Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37372e302e302f32312d3332203d3e203430303231.roa
File:                     3231372e37372e302e302f32312d3332203d3e203430303231.roa (raw, json)
Hash identifier:          ebtd46SPKR9FVLPtVh+dS1wZcGiamkxZNGskkWcHw90=
Subject key identifier:   2B:7B:6B:15:B2:51:5F:30:33:10:40:72:F1:EE:29:94:1C:BC:D0:F6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       30E49FADA92C6AE1A0DFD6A4328ECD7A9A151CB6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37372e302e302f32312d3332203d3e203430303231.roa
Signing time:             Sun 12 Oct 2025 21:47:51 +0000
ROA not before:           Sun 12 Oct 2025 21:42:51 +0000
ROA not after:            Sun 11 Oct 2026 21:47:51 +0000
asID:                     40021
IP address blocks:        217.77.0.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:e4:9f:ad:a9:2c:6a:e1:a0:df:d6:a4:32:8e:cd:7a:9a:15:1c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 12 21:42:51 2025 GMT
            Not After : Oct 11 21:47:51 2026 GMT
        Subject: CN=2B7B6B15B2515F3033104072F1EE29941CBCD0F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:63:a9:4f:1f:2f:39:1f:8b:51:e0:4c:96:ef:
                    51:9b:9d:00:d0:73:8c:56:22:5e:86:1b:75:44:91:
                    5c:77:27:77:3d:1c:eb:94:72:a9:a2:0e:64:41:5e:
                    87:79:d5:37:b4:7b:50:13:02:35:37:a3:85:1b:c4:
                    2a:4c:d7:f5:f5:3c:6e:37:83:14:51:ae:68:fe:43:
                    3b:db:84:e4:b9:4b:f2:70:f9:4b:f1:7f:74:e3:3b:
                    27:c2:66:d2:f1:ed:95:16:60:b2:16:01:01:b8:ac:
                    04:b6:36:63:ef:0b:a3:ca:76:7b:84:9e:3a:d7:78:
                    44:79:01:95:ea:18:cb:79:7f:e3:25:5e:ff:ef:19:
                    46:a7:bd:ea:d5:99:92:b6:03:2f:ea:39:f0:ea:6c:
                    8f:18:74:0e:a0:f7:23:41:88:6d:47:c8:b8:5d:57:
                    95:ea:75:45:5d:32:fb:4b:36:8a:d2:95:e7:90:9d:
                    26:d5:8b:69:16:95:ce:86:6d:b6:c5:7e:ad:b2:78:
                    ba:cf:be:10:e2:94:2e:e1:77:93:c0:2e:8d:9d:2f:
                    46:6a:1a:f7:2e:08:27:63:51:4a:9b:29:62:0e:88:
                    c7:08:c9:4b:d0:75:f6:3c:32:c6:61:34:c8:f4:81:
                    79:11:ec:05:87:b8:44:58:82:8f:10:b7:4b:9f:5b:
                    05:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:7B:6B:15:B2:51:5F:30:33:10:40:72:F1:EE:29:94:1C:BC:D0:F6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37372e302e302f32312d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.77.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         77:68:5f:d7:af:2e:bd:72:dc:ad:f3:e6:32:91:3d:56:86:f8:
         a4:27:82:6b:66:c5:03:7b:46:16:ee:fb:ab:5d:cb:df:b7:29:
         b2:5a:1e:32:31:66:3f:09:f6:15:a3:b3:cd:36:96:11:ef:0a:
         38:67:d6:31:45:2c:c3:3b:7b:86:5d:0c:2e:0d:61:cf:7e:8f:
         7f:ce:df:16:da:bb:da:b5:62:7d:27:f5:d3:80:01:b6:ed:ef:
         cb:b3:fd:0b:57:22:86:15:26:11:75:1d:8f:38:0f:74:9c:56:
         0b:2b:c5:e8:91:a9:2b:c0:4d:2b:55:65:3d:c2:eb:32:0b:a4:
         88:e4:4d:db:71:21:b8:36:d9:2b:bf:00:ee:c5:db:e0:2e:3e:
         18:c6:5e:bf:c1:ee:a4:9d:cd:c0:e7:0f:fb:02:e0:07:57:12:
         1c:b7:0b:6e:4b:e7:9b:d8:c8:1e:78:b7:17:48:63:84:bc:74:
         5b:6d:13:5a:08:d5:0c:58:e7:33:e2:ba:9f:ef:e4:f0:bc:78:
         f7:f8:f3:14:94:89:cf:96:78:8a:0b:bf:7e:2f:b0:09:20:a1:
         ec:1c:1a:89:82:71:79:69:eb:04:88:af:17:92:f0:52:6b:77:
         16:4f:d0:cb:09:6b:54:47:45:a4:1b:2c:50:1c:85:8a:3f:93:
         e2:cc:42:e6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUMOSfraksauGg39akMo7NepoVHLYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMTIyMTQyNTFaFw0yNjEwMTEyMTQ3NTFaMDMxMTAvBgNV
BAMTKDJCN0I2QjE1QjI1MTVGMzAzMzEwNDA3MkYxRUUyOTk0MUNCQ0QwRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuY6lPHy85H4tR4EyW71GbnQDQ
c4xWIl6GG3VEkVx3J3c9HOuUcqmiDmRBXod51Te0e1ATAjU3o4UbxCpM1/X1PG43
gxRRrmj+QzvbhOS5S/Jw+Uvxf3TjOyfCZtLx7ZUWYLIWAQG4rAS2NmPvC6PKdnuE
njrXeER5AZXqGMt5f+MlXv/vGUanverVmZK2Ay/qOfDqbI8YdA6g9yNBiG1HyLhd
V5XqdUVdMvtLNorSleeQnSbVi2kWlc6GbbbFfq2yeLrPvhDilC7hd5PALo2dL0Zq
GvcuCCdjUUqbKWIOiMcIyUvQdfY8MsZhNMj0gXkR7AWHuERYgo8Qt0ufWwXxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUK3trFbJRXzAzEEBy8e4plBy80PYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzNzM3MmUzMDJl
MzAyZjMyMzEyZDMzMzIyMDNkM2UyMDM0MzAzMDMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPZTQAw
DQYJKoZIhvcNAQELBQADggEBAHdoX9evLr1y3K3z5jKRPVaG+KQngmtmxQN7Rhbu
+6tdy9+3KbJaHjIxZj8J9hWjs802lhHvCjhn1jFFLMM7e4ZdDC4NYc9+j3/O3xba
u9q1Yn0n9dOAAbbt78uz/QtXIoYVJhF1HY84D3ScVgsrxeiRqSvATStVZT3C6zIL
pIjkTdtxIbg22Su/AO7F2+AuPhjGXr/B7qSdzcDnD/sC4AdXEhy3C25L55vYyB54
txdIY4S8dFttE1oI1QxY5zPiup/v5PC8ePf48xSUic+WeIoLv34vsAkgoewcGomC
cXlp6wSIrxeS8FJrdxZP0MsJa1RHRaQbLFAchYo/k+LMQuY=
-----END CERTIFICATE-----