Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e38302e302f32302d3234203d3e20383334.roa
File:                     3231372e3231372e38302e302f32302d3234203d3e20383334.roa (raw, json)
Hash identifier:          AiW73oePAgzyiMJ1szaCCMGGEagcq4Mhh9fikvi9KTc=
Subject key identifier:   B6:5D:98:B8:E5:8B:C6:BE:0B:47:68:B2:28:0C:3F:A8:9E:DE:F9:AC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1DD574F18216B243CF68CD66B5192F8349654DEE
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e38302e302f32302d3234203d3e20383334.roa
Signing time:             Sat 21 Mar 2026 12:51:29 +0000
ROA not before:           Sat 21 Mar 2026 12:46:29 +0000
ROA not after:            Sat 20 Mar 2027 12:51:29 +0000
asID:                     834
IP address blocks:        217.217.80.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:d5:74:f1:82:16:b2:43:cf:68:cd:66:b5:19:2f:83:49:65:4d:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 21 12:46:29 2026 GMT
            Not After : Mar 20 12:51:29 2027 GMT
        Subject: CN=B65D98B8E58BC6BE0B4768B2280C3FA89EDEF9AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a4:67:fe:8d:60:49:74:1f:a2:fd:2d:cd:52:
                    12:60:14:3d:ad:a1:06:2c:c0:64:3d:cd:39:16:a4:
                    ca:8f:a2:03:8d:f4:8f:0a:01:64:0f:92:fc:1d:fc:
                    6a:de:dc:80:6a:db:28:5c:0a:c4:10:5d:ea:71:d6:
                    e3:8f:ca:35:d7:c6:9e:12:1f:15:f8:31:df:25:59:
                    87:8e:b3:a9:cf:e9:49:d5:37:ff:53:45:51:8e:71:
                    ae:c7:b9:7b:8f:dd:76:2d:fe:1d:b2:51:84:32:12:
                    61:8b:33:5c:80:64:03:be:4d:c4:31:ed:f7:c7:8c:
                    d0:0f:5c:ca:2f:74:f2:e6:b5:13:7d:18:28:8f:e6:
                    17:2b:ef:6c:e3:9a:7a:72:b9:7a:14:2b:d3:79:a3:
                    ba:43:f9:4e:3f:69:e0:f8:b8:d4:3b:28:4d:8d:ad:
                    74:e8:b4:7d:d4:f8:f9:8d:fc:ab:dc:d6:f7:68:e4:
                    c1:55:b2:88:5c:a9:7c:fb:39:f9:d1:46:44:4c:d8:
                    db:ce:72:08:2a:11:d9:c9:b9:b9:4a:94:51:cc:b6:
                    66:27:29:3f:8b:23:39:fe:96:53:02:b3:5f:c9:07:
                    6b:21:24:69:10:54:b8:99:07:59:f0:e6:90:78:12:
                    92:fc:ea:b7:5c:29:c2:81:bc:68:6c:eb:d4:03:0b:
                    c4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:5D:98:B8:E5:8B:C6:BE:0B:47:68:B2:28:0C:3F:A8:9E:DE:F9:AC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e38302e302f32302d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9e:91:7b:b4:22:03:e1:44:1d:25:43:d8:af:22:f2:aa:79:35:
         0d:8e:1d:cf:9a:8c:8b:b2:96:9e:07:bf:26:39:78:ce:b7:ea:
         f5:f7:6e:d3:37:4c:06:41:f9:33:7c:df:98:1f:5d:52:c4:5d:
         ad:aa:6f:80:ad:48:df:36:69:ba:35:b1:20:b4:6d:8f:df:58:
         22:1e:70:6f:b8:8f:5b:13:c5:08:e0:70:de:45:2a:11:84:e5:
         7e:7e:36:7d:dc:d7:04:ad:88:7f:33:57:4b:01:bd:99:cb:a4:
         ec:1e:88:bd:1b:ec:5c:71:ce:41:d1:e6:2c:66:13:32:75:e5:
         bd:63:c9:f3:73:b6:50:2e:83:c5:09:f5:13:83:ff:8c:80:0d:
         ac:a1:47:01:56:6b:4e:c9:c1:a2:6a:3e:1c:1a:13:9a:99:c8:
         9b:60:e0:b9:55:fd:f1:82:7b:ce:86:49:0b:12:4c:df:82:ef:
         94:cd:33:b5:e3:5d:6e:d7:eb:f6:58:c6:29:e4:2c:3f:ac:a5:
         74:82:15:c7:09:c9:9f:99:e4:de:6d:03:7c:b8:eb:4d:6b:37:
         8d:f6:b7:59:ae:89:d0:4b:96:13:0c:bc:fe:8c:e6:33:a7:8f:
         40:30:16:dc:91:07:d1:40:a8:81:25:22:66:34:49:e2:ee:6d:
         ae:12:23:06
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHdV08YIWskPPaM1mtRkvg0llTe4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMjExMjQ2MjlaFw0yNzAzMjAxMjUxMjlaMDMxMTAvBgNV
BAMTKEI2NUQ5OEI4RTU4QkM2QkUwQjQ3NjhCMjI4MEMzRkE4OUVERUY5QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIpGf+jWBJdB+i/S3NUhJgFD2t
oQYswGQ9zTkWpMqPogON9I8KAWQPkvwd/Gre3IBq2yhcCsQQXepx1uOPyjXXxp4S
HxX4Md8lWYeOs6nP6UnVN/9TRVGOca7HuXuP3XYt/h2yUYQyEmGLM1yAZAO+TcQx
7ffHjNAPXMovdPLmtRN9GCiP5hcr72zjmnpyuXoUK9N5o7pD+U4/aeD4uNQ7KE2N
rXTotH3U+PmN/Kvc1vdo5MFVsohcqXz7OfnRRkRM2NvOcggqEdnJublKlFHMtmYn
KT+LIzn+llMCs1/JB2shJGkQVLiZB1nw5pB4EpL86rdcKcKBvGhs69QDC8QdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUtl2YuOWLxr4LR2iyKAw/qJ7e+awwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM4
MzAyZTMwMmYzMjMwMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBATZ2VAw
DQYJKoZIhvcNAQELBQADggEBAJ6Re7QiA+FEHSVD2K8i8qp5NQ2OHc+ajIuylp4H
vyY5eM636vX3btM3TAZB+TN835gfXVLEXa2qb4CtSN82abo1sSC0bY/fWCIecG+4
j1sTxQjgcN5FKhGE5X5+Nn3c1wStiH8zV0sBvZnLpOweiL0b7FxxzkHR5ixmEzJ1
5b1jyfNztlAug8UJ9ROD/4yADayhRwFWa07JwaJqPhwaE5qZyJtg4LlV/fGCe86G
SQsSTN+C75TNM7XjXW7X6/ZYxinkLD+spXSCFccJyZ+Z5N5tA3y4601rN432t1mu
idBLlhMMvP6M5jOnj0AwFtyRB9FAqIElImY0SeLuba4SIwY=
-----END CERTIFICATE-----