Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e37322e302f32312d3234203d3e20383334.roa
File:                     3231372e3231372e37322e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          dHnkfUK0LhvCJV+f1lknUwCC9nGAf1qRgHJ+NhahMac=
Subject key identifier:   E0:FD:F8:82:A2:E5:B3:F4:12:6C:89:F2:D5:F2:C4:7F:FF:58:05:E6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       53F89F8D031767999EA422817E0F8AFF5F7B1712
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e37322e302f32312d3234203d3e20383334.roa
Signing time:             Sat 21 Mar 2026 12:51:52 +0000
ROA not before:           Sat 21 Mar 2026 12:46:52 +0000
ROA not after:            Sat 20 Mar 2027 12:51:52 +0000
asID:                     834
IP address blocks:        217.217.72.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:21:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:f8:9f:8d:03:17:67:99:9e:a4:22:81:7e:0f:8a:ff:5f:7b:17:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 21 12:46:52 2026 GMT
            Not After : Mar 20 12:51:52 2027 GMT
        Subject: CN=E0FDF882A2E5B3F4126C89F2D5F2C47FFF5805E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4b:07:af:a6:19:b5:3d:75:72:1d:21:ee:8f:
                    7d:b2:fd:21:ab:36:fb:b1:0a:c1:02:f4:29:c4:c2:
                    71:0a:ba:6a:be:b8:8d:67:ca:6c:da:c4:82:b2:6c:
                    90:b1:1f:2d:c6:92:a7:ff:75:d7:08:b4:92:dd:d9:
                    e0:df:d1:4d:c6:65:a2:25:f9:78:b5:33:64:6c:32:
                    d1:36:54:b8:9c:1f:32:c8:5f:f4:fd:91:ba:c3:96:
                    23:ae:e4:27:00:d1:72:29:fe:b8:09:92:7a:bb:1b:
                    77:ee:74:7e:ed:9f:b7:f2:23:8e:fa:53:d4:2e:a4:
                    27:f5:f6:3c:4d:03:7c:0f:53:18:9d:83:59:aa:be:
                    10:67:c5:a0:b5:5f:48:3e:9d:25:b0:99:d1:8c:de:
                    54:ec:82:ef:36:44:a2:2b:7d:22:8d:39:56:70:eb:
                    4c:d2:d7:f0:95:4e:a6:02:6b:55:cc:01:4f:92:c7:
                    d8:46:50:b0:61:7a:aa:4b:97:30:1d:5a:b8:c6:b5:
                    76:15:04:c3:8c:35:29:17:1e:7d:1b:65:98:1c:08:
                    d0:0b:ef:58:9e:c5:c7:f1:db:80:97:8c:19:9b:cb:
                    3c:3b:96:b2:67:94:8b:c7:6e:6f:2b:84:b9:ae:25:
                    b0:de:0e:37:48:b5:a8:e1:1c:5e:d7:20:82:ad:5b:
                    29:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:FD:F8:82:A2:E5:B3:F4:12:6C:89:F2:D5:F2:C4:7F:FF:58:05:E6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e37322e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:23:a9:db:9a:78:90:2d:de:a0:9a:bb:75:6c:41:19:e8:a3:
         77:b6:71:d8:76:d3:7b:a1:f6:7f:d1:a5:bf:df:f3:be:9f:b8:
         55:03:b2:78:12:10:05:08:fc:ed:f1:fd:31:00:9b:c0:77:74:
         fb:d8:dd:56:25:09:ae:14:d9:2d:52:cc:66:a0:4f:1b:fc:20:
         b0:b1:1b:c5:b6:9a:b3:c6:7a:c8:46:72:c3:45:22:71:2f:1e:
         f4:00:e7:16:a5:c3:43:74:94:bc:d6:1e:3f:af:d8:eb:cd:72:
         2a:f0:a3:90:61:9c:5b:ee:3c:bc:78:91:57:07:2b:bb:04:ba:
         ff:a9:86:2e:f6:1a:3e:80:07:8c:6d:87:11:fd:c8:73:a9:d2:
         ea:d7:5a:9a:e5:a9:da:cf:91:8e:b0:6e:a8:e6:f7:1c:d1:23:
         a4:bf:84:a9:a5:92:32:c5:c8:1e:b1:42:61:32:6b:78:d1:28:
         6a:e3:1e:f0:45:7b:1a:e6:c8:a4:60:63:bf:c7:ff:f4:8a:22:
         03:80:0d:dc:5a:e6:93:29:b2:2c:9a:35:f0:c6:c4:fd:9c:f6:
         a2:d4:08:1a:57:ec:17:44:4d:00:8f:c7:72:ff:5f:a3:2a:54:
         b7:4c:4e:13:30:20:9f:ac:bb:b6:a4:4b:d7:c5:40:73:0c:46:
         eb:13:62:e2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUU/ifjQMXZ5mepCKBfg+K/197FxIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMjExMjQ2NTJaFw0yNzAzMjAxMjUxNTJaMDMxMTAvBgNV
BAMTKEUwRkRGODgyQTJFNUIzRjQxMjZDODlGMkQ1RjJDNDdGRkY1ODA1RTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiSwevphm1PXVyHSHuj32y/SGr
NvuxCsEC9CnEwnEKumq+uI1nymzaxIKybJCxHy3Gkqf/ddcItJLd2eDf0U3GZaIl
+Xi1M2RsMtE2VLicHzLIX/T9kbrDliOu5CcA0XIp/rgJknq7G3fudH7tn7fyI476
U9QupCf19jxNA3wPUxidg1mqvhBnxaC1X0g+nSWwmdGM3lTsgu82RKIrfSKNOVZw
60zS1/CVTqYCa1XMAU+Sx9hGULBheqpLlzAdWrjGtXYVBMOMNSkXHn0bZZgcCNAL
71iexcfx24CXjBmbyzw7lrJnlIvHbm8rhLmuJbDeDjdItajhHF7XIIKtWykDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU4P34gqLls/QSbIny1fLEf/9YBeYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM3
MzIyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPZ2Ugw
DQYJKoZIhvcNAQELBQADggEBADUjqduaeJAt3qCau3VsQRnoo3e2cdh203uh9n/R
pb/f876fuFUDsngSEAUI/O3x/TEAm8B3dPvY3VYlCa4U2S1SzGagTxv8ILCxG8W2
mrPGeshGcsNFInEvHvQA5xalw0N0lLzWHj+v2OvNcirwo5BhnFvuPLx4kVcHK7sE
uv+phi72Gj6AB4xthxH9yHOp0urXWprlqdrPkY6wbqjm9xzRI6S/hKmlkjLFyB6x
QmEya3jRKGrjHvBFexrmyKRgY7/H//SKIgOADdxa5pMpsiyaNfDGxP2c9qLUCBpX
7BdETQCPx3L/X6MqVLdMThMwIJ+su7akS9fFQHMMRusTYuI=
-----END CERTIFICATE-----