:19:00:d7:45:af:49:33:c9:da:26:11:70:df:4e:
         45:39:df:53:4f:35:72:47:de:fd:f9:d8:9a:eb:dc:20:a8:1f:
         b9:ac:b0:0a:0b:16:ac:4c:56:c4:b5:db:7a:44:b4:f2:e2:ec:
         dc:03:b2:c1:71:48:06:67:c7:d5:5a:ea:95:28:d8:73:8f:ac:
         4a:aa:b5:e6:29:7b:bd:9b:22:eb:5e:9d:10:a9:c9:00:8f:4b:
         a3:06:4e:fa:1d:b3:58:71:cb:f1:44:a8:d0:28:11:78:3c:2c:
         66:06:5f:91:75:b2:73:14:13:d6:30:12:09:0e:53:74:b3:77:
         cb:09:29:69:23:ed:c8:40:25:b8:37:52:73:cc:c4:09:5a:1e:
         d5:8c:28:24:00:c4:7c:29:43:b2:9a:b0:26:b1:f8:a7:40:b3:
         00:6c:af:7a:be:aa:46:8d:0a:82:d0:e6:3a:ac:31:70:fd:c7:
         15:c0:8b:94:76:c5:e9:e5:3d:c4:f8:7c:a1:61:e9:2e:e3:5e:
         be:28:24:56:61:50:e0:20:b3:f0:98:31:27:0d:9e:ac:a3:7d:
         28:9c:6b:25
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUU+HNE78kd4/iGwY4H29Qen1EsxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjIxMzAyNDdaFw0yNzA0MjExMzA3NDdaMDMxMTAvBgNV
BAMTKDNDREM3MDdBMjFEOTRDMzI5QzA3MzZFNTJCQjIxNkU4NzRDMTcyOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcg67YIkZKz8mafB1bEd0IcpQp
/rQaNfeL5kIL9P74j6BXSGjYCa8oShUAn3jtlycL7hRSFk1NRi1Y4/vm7NA0eFmM
lJL4IZremCbv2vVEPbZhfR8vYYms7L+ZwozH8uQC4PTf5SNDiy+kSKWQnA/CG3PA
FLnCOknaHyBhUQVsxM2UPTigQLJhkzaHa7WN4pEFlHNrjI5MAL7oMZKjTpm3KasF
LzIsl8rKz/UCHvJTGTFSRYU/ub2Xu5h9LySDPJOMQFGBcNqEFLszNqX5kM7vcSGR
Jexnekme6DHL/WvXVlXlzaM1TVoW7OQJGaH5GNprpsm28Lfy4j00CXOdlXtrAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUPNxweiHZTDKcBzblK7IW6HTBcp8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMw
MmUzMDJmMzIzMDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2dkAMA0G
CSqGSIb3DQEBCwUAA4IBAQBrR9HpMBh+kYIdU3dhQRvX+vYsB+9yhLJdbXNtn8Su
QlS5iOcvuWrJGQDXRa9JM8naJhFw305FOd9TTzVyR979+dia69wgqB+5rLAKCxas
TFbEtdt6RLTy4uzcA7LBcUgGZ8fVWuqVKNhzj6xKqrXmKXu9myLrXp0QqckAj0uj
Bk76HbNYccvxRKjQKBF4PCxmBl+RdbJzFBPWMBIJDlN0s3fLCSlpI+3IQCW4N1Jz
zMQJWh7VjCgkAMR8KUOymrAmsfinQLMAbK96vqpGjQqC0OY6rDFw/ccVwIuUdsXp
5T3E+HyhYeku416+KCRWYVDgILPwmDEnDZ6so30onGsl
-----END CERTIFICATE-----