Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36342e302f32322d3234203d3e2036303739.roa
File:                     3231372e3231372e36342e302f32322d3234203d3e2036303739.roa (raw, json)
Hash identifier:          yCYEE7bkCCTRESLPcePlHa17yG6vSiATsL7rHT1Lk8I=
Subject key identifier:   4E:08:4A:52:91:E3:D3:EC:A7:23:F0:67:DD:4D:98:68:57:B6:64:C1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       222617E3DCFFF13707BF93A0A84E77DB67022E9B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36342e302f32322d3234203d3e2036303739.roa
Signing time:             Mon 27 Apr 2026 08:19:29 +0000
ROA not before:           Mon 27 Apr 2026 08:14:29 +0000
ROA not after:            Mon 26 Apr 2027 08:19:29 +0000
asID:                     6079
IP address blocks:        217.217.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:26:17:e3:dc:ff:f1:37:07:bf:93:a0:a8:4e:77:db:67:02:2e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 27 08:14:29 2026 GMT
            Not After : Apr 26 08:19:29 2027 GMT
        Subject: CN=4E084A5291E3D3ECA723F067DD4D986857B664C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:41:d1:0f:3e:fe:0a:38:9d:80:01:b2:05:5f:
                    93:10:bf:cd:32:09:db:33:7a:15:87:b1:b3:b1:cc:
                    31:61:6e:09:d4:2a:d5:ab:6d:4f:e5:6d:5c:bf:91:
                    a2:ab:b6:46:6f:28:bf:a3:75:9a:87:79:aa:d2:8e:
                    95:d0:67:50:6e:87:32:53:63:bd:90:13:30:1a:ef:
                    1a:cb:72:2c:f9:b1:42:25:cb:b2:96:89:8a:d2:d5:
                    db:a7:9f:57:e5:5d:63:de:a3:ad:64:59:65:6d:ad:
                    00:d6:c4:70:75:97:f4:a7:35:e0:50:1e:3e:13:30:
                    74:8c:91:6f:3f:8d:49:39:d7:fc:e9:c5:9f:17:18:
                    a3:1a:16:c7:e8:4e:36:ad:cb:d8:85:71:d5:55:3c:
                    80:26:d6:65:16:07:7e:19:af:d9:a4:1a:8f:61:ef:
                    19:b5:20:d6:f4:eb:81:f5:a1:4f:71:0b:9a:83:c4:
                    d0:cb:b2:e7:d1:68:5f:a0:76:62:df:bf:a5:a1:8b:
                    67:51:a3:e4:a9:c1:96:f9:2d:58:c5:2f:a2:dc:0a:
                    27:c9:bf:cd:14:2d:fc:8e:c5:53:a7:a9:27:2e:cd:
                    37:b4:50:b5:cf:00:b7:d2:18:66:e4:5e:78:89:8d:
                    0a:2b:1b:e2:e1:c5:cf:46:2c:37:02:ca:49:e5:75:
                    eb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:08:4A:52:91:E3:D3:EC:A7:23:F0:67:DD:4D:98:68:57:B6:64:C1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36342e302f32322d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:ec:99:c6:d5:d0:f3:ef:e2:f2:bb:39:e7:64:54:86:90:32:
         e1:75:9b:36:3c:1f:48:bc:f7:04:92:b0:01:01:19:e6:00:bf:
         97:a8:0c:93:b2:07:cc:c3:c1:0c:f5:ca:c0:18:71:34:22:ed:
         b1:9e:05:ca:a4:9a:28:dc:9f:0c:a1:2a:a8:eb:cb:7f:51:94:
         dc:58:35:92:8f:da:19:f9:62:c3:3b:c6:fb:59:77:68:e7:24:
         aa:0c:ed:a2:c2:8f:1a:a4:40:e6:1e:a9:8c:38:1c:80:e3:18:
         22:ca:fe:3d:93:5b:5c:a1:c9:4b:67:28:4f:50:bd:5f:20:c4:
         0b:d3:74:32:0f:1b:b1:62:01:00:9b:5a:f4:48:aa:c5:61:91:
         6e:09:de:4d:f7:21:ce:f1:f1:f6:b1:5b:24:c2:b5:67:a6:33:
         1f:6a:95:cd:10:ca:f1:a6:6f:f1:f4:fd:48:00:a0:04:36:f9:
         64:20:02:bd:08:46:66:48:46:9f:1f:f0:f1:92:69:c3:b8:88:
         5b:ff:54:e7:a8:74:d0:31:01:f3:84:0b:3b:08:fb:ba:7f:8a:
         a8:9b:3d:69:a5:57:c4:50:b7:1e:eb:92:9c:88:b2:48:44:b1:
         6d:3c:e7:ba:68:0a:6c:09:3a:c3:51:0c:93:7c:3f:67:ac:4d:
         ff:af:ca:c1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIiYX49z/8TcHv5OgqE5322cCLpswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjcwODE0MjlaFw0yNzA0MjYwODE5MjlaMDMxMTAvBgNV
BAMTKDRFMDg0QTUyOTFFM0QzRUNBNzIzRjA2N0RENEQ5ODY4NTdCNjY0QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5QdEPPv4KOJ2AAbIFX5MQv80y
CdszehWHsbOxzDFhbgnUKtWrbU/lbVy/kaKrtkZvKL+jdZqHearSjpXQZ1BuhzJT
Y72QEzAa7xrLciz5sUIly7KWiYrS1dunn1flXWPeo61kWWVtrQDWxHB1l/SnNeBQ
Hj4TMHSMkW8/jUk51/zpxZ8XGKMaFsfoTjaty9iFcdVVPIAm1mUWB34Zr9mkGo9h
7xm1INb064H1oU9xC5qDxNDLsufRaF+gdmLfv6Whi2dRo+SpwZb5LVjFL6LcCifJ
v80ULfyOxVOnqScuzTe0ULXPALfSGGbkXniJjQorG+Lhxc9GLDcCyknldesLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUTghKUpHj0+ynI/Bn3U2YaFe2ZMEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM2
MzQyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
QDANBgkqhkiG9w0BAQsFAAOCAQEAGuyZxtXQ8+/i8rs552RUhpAy4XWbNjwfSLz3
BJKwAQEZ5gC/l6gMk7IHzMPBDPXKwBhxNCLtsZ4FyqSaKNyfDKEqqOvLf1GU3Fg1
ko/aGfliwzvG+1l3aOckqgztosKPGqRA5h6pjDgcgOMYIsr+PZNbXKHJS2coT1C9
XyDEC9N0Mg8bsWIBAJta9EiqxWGRbgneTfchzvHx9rFbJMK1Z6YzH2qVzRDK8aZv
8fT9SACgBDb5ZCACvQhGZkhGnx/w8ZJpw7iIW/9U56h00DEB84QLOwj7un+KqJs9
aaVXxFC3HuuSnIiySESxbTznumgKbAk6w1EMk3w/Z6xN/6/KwQ==
-----END CERTIFICATE-----