Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36382e302f32322d3234203d3e2036303739.roa
File:                     3231372e3231372e36382e302f32322d3234203d3e2036303739.roa (raw, json)
Hash identifier:          S27vOu608AHc3eIv3cNVYBXEd7AF4aiwzfE5cgj75+g=
Subject key identifier:   1F:0E:A8:AE:28:BA:5F:B0:68:B6:A2:9F:B8:16:B4:74:BE:0F:5B:C2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7F0092D96B02F3310EBA7CBA4CE6AFEC8BA86211
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36382e302f32322d3234203d3e2036303739.roa
Signing time:             Mon 27 Apr 2026 08:19:16 +0000
ROA not before:           Mon 27 Apr 2026 08:14:16 +0000
ROA not after:            Mon 26 Apr 2027 08:19:16 +0000
asID:                     6079
IP address blocks:        217.217.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:00:92:d9:6b:02:f3:31:0e:ba:7c:ba:4c:e6:af:ec:8b:a8:62:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 27 08:14:16 2026 GMT
            Not After : Apr 26 08:19:16 2027 GMT
        Subject: CN=1F0EA8AE28BA5FB068B6A29FB816B474BE0F5BC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:44:65:3c:76:03:ab:04:a3:1c:6e:ef:cb:7d:
                    25:72:7f:f7:d3:2c:76:7d:94:17:37:a4:60:4b:14:
                    3e:2c:c8:ef:a2:be:4d:ab:d9:19:88:5e:2a:e6:4f:
                    b7:8e:77:6b:41:25:d1:4e:ab:1a:14:73:c8:36:68:
                    1f:ae:85:9c:39:29:f1:a2:e7:f0:c1:83:c8:c3:cf:
                    ff:41:45:87:97:eb:84:1e:41:7e:5f:22:2b:63:2b:
                    e2:c2:c2:9c:3b:23:87:31:97:cc:9a:d6:ff:c1:3e:
                    64:e3:53:01:6e:0d:dc:0c:24:b6:4d:5a:41:10:83:
                    49:f8:7d:b9:bf:68:95:aa:12:b0:f7:fe:c0:75:47:
                    e7:16:c5:c7:4b:97:13:5f:d1:46:f8:6a:f7:f2:47:
                    00:79:74:46:48:6b:ad:34:98:17:f9:52:86:8d:27:
                    df:fe:21:e0:b5:08:04:c2:48:45:a3:8e:d9:ea:d9:
                    59:3d:8a:63:d4:2f:23:b0:03:91:1a:8c:c8:e0:e8:
                    e8:a8:11:ba:84:87:93:73:99:f2:f9:99:59:1e:4f:
                    28:33:19:e6:37:95:ac:f2:62:5d:53:1b:5e:e6:d3:
                    17:39:4a:d7:9d:bd:13:d4:f6:6a:1b:a0:9a:19:87:
                    54:f5:a6:9d:80:d2:9e:4e:64:0f:7c:13:0c:ba:3d:
                    2d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:0E:A8:AE:28:BA:5F:B0:68:B6:A2:9F:B8:16:B4:74:BE:0F:5B:C2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36382e302f32322d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:af:03:f2:16:e6:27:ca:a9:0a:ca:a5:b3:7b:36:a7:fb:fd:
         ba:4a:69:c7:aa:93:30:bd:08:8e:57:54:f5:89:17:c6:7a:68:
         4d:08:77:d1:2d:f3:83:6a:f6:91:6d:f8:3d:74:d8:11:bb:e1:
         a7:87:a5:2d:7f:49:6c:34:54:59:9d:ef:82:91:9f:86:67:05:
         4a:a1:32:06:e6:48:d8:ce:05:63:3a:7f:15:a3:91:34:ac:59:
         b9:6d:8f:42:4d:22:a2:82:a3:39:1a:19:05:98:0c:fa:4c:6a:
         3c:50:d9:f9:dd:0c:f3:35:db:55:5f:a9:66:ff:05:0b:52:b7:
         25:51:5a:4b:6b:b8:db:46:9c:37:bd:a6:33:df:3b:8f:68:69:
         0c:03:07:7a:31:8d:84:eb:95:a4:7d:8c:e7:9f:bc:04:4d:23:
         92:04:68:a2:e2:4a:c1:9b:43:62:27:06:52:46:61:a6:e8:5c:
         31:d8:a3:e0:bc:6e:93:46:a6:80:d4:de:5e:79:a1:f6:04:ac:
         76:18:74:4f:73:1b:0f:dc:be:34:89:8f:6c:86:15:29:f3:de:
         20:f4:fa:49:84:7e:8f:f8:6a:c8:6d:2a:bb:b6:58:18:83:85:
         bf:e2:73:14:85:7c:21:b1:6e:50:85:0e:00:97:12:b3:4a:9c:
         cf:2a:77:5d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfwCS2WsC8zEOuny6TOav7IuoYhEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjcwODE0MTZaFw0yNzA0MjYwODE5MTZaMDMxMTAvBgNV
BAMTKDFGMEVBOEFFMjhCQTVGQjA2OEI2QTI5RkI4MTZCNDc0QkUwRjVCQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGRGU8dgOrBKMcbu/LfSVyf/fT
LHZ9lBc3pGBLFD4syO+ivk2r2RmIXirmT7eOd2tBJdFOqxoUc8g2aB+uhZw5KfGi
5/DBg8jDz/9BRYeX64QeQX5fIitjK+LCwpw7I4cxl8ya1v/BPmTjUwFuDdwMJLZN
WkEQg0n4fbm/aJWqErD3/sB1R+cWxcdLlxNf0Ub4avfyRwB5dEZIa600mBf5UoaN
J9/+IeC1CATCSEWjjtnq2Vk9imPULyOwA5EajMjg6OioEbqEh5NzmfL5mVkeTygz
GeY3lazyYl1TG17m0xc5StedvRPU9moboJoZh1T1pp2A0p5OZA98Ewy6PS3tAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHw6orii6X7BotqKfuBa0dL4PW8IwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM2
MzgyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
RDANBgkqhkiG9w0BAQsFAAOCAQEAjq8D8hbmJ8qpCsqls3s2p/v9ukppx6qTML0I
jldU9YkXxnpoTQh30S3zg2r2kW34PXTYEbvhp4elLX9JbDRUWZ3vgpGfhmcFSqEy
BuZI2M4FYzp/FaORNKxZuW2PQk0iooKjORoZBZgM+kxqPFDZ+d0M8zXbVV+pZv8F
C1K3JVFaS2u420acN72mM987j2hpDAMHejGNhOuVpH2M55+8BE0jkgRoouJKwZtD
YicGUkZhpuhcMdij4Lxuk0amgNTeXnmh9gSsdhh0T3MbD9y+NImPbIYVKfPeIPT6
SYR+j/hqyG0qu7ZYGIOFv+JzFIV8IbFuUIUOAJcSs0qczyp3XQ==
-----END CERTIFICATE-----