Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32302e302f32322d3234203d3e2037383433.roa
File:                     3231372e3231372e32302e302f32322d3234203d3e2037383433.roa (raw, json)
Hash identifier:          JTrNFyyvTmR5OusK/STy+yIFxm67Jev+Ok6+teeWoQc=
Subject key identifier:   3F:57:02:27:87:99:D4:70:A7:12:12:88:F4:1E:4D:28:2A:4B:77:D6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       151418F02E80A8F65A836630B537D10DB69AFA48
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32302e302f32322d3234203d3e2037383433.roa
Signing time:             Wed 23 Jul 2025 18:15:33 +0000
ROA not before:           Wed 23 Jul 2025 18:10:33 +0000
ROA not after:            Wed 22 Jul 2026 18:15:33 +0000
asID:                     7843
IP address blocks:        217.217.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:14:18:f0:2e:80:a8:f6:5a:83:66:30:b5:37:d1:0d:b6:9a:fa:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 23 18:10:33 2025 GMT
            Not After : Jul 22 18:15:33 2026 GMT
        Subject: CN=3F5702278799D470A7121288F41E4D282A4B77D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b8:93:7c:1f:57:38:42:41:ea:3f:0f:7a:c7:
                    77:6e:f0:ef:cc:4e:8f:83:0e:d4:e2:76:33:0f:b3:
                    c4:4d:3f:45:c3:2d:c9:bf:0d:39:08:4e:6d:c0:e5:
                    a8:a9:1d:5e:f4:4a:6d:cc:4d:3d:19:da:19:f9:9b:
                    80:b0:09:a7:fc:7c:05:c5:a7:18:d0:bf:6a:61:67:
                    a3:e5:5d:94:c5:95:45:ef:7b:2b:67:c9:a8:37:2c:
                    43:aa:1f:c6:60:16:5b:59:5c:09:36:6e:49:9b:95:
                    4b:7e:21:a6:f5:16:b8:97:03:45:fa:25:fd:13:60:
                    32:1b:dd:99:ce:8d:04:88:b5:60:69:e1:b2:a1:ef:
                    c6:41:4f:c9:59:61:87:1e:43:ed:72:19:a9:bb:f6:
                    8f:e9:95:a6:bc:29:66:5b:b6:a3:07:96:39:e7:78:
                    22:06:3c:b9:e2:00:c4:29:ee:3b:05:b4:6b:ff:33:
                    a3:c2:35:86:e3:2b:33:44:62:20:67:61:b4:7c:d8:
                    a3:bd:6d:6c:76:ee:e5:0c:74:c4:82:f9:73:01:9e:
                    70:54:69:21:b6:0b:c8:d5:f3:3d:8c:c1:2b:fc:90:
                    8f:2d:b9:bb:8c:11:dd:74:99:05:a3:71:4f:e9:82:
                    3d:3b:61:44:2c:c3:97:f4:b7:1e:68:d1:fb:e7:21:
                    1a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:57:02:27:87:99:D4:70:A7:12:12:88:F4:1E:4D:28:2A:4B:77:D6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32302e302f32322d3234203d3e2037383433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:fa:10:e6:18:7a:c4:e3:75:93:d3:71:d1:ac:3f:f1:19:0b:
         c8:75:c9:95:22:83:43:b9:20:af:c5:6f:54:2d:99:42:68:6b:
         17:dd:0e:2d:ad:d6:89:4c:b7:de:92:f7:37:d4:d5:e0:54:5d:
         43:8a:e1:2f:64:99:55:b3:5c:8c:66:2f:1c:1a:6c:d6:4f:85:
         1e:c8:d2:50:2b:94:a4:8b:69:57:4a:fb:f5:0e:52:c9:ec:3b:
         c5:c1:3f:26:0d:79:ee:73:48:fc:e5:5c:23:73:13:f1:77:4a:
         01:87:f9:c9:48:e3:b0:56:b4:5e:e2:73:12:45:67:af:31:f9:
         61:09:07:97:3f:e0:da:15:43:24:dd:24:3f:8e:17:bf:d2:9a:
         21:42:9f:47:9d:21:ba:5f:52:ee:a5:e2:9a:25:e6:1e:9d:6e:
         19:6c:b1:0f:6b:74:38:0c:ae:e0:c9:d2:23:0b:14:95:b9:dd:
         56:6d:12:2d:7c:84:8a:96:c3:7f:77:cc:a8:fd:9f:36:65:b5:
         35:cd:b8:7e:dc:65:de:0a:f5:63:78:13:f7:9d:b4:31:a3:fd:
         61:dd:09:17:d5:94:f4:bc:d0:17:21:15:7b:0d:79:e5:ff:43:
         0e:f0:33:3e:66:2e:34:f0:73:c4:41:87:10:e7:33:b2:14:a5:
         26:14:23:53
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFRQY8C6AqPZag2YwtTfRDbaa+kgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjMxODEwMzNaFw0yNjA3MjIxODE1MzNaMDMxMTAvBgNV
BAMTKDNGNTcwMjI3ODc5OUQ0NzBBNzEyMTI4OEY0MUU0RDI4MkE0Qjc3RDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTuJN8H1c4QkHqPw96x3du8O/M
To+DDtTidjMPs8RNP0XDLcm/DTkITm3A5aipHV70Sm3MTT0Z2hn5m4CwCaf8fAXF
pxjQv2phZ6PlXZTFlUXveytnyag3LEOqH8ZgFltZXAk2bkmblUt+Iab1FriXA0X6
Jf0TYDIb3ZnOjQSItWBp4bKh78ZBT8lZYYceQ+1yGam79o/plaa8KWZbtqMHljnn
eCIGPLniAMQp7jsFtGv/M6PCNYbjKzNEYiBnYbR82KO9bWx27uUMdMSC+XMBnnBU
aSG2C8jV8z2MwSv8kI8tubuMEd10mQWjcU/pgj07YUQsw5f0tx5o0fvnIRpjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUP1cCJ4eZ1HCnEhKI9B5NKCpLd9YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzM4MzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
FDANBgkqhkiG9w0BAQsFAAOCAQEAI/oQ5hh6xON1k9Nx0aw/8RkLyHXJlSKDQ7kg
r8VvVC2ZQmhrF90OLa3WiUy33pL3N9TV4FRdQ4rhL2SZVbNcjGYvHBps1k+FHsjS
UCuUpItpV0r79Q5Syew7xcE/Jg157nNI/OVcI3MT8XdKAYf5yUjjsFa0XuJzEkVn
rzH5YQkHlz/g2hVDJN0kP44Xv9KaIUKfR50hul9S7qXimiXmHp1uGWyxD2t0OAyu
4MnSIwsUlbndVm0SLXyEipbDf3fMqP2fNmW1Nc24ftxl3gr1Y3gT9520MaP9Yd0J
F9WU9LzQFyEVew155f9DDvAzPmYuNPBzxEGHEOczshSlJhQjUw==
-----END CERTIFICATE-----