Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3232342e302f32312d3234203d3e20383334.roa
File:                     3231372e3231372e3232342e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          y2TJSXI01wRG65jHUQVrNgww6XppPmPK/TXXbhNtxoI=
Subject key identifier:   48:C9:60:86:32:3F:76:AC:AC:20:23:44:30:63:F9:EC:38:A2:08:46
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1A878B10422B2F9361EC0243FF8E465082CCBDC7
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3232342e302f32312d3234203d3e20383334.roa
Signing time:             Tue 10 Mar 2026 07:14:31 +0000
ROA not before:           Tue 10 Mar 2026 07:09:31 +0000
ROA not after:            Tue 09 Mar 2027 07:14:31 +0000
asID:                     834
IP address blocks:        217.217.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:21:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:87:8b:10:42:2b:2f:93:61:ec:02:43:ff:8e:46:50:82:cc:bd:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 10 07:09:31 2026 GMT
            Not After : Mar  9 07:14:31 2027 GMT
        Subject: CN=48C96086323F76ACAC2023443063F9EC38A20846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:36:a0:00:7b:65:8d:c2:9a:f7:f7:1a:4f:cc:
                    45:c6:bf:fa:45:c9:68:62:fd:74:85:af:87:3e:64:
                    0c:62:a2:77:c0:61:da:e8:75:f3:21:ad:6b:02:96:
                    92:58:84:fb:70:ad:42:b7:6b:a8:99:0c:64:88:27:
                    f0:e2:a7:b8:63:37:0d:7e:dd:d7:d9:02:2a:94:43:
                    cb:da:37:0b:49:ff:36:66:0e:d8:ae:e1:e7:54:6c:
                    6a:cd:3c:6c:80:60:8c:cd:11:6f:cc:c2:83:41:52:
                    52:58:c6:2a:ad:67:37:2f:28:e5:de:6b:34:3f:cb:
                    c2:ee:90:65:5e:31:14:be:0a:d1:4b:16:5a:e9:04:
                    bb:a3:06:bd:83:1c:9d:9d:76:c4:07:71:1c:82:f6:
                    1b:4b:e6:3d:d5:19:aa:30:b4:57:f6:04:4c:0a:1b:
                    ab:b2:71:eb:e8:d9:2a:d2:86:c8:f7:d8:5b:38:fe:
                    75:83:5a:89:25:9d:77:a1:82:56:76:e2:1f:26:3e:
                    07:ee:6e:67:f5:8e:da:df:e8:24:31:b3:20:55:4a:
                    b3:2f:25:30:82:a4:77:98:25:97:03:9f:88:6b:ad:
                    e0:30:29:a0:e9:f3:35:16:94:34:66:d6:e9:62:10:
                    df:6b:a8:66:ed:cd:73:9e:87:09:03:06:52:f2:b0:
                    f5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:C9:60:86:32:3F:76:AC:AC:20:23:44:30:63:F9:EC:38:A2:08:46
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3232342e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         11:c2:80:f5:52:b4:05:a8:36:b7:4a:c8:58:ac:0c:ce:e2:5c:
         59:75:27:65:3b:ea:fc:60:e7:59:6e:b5:a5:71:30:f7:71:aa:
         f9:07:25:5b:11:e1:a0:79:b3:95:c6:63:15:ca:db:e8:ec:4f:
         58:10:ca:4f:08:3f:69:2b:25:91:01:a9:70:3e:28:e8:e9:d8:
         13:dc:45:88:40:ea:e3:42:58:13:3d:bf:c6:16:ec:67:bc:50:
         5a:6a:0a:bf:ef:69:40:80:1d:09:86:5a:7a:57:df:bf:6b:df:
         f0:97:52:b9:24:bb:99:c2:be:d6:f9:2a:17:e1:83:80:36:94:
         07:58:a4:60:e0:d1:80:74:a4:2a:27:56:1e:b9:98:0b:3b:31:
         70:d6:86:ea:0c:73:04:fc:b6:f3:b5:b4:39:18:d4:f3:ac:2c:
         ab:92:ab:4d:93:32:ed:dc:fb:08:a8:35:99:82:b4:8b:5e:06:
         53:7d:7e:9c:09:78:55:a7:46:44:19:e5:ae:d6:ae:8a:ee:c3:
         db:97:03:d4:c5:a8:90:28:b6:ba:cd:e5:ab:5d:f6:e2:14:34:
         9c:20:78:4d:4c:bd:f8:74:a8:41:83:3e:b3:db:e9:86:9c:4e:
         55:1e:71:2d:9b:7f:b9:c1:85:66:e3:cd:cc:66:cf:43:41:a0:
         ca:bc:61:d4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGoeLEEIrL5Nh7AJD/45GUILMvccwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMTAwNzA5MzFaFw0yNzAzMDkwNzE0MzFaMDMxMTAvBgNV
BAMTKDQ4Qzk2MDg2MzIzRjc2QUNBQzIwMjM0NDMwNjNGOUVDMzhBMjA4NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnNqAAe2WNwpr39xpPzEXGv/pF
yWhi/XSFr4c+ZAxionfAYdrodfMhrWsClpJYhPtwrUK3a6iZDGSIJ/Dip7hjNw1+
3dfZAiqUQ8vaNwtJ/zZmDtiu4edUbGrNPGyAYIzNEW/MwoNBUlJYxiqtZzcvKOXe
azQ/y8LukGVeMRS+CtFLFlrpBLujBr2DHJ2ddsQHcRyC9htL5j3VGaowtFf2BEwK
G6uycevo2SrShsj32Fs4/nWDWoklnXehglZ24h8mPgfubmf1jtrf6CQxsyBVSrMv
JTCCpHeYJZcDn4hrreAwKaDp8zUWlDRm1uliEN9rqGbtzXOehwkDBlLysPVNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSMlghjI/dqysICNEMGP57DiiCEYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzIzNDJlMzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA9nZ
4DANBgkqhkiG9w0BAQsFAAOCAQEAEcKA9VK0Bag2t0rIWKwMzuJcWXUnZTvq/GDn
WW61pXEw93Gq+QclWxHhoHmzlcZjFcrb6OxPWBDKTwg/aSslkQGpcD4o6OnYE9xF
iEDq40JYEz2/xhbsZ7xQWmoKv+9pQIAdCYZaelffv2vf8JdSuSS7mcK+1vkqF+GD
gDaUB1ikYODRgHSkKidWHrmYCzsxcNaG6gxzBPy287W0ORjU86wsq5KrTZMy7dz7
CKg1mYK0i14GU31+nAl4VadGRBnlrtauiu7D25cD1MWokCi2us3lq1324hQ0nCB4
TUy9+HSoQYM+s9vphpxOVR5xLZt/ucGFZuPNzGbPQ0Ggyrxh1A==
-----END CERTIFICATE-----