Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36302e302f32322d3234203d3e2036303739.roa
File:                     3231372e3231372e36302e302f32322d3234203d3e2036303739.roa (raw, json)
Hash identifier:          +r2LKEMUVOKA3L97KYUO3LUXVREC01dl+PDjpWz4uAw=
Subject key identifier:   30:C9:30:F6:72:F8:DA:63:06:12:35:DA:C6:4E:28:48:18:4A:02:27
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6C872E8A7CBFFFC8FBE141B3A46165A57F6D1ECF
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36302e302f32322d3234203d3e2036303739.roa
Signing time:             Mon 27 Apr 2026 08:18:33 +0000
ROA not before:           Mon 27 Apr 2026 08:13:33 +0000
ROA not after:            Mon 26 Apr 2027 08:18:33 +0000
asID:                     6079
IP address blocks:        217.217.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:87:2e:8a:7c:bf:ff:c8:fb:e1:41:b3:a4:61:65:a5:7f:6d:1e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 27 08:13:33 2026 GMT
            Not After : Apr 26 08:18:33 2027 GMT
        Subject: CN=30C930F672F8DA63061235DAC64E2848184A0227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:72:f8:83:75:56:84:d3:67:1f:3a:30:3e:d0:
                    49:ec:e0:d8:ac:fb:8a:09:83:22:2b:99:58:fb:61:
                    a5:8a:e0:4a:af:33:de:ae:84:a9:43:ba:dd:fd:89:
                    e7:6d:3c:19:17:5c:bc:08:3b:2d:2f:40:62:d9:10:
                    6e:63:25:d7:c0:b7:a9:ab:01:d4:15:4b:20:00:1b:
                    a2:ef:69:04:71:74:35:25:ac:39:65:1a:87:27:99:
                    6e:08:38:d8:24:bd:0b:9d:eb:62:61:8b:f4:5c:3b:
                    e2:6c:e8:07:c4:1f:9d:f2:2d:92:2b:1f:d7:e3:09:
                    98:3a:b4:7b:4f:d3:b8:15:88:6f:3e:e4:c9:d1:ac:
                    7b:09:97:27:45:64:5d:2b:b6:a9:03:93:31:22:aa:
                    2a:17:03:99:a2:f0:04:f2:b6:40:3d:da:03:5f:83:
                    f7:18:d8:94:30:86:db:6b:a5:95:17:51:7b:50:37:
                    20:95:0e:90:49:4d:80:df:da:7b:27:da:6a:71:db:
                    8d:d1:c0:26:3e:34:33:66:b8:3b:3c:70:f2:43:a4:
                    d3:c0:4d:a6:94:eb:5f:5e:7c:64:36:da:9e:6f:fb:
                    f0:a7:32:11:67:14:dd:52:67:25:5b:09:42:e4:3e:
                    de:75:e1:61:cf:c3:a7:11:45:90:5c:2f:9b:d4:61:
                    2f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:C9:30:F6:72:F8:DA:63:06:12:35:DA:C6:4E:28:48:18:4A:02:27
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36302e302f32322d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:77:39:9a:8e:3a:ae:db:f2:72:4b:ce:fa:fb:49:0f:ed:06:
         81:e6:5e:d9:84:99:fb:d6:37:cc:ec:4f:ba:c1:ed:54:59:be:
         03:74:a2:13:0a:14:93:ca:b0:57:4c:68:00:00:62:92:f0:dd:
         bf:ea:93:8c:20:2e:67:be:c4:67:81:a8:d4:66:6f:fe:40:b3:
         4e:b7:6c:4f:35:b7:46:04:bc:48:4b:a5:16:5d:6b:b6:71:4d:
         cb:e3:a8:f0:ad:50:3e:9c:23:be:c0:e4:e7:f0:c6:1b:a7:91:
         29:b5:18:1e:26:c4:be:61:7f:cf:f7:b1:92:80:aa:cf:3a:a8:
         fb:59:84:62:6f:18:88:2b:27:92:07:22:26:96:27:f8:b3:84:
         c9:91:21:8c:52:2f:73:5a:51:cb:2b:c7:87:eb:c0:91:8f:70:
         83:28:1c:46:87:45:d7:12:f4:3e:e1:3b:c3:65:9d:8e:b7:30:
         0c:43:0f:a9:09:7c:64:81:8b:9f:df:af:ac:1a:0c:a5:cb:c3:
         77:05:74:2d:bb:cf:23:aa:e0:7d:cb:f2:ca:ea:f4:15:59:b9:
         c4:93:69:a4:6d:d5:f8:83:6c:57:f0:67:ad:98:6e:3f:b9:25:
         b2:95:5b:cf:cb:36:20:e4:0c:65:22:0b:46:a5:88:84:c1:d7:
         58:df:7e:4d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbIcuiny//8j74UGzpGFlpX9tHs8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjcwODEzMzNaFw0yNzA0MjYwODE4MzNaMDMxMTAvBgNV
BAMTKDMwQzkzMEY2NzJGOERBNjMwNjEyMzVEQUM2NEUyODQ4MTg0QTAyMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDcviDdVaE02cfOjA+0Ens4Nis
+4oJgyIrmVj7YaWK4EqvM96uhKlDut39iedtPBkXXLwIOy0vQGLZEG5jJdfAt6mr
AdQVSyAAG6LvaQRxdDUlrDllGocnmW4IONgkvQud62Jhi/RcO+Js6AfEH53yLZIr
H9fjCZg6tHtP07gViG8+5MnRrHsJlydFZF0rtqkDkzEiqioXA5mi8ATytkA92gNf
g/cY2JQwhttrpZUXUXtQNyCVDpBJTYDf2nsn2mpx243RwCY+NDNmuDs8cPJDpNPA
TaaU619efGQ22p5v+/CnMhFnFN1SZyVbCULkPt514WHPw6cRRZBcL5vUYS/bAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMMkw9nL42mMGEjXaxk4oSBhKAicwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM2
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
PDANBgkqhkiG9w0BAQsFAAOCAQEAgnc5mo46rtvyckvO+vtJD+0GgeZe2YSZ+9Y3
zOxPusHtVFm+A3SiEwoUk8qwV0xoAABikvDdv+qTjCAuZ77EZ4Go1GZv/kCzTrds
TzW3RgS8SEulFl1rtnFNy+Oo8K1QPpwjvsDk5/DGG6eRKbUYHibEvmF/z/exkoCq
zzqo+1mEYm8YiCsnkgciJpYn+LOEyZEhjFIvc1pRyyvHh+vAkY9wgygcRodF1xL0
PuE7w2WdjrcwDEMPqQl8ZIGLn9+vrBoMpcvDdwV0LbvPI6rgfcvyyur0FVm5xJNp
pG3V+INsV/BnrZhuP7klspVbz8s2IOQMZSILRqWIhMHXWN9+TQ==
-----END CERTIFICATE-----