Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37372e382e302f32312d3332203d3e203430303231.roa
File:                     3231372e37372e382e302f32312d3332203d3e203430303231.roa (raw, json)
Hash identifier:          8Mhtv4hcx2cDRHtq4bGWc/QD2c6cVgYLGtsMHyYLLqY=
Subject key identifier:   59:57:CA:CB:E8:89:2E:E1:DA:FE:82:CB:12:BE:52:24:19:F4:7A:BA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1FFD65B2040A86E15941C77491F90DEF5B84BC4C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37372e382e302f32312d3332203d3e203430303231.roa
Signing time:             Sun 12 Oct 2025 21:47:51 +0000
ROA not before:           Sun 12 Oct 2025 21:42:51 +0000
ROA not after:            Sun 11 Oct 2026 21:47:51 +0000
asID:                     40021
IP address blocks:        217.77.8.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:fd:65:b2:04:0a:86:e1:59:41:c7:74:91:f9:0d:ef:5b:84:bc:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 12 21:42:51 2025 GMT
            Not After : Oct 11 21:47:51 2026 GMT
        Subject: CN=5957CACBE8892EE1DAFE82CB12BE522419F47ABA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:99:ca:85:11:9e:69:06:5c:a6:76:0d:77:80:
                    a9:cd:e0:a7:ce:83:81:f2:9e:3a:8a:c2:c7:c5:80:
                    17:9c:e8:3d:bb:a8:fc:2f:b8:42:18:a2:96:c3:be:
                    ca:49:08:54:f2:10:5f:0b:73:22:71:86:c8:f8:07:
                    6a:30:06:46:4b:37:d7:2f:25:c2:9e:c9:a0:06:27:
                    37:00:4a:a4:eb:5d:df:d0:f3:bc:4e:67:50:46:a1:
                    be:5c:a2:c4:c9:31:f3:4a:5e:84:64:12:5b:d0:ba:
                    6e:4c:9c:25:04:cf:b5:d1:68:95:f7:1a:35:22:2a:
                    86:83:9c:4e:ea:d3:1e:25:8e:35:41:da:42:84:23:
                    e3:93:6b:51:c8:ec:57:c4:06:ff:d2:69:90:38:c2:
                    e8:7d:d3:03:fc:fa:65:9e:12:3b:24:55:c5:bc:e9:
                    55:de:0c:35:90:b1:fd:2f:f4:af:fc:51:05:8f:f0:
                    9f:93:b5:cc:f0:2a:86:22:32:19:81:97:41:4e:00:
                    1d:61:f7:0d:ec:0a:98:3f:76:74:12:52:70:03:fb:
                    b0:60:e4:e5:6c:71:35:45:e8:67:b8:46:39:6b:46:
                    e2:31:17:b9:55:4f:08:2b:b1:19:a0:76:76:ec:17:
                    e0:59:96:7d:ca:4c:77:8d:77:17:74:c2:9e:ea:7c:
                    54:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:57:CA:CB:E8:89:2E:E1:DA:FE:82:CB:12:BE:52:24:19:F4:7A:BA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e37372e382e302f32312d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.77.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3a:6c:5d:cd:c7:4d:ff:e5:d7:99:ee:37:fd:74:4e:57:db:0d:
         47:8c:0d:e0:b9:eb:95:10:ec:37:9c:98:f1:33:75:db:3f:4c:
         b4:34:8e:8c:45:04:41:72:07:15:ea:01:e4:f3:1a:38:03:62:
         6e:ca:69:97:b3:36:83:12:08:fa:ff:bf:46:f9:0a:77:99:0e:
         9a:e0:de:89:cd:79:bc:5d:ae:e8:8f:3b:08:2a:fb:7d:0f:46:
         32:37:34:54:e8:29:7b:9b:0d:ac:9b:81:e5:c6:f5:95:7a:6e:
         8e:e9:b8:9e:b6:dd:b8:67:a3:6d:12:bc:60:67:29:52:ce:2f:
         39:aa:9f:a5:90:f4:65:7e:b6:bd:52:92:dd:a8:2f:1f:7b:29:
         67:71:57:35:76:4c:87:2d:f0:7a:ad:79:01:2e:50:c5:02:39:
         4f:07:dc:83:cc:35:4a:82:ca:e2:9b:0c:eb:1d:1a:b9:bf:48:
         9c:13:03:4f:16:0c:83:42:ca:6f:62:65:ff:a8:ed:6f:83:60:
         2d:fd:76:63:a8:16:94:6d:85:f8:22:37:76:63:db:8b:93:25:
         15:50:9b:41:49:fc:4d:07:37:ee:23:c2:9a:cd:e8:30:88:6d:
         09:44:2a:af:eb:c5:32:78:0f:32:cd:63:6f:8b:53:47:19:cc:
         1c:fe:8a:25
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUH/1lsgQKhuFZQcd0kfkN71uEvEwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMTIyMTQyNTFaFw0yNjEwMTEyMTQ3NTFaMDMxMTAvBgNV
BAMTKDU5NTdDQUNCRTg4OTJFRTFEQUZFODJDQjEyQkU1MjI0MTlGNDdBQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3mcqFEZ5pBlymdg13gKnN4KfO
g4HynjqKwsfFgBec6D27qPwvuEIYopbDvspJCFTyEF8LcyJxhsj4B2owBkZLN9cv
JcKeyaAGJzcASqTrXd/Q87xOZ1BGob5cosTJMfNKXoRkElvQum5MnCUEz7XRaJX3
GjUiKoaDnE7q0x4ljjVB2kKEI+OTa1HI7FfEBv/SaZA4wuh90wP8+mWeEjskVcW8
6VXeDDWQsf0v9K/8UQWP8J+TtczwKoYiMhmBl0FOAB1h9w3sCpg/dnQSUnAD+7Bg
5OVscTVF6Ge4RjlrRuIxF7lVTwgrsRmgdnbsF+BZln3KTHeNdxd0wp7qfFSZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUWVfKy+iJLuHa/oLLEr5SJBn0erowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzNzM3MmUzODJl
MzAyZjMyMzEyZDMzMzIyMDNkM2UyMDM0MzAzMDMyMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPZTQgw
DQYJKoZIhvcNAQELBQADggEBADpsXc3HTf/l15nuN/10TlfbDUeMDeC565UQ7Dec
mPEzdds/TLQ0joxFBEFyBxXqAeTzGjgDYm7KaZezNoMSCPr/v0b5CneZDprg3onN
ebxdruiPOwgq+30PRjI3NFToKXubDaybgeXG9ZV6bo7puJ623bhno20SvGBnKVLO
Lzmqn6WQ9GV+tr1Skt2oLx97KWdxVzV2TIct8HqteQEuUMUCOU8H3IPMNUqCyuKb
DOsdGrm/SJwTA08WDINCym9iZf+o7W+DYC39dmOoFpRthfgiN3Zj24uTJRVQm0FJ
/E0HN+4jwprN6DCIbQlEKq/rxTJ4DzLNY2+LU0cZzBz+iiU=
-----END CERTIFICATE-----