Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3233322e302f32312d3234203d3e20383334.roa
File:                     3231372e3231372e3233322e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          FG/yOU5SR8zxShlusn6cE3rO+L4jJrOkVIQYCaC43Nk=
Subject key identifier:   74:C3:89:8D:60:2F:12:C2:54:69:E3:02:A3:B3:42:AA:F3:C7:D4:81
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5CC4EEB423F6C693E5B5609C459BB8FA7A52A7C5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3233322e302f32312d3234203d3e20383334.roa
Signing time:             Tue 10 Mar 2026 07:13:00 +0000
ROA not before:           Tue 10 Mar 2026 07:08:00 +0000
ROA not after:            Tue 09 Mar 2027 07:13:00 +0000
asID:                     834
IP address blocks:        217.217.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:21:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:c4:ee:b4:23:f6:c6:93:e5:b5:60:9c:45:9b:b8:fa:7a:52:a7:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 10 07:08:00 2026 GMT
            Not After : Mar  9 07:13:00 2027 GMT
        Subject: CN=74C3898D602F12C25469E302A3B342AAF3C7D481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:94:71:4c:77:3a:42:4d:68:d9:31:6b:e3:7d:
                    d8:f2:6d:70:17:3a:4f:20:2e:21:ce:a8:56:db:f1:
                    9f:27:ce:34:14:ae:24:86:db:a9:2e:50:90:11:31:
                    0e:17:0f:ac:53:4e:eb:7a:a9:1e:67:71:d2:33:4a:
                    13:2b:04:13:64:7b:4b:5e:cd:4b:26:ea:06:35:67:
                    09:3a:b5:ac:bf:49:c4:fd:09:a8:6c:0e:59:f4:64:
                    79:7e:7f:19:34:5b:8e:d4:40:d6:e5:af:7e:b0:29:
                    21:7c:ba:2f:f4:25:7a:98:34:0f:4b:d2:da:a0:bf:
                    d6:59:15:d6:51:e9:1b:84:5f:fc:ef:74:f7:4f:cd:
                    42:81:0a:c7:94:ba:18:6f:12:5f:7d:bd:03:b0:8b:
                    4a:c3:ff:d5:0c:46:1a:d7:5f:ba:04:6e:a2:d2:78:
                    5c:32:61:f8:32:76:49:1c:05:b6:11:36:30:43:29:
                    8a:2f:62:65:5c:c2:bf:b5:af:52:eb:7e:5f:44:73:
                    b0:a8:23:d1:9b:a2:eb:27:49:7b:52:8e:3a:2e:f7:
                    e9:c9:44:62:89:64:4b:d3:10:df:cc:f7:46:fa:49:
                    d0:70:34:10:7a:25:2a:82:c6:97:04:49:9b:8d:09:
                    63:60:09:7c:74:9c:1b:6e:27:73:9d:1b:22:ca:55:
                    2f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:C3:89:8D:60:2F:12:C2:54:69:E3:02:A3:B3:42:AA:F3:C7:D4:81
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3233322e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         24:a0:a2:fe:4f:36:c8:56:f4:ca:6a:f8:99:5b:05:0c:14:1f:
         dc:74:67:3e:ec:5a:9e:c9:d2:a2:86:40:8c:04:c7:10:72:6e:
         a4:f1:b8:de:3f:19:64:3e:3d:13:6d:65:e2:29:0a:19:9a:63:
         3b:08:ab:96:c3:8f:32:1b:ca:a3:0c:34:8f:6d:c9:74:4f:fb:
         b0:2a:89:a6:dc:76:30:61:0c:3d:01:c9:e0:fd:24:67:4c:c2:
         74:49:93:06:cd:c2:2c:15:3e:78:10:f2:14:6b:55:ae:86:b6:
         d2:f0:62:55:ac:f7:13:e2:f8:ca:f2:45:e6:ef:6e:d7:66:9d:
         9b:bb:ab:08:98:ae:bd:2d:b2:33:65:f1:c2:5a:63:2c:18:57:
         ab:2d:43:27:a8:d1:5c:49:78:2c:56:60:00:28:df:7a:35:5a:
         82:3d:5b:a7:60:33:91:93:db:a6:d7:62:67:23:7c:c3:75:46:
         bd:93:c3:dc:2f:aa:4a:ff:a3:68:32:d0:be:48:1d:73:6d:03:
         a3:83:5e:71:60:57:bb:76:f7:cb:ae:4c:04:5e:79:ae:e3:50:
         51:24:a3:3d:f5:8a:58:62:9b:f0:dd:ef:3d:66:95:56:15:07:
         35:92:7d:2d:34:ee:0a:bd:a3:f8:e2:99:7d:a5:75:17:05:2a:
         70:25:79:9e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXMTutCP2xpPltWCcRZu4+npSp8UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMTAwNzA4MDBaFw0yNzAzMDkwNzEzMDBaMDMxMTAvBgNV
BAMTKDc0QzM4OThENjAyRjEyQzI1NDY5RTMwMkEzQjM0MkFBRjNDN0Q0ODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdlHFMdzpCTWjZMWvjfdjybXAX
Ok8gLiHOqFbb8Z8nzjQUriSG26kuUJARMQ4XD6xTTut6qR5ncdIzShMrBBNke0te
zUsm6gY1Zwk6tay/ScT9CahsDln0ZHl+fxk0W47UQNblr36wKSF8ui/0JXqYNA9L
0tqgv9ZZFdZR6RuEX/zvdPdPzUKBCseUuhhvEl99vQOwi0rD/9UMRhrXX7oEbqLS
eFwyYfgydkkcBbYRNjBDKYovYmVcwr+1r1Lrfl9Ec7CoI9GbousnSXtSjjou9+nJ
RGKJZEvTEN/M90b6SdBwNBB6JSqCxpcESZuNCWNgCXx0nBtuJ3OdGyLKVS8fAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdMOJjWAvEsJUaeMCo7NCqvPH1IEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzMzMjJlMzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA9nZ
6DANBgkqhkiG9w0BAQsFAAOCAQEAJKCi/k82yFb0ymr4mVsFDBQf3HRnPuxansnS
ooZAjATHEHJupPG43j8ZZD49E21l4ikKGZpjOwirlsOPMhvKoww0j23JdE/7sCqJ
ptx2MGEMPQHJ4P0kZ0zCdEmTBs3CLBU+eBDyFGtVroa20vBiVaz3E+L4yvJF5u9u
12adm7urCJiuvS2yM2XxwlpjLBhXqy1DJ6jRXEl4LFZgACjfejVagj1bp2AzkZPb
ptdiZyN8w3VGvZPD3C+qSv+jaDLQvkgdc20Do4NecWBXu3b3y65MBF55ruNQUSSj
PfWKWGKb8N3vPWaVVhUHNZJ9LTTuCr2j+OKZfaV1FwUqcCV5ng==
-----END CERTIFICATE-----