Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32302e302f32322d3234203d3e2037303239.roa
File:                     3231372e3231372e32302e302f32322d3234203d3e2037303239.roa (raw, json)
Hash identifier:          hHoESGQ2zrUqTjN1cO+Ws4RRENQWQKRVDVGfzJlxcn8=
Subject key identifier:   64:10:4C:BA:DD:7D:A7:38:26:5A:61:DF:33:04:AF:25:F3:0C:C2:29
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       01606CB460E19E3367DA0C5E3622C5ED37AF0EA5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32302e302f32322d3234203d3e2037303239.roa
Signing time:             Wed 23 Jul 2025 18:15:31 +0000
ROA not before:           Wed 23 Jul 2025 18:10:31 +0000
ROA not after:            Wed 22 Jul 2026 18:15:31 +0000
asID:                     7029
IP address blocks:        217.217.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:60:6c:b4:60:e1:9e:33:67:da:0c:5e:36:22:c5:ed:37:af:0e:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 23 18:10:31 2025 GMT
            Not After : Jul 22 18:15:31 2026 GMT
        Subject: CN=64104CBADD7DA738265A61DF3304AF25F30CC229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9c:ca:15:0b:93:20:51:96:3d:4c:1c:50:af:
                    be:a7:02:ac:fa:01:b6:36:78:91:4e:6d:bf:d0:1a:
                    47:ff:15:44:16:a0:ec:73:6a:9a:89:f8:4d:d7:92:
                    e9:87:0a:8c:04:e1:f9:cf:9a:d5:94:d7:38:10:f9:
                    4a:f2:89:fd:14:7f:70:28:7f:5b:3e:c0:a4:81:0f:
                    11:2b:53:fc:11:1b:b1:35:1e:07:8d:b4:46:5b:76:
                    ea:68:b1:28:67:59:05:94:da:c4:b3:85:a2:0c:94:
                    12:a8:1f:45:38:cc:79:f0:44:57:1a:40:b9:f6:cd:
                    63:9b:c3:6d:9e:ab:5f:f1:44:cf:08:92:e8:18:c7:
                    ad:70:73:cc:25:58:d2:bc:fe:29:b2:16:ed:4e:28:
                    12:32:f0:eb:50:de:c0:b2:43:18:9b:c0:11:3d:41:
                    2b:fc:48:5b:6f:7f:30:38:1b:26:62:79:21:c0:b3:
                    39:76:9a:d0:ea:ef:ba:e1:21:20:bb:ea:ae:cf:ef:
                    a6:4d:d2:d1:0f:be:d3:d5:dd:2a:7b:23:a3:7a:79:
                    10:61:06:4c:7e:a5:c8:0f:b2:4b:2e:ec:b6:80:bd:
                    30:a9:f7:9c:76:83:01:fd:c7:1b:67:b4:ef:7d:e8:
                    a7:d3:35:1f:2b:db:e7:b4:77:5c:9d:3a:5f:f8:cc:
                    66:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:10:4C:BA:DD:7D:A7:38:26:5A:61:DF:33:04:AF:25:F3:0C:C2:29
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32302e302f32322d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:11:61:c1:da:81:10:1c:94:19:6c:87:3f:05:13:21:1a:f8:
         30:7e:04:a0:8d:62:57:20:2f:7e:13:fa:09:9a:bc:82:83:64:
         c4:0e:c4:84:5d:20:e9:28:5d:a6:93:ef:30:ad:d6:fc:3b:8f:
         bf:5e:a7:19:59:cd:a9:9f:75:06:b6:74:7e:25:59:78:64:f7:
         1f:3a:72:8d:f9:9f:ff:83:a9:17:71:cc:51:2e:2b:16:37:7f:
         f6:2a:f5:c4:30:d6:09:91:4c:53:0f:5e:ed:8c:ae:ae:44:e5:
         80:6a:f5:5d:3e:ba:17:c4:e8:5d:59:f6:b5:1c:c9:d9:d8:ad:
         d7:f0:20:eb:b7:6b:b0:53:73:66:72:0f:20:7d:09:5f:3f:e8:
         3f:56:11:56:83:41:2c:79:9f:d0:ae:1f:17:03:eb:92:88:cd:
         9b:fc:30:ca:3a:24:07:7e:fa:d2:19:49:bc:73:bd:39:22:da:
         52:19:eb:53:3c:7a:20:d3:cf:c6:03:5b:5f:fd:ed:4b:e3:ef:
         93:ce:2c:a1:eb:33:67:21:c8:35:11:d7:d9:23:55:1d:b9:19:
         42:7e:fb:76:06:26:e8:14:b4:49:cf:7b:5d:5d:80:3c:d8:3c:
         cd:23:20:8c:a0:b1:ed:8f:90:c4:9a:52:d2:d5:0b:32:33:67:
         e1:bc:40:df
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAWBstGDhnjNn2gxeNiLF7TevDqUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjMxODEwMzFaFw0yNjA3MjIxODE1MzFaMDMxMTAvBgNV
BAMTKDY0MTA0Q0JBREQ3REE3MzgyNjVBNjFERjMzMDRBRjI1RjMwQ0MyMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEnMoVC5MgUZY9TBxQr76nAqz6
AbY2eJFObb/QGkf/FUQWoOxzapqJ+E3XkumHCowE4fnPmtWU1zgQ+Uryif0Uf3Ao
f1s+wKSBDxErU/wRG7E1HgeNtEZbduposShnWQWU2sSzhaIMlBKoH0U4zHnwRFca
QLn2zWObw22eq1/xRM8IkugYx61wc8wlWNK8/imyFu1OKBIy8OtQ3sCyQxibwBE9
QSv8SFtvfzA4GyZieSHAszl2mtDq77rhISC76q7P76ZN0tEPvtPV3Sp7I6N6eRBh
Bkx+pcgPsksu7LaAvTCp95x2gwH9xxtntO996KfTNR8r2+e0d1ydOl/4zGY1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUZBBMut19pzgmWmHfMwSvJfMMwikwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzMwMzIzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
FDANBgkqhkiG9w0BAQsFAAOCAQEAOxFhwdqBEByUGWyHPwUTIRr4MH4EoI1iVyAv
fhP6CZq8goNkxA7EhF0g6ShdppPvMK3W/DuPv16nGVnNqZ91BrZ0fiVZeGT3Hzpy
jfmf/4OpF3HMUS4rFjd/9ir1xDDWCZFMUw9e7YyurkTlgGr1XT66F8ToXVn2tRzJ
2dit1/Ag67drsFNzZnIPIH0JXz/oP1YRVoNBLHmf0K4fFwPrkojNm/wwyjokB376
0hlJvHO9OSLaUhnrUzx6INPPxgNbX/3tS+Pvk84soeszZyHINRHX2SNVHbkZQn77
dgYm6BS0Sc97XV2APNg8zSMgjKCx7Y+QxJpS0tULMjNn4bxA3w==
-----END CERTIFICATE-----