Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32392e302f32342d3234203d3e2035303635.roa
File:                     3231372e3231372e32392e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          RQPA6uE27o+566D59dAXGbOmnsREbPZp3tWxf1Ecz+c=
Subject key identifier:   83:F4:39:BF:1B:98:77:CB:1B:23:32:EE:B3:27:13:C3:E4:65:1C:5B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       082D158DAD988DE0BDD41CA5EB15B57B5A195E1A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32392e302f32342d3234203d3e2035303635.roa
Signing time:             Wed 23 Jul 2025 09:20:41 +0000
ROA not before:           Wed 23 Jul 2025 09:15:41 +0000
ROA not after:            Wed 22 Jul 2026 09:20:41 +0000
asID:                     5065
IP address blocks:        217.217.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:2d:15:8d:ad:98:8d:e0:bd:d4:1c:a5:eb:15:b5:7b:5a:19:5e:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 23 09:15:41 2025 GMT
            Not After : Jul 22 09:20:41 2026 GMT
        Subject: CN=83F439BF1B9877CB1B2332EEB32713C3E4651C5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:42:05:e0:2e:10:1a:28:88:3e:58:8e:f8:2e:
                    77:56:40:72:db:2b:17:d3:f4:d5:3c:68:1b:2a:96:
                    a2:9d:cd:d0:7a:d5:20:a1:02:29:04:2d:02:61:7d:
                    86:54:4d:5a:f1:f1:7e:b8:3e:17:b5:99:a9:a4:80:
                    95:b0:d3:90:ed:b6:24:4e:8d:17:b8:35:b9:69:7c:
                    86:e4:4a:f3:99:64:41:ef:d3:33:37:00:b2:00:71:
                    2a:ed:88:d0:b1:0b:68:d6:27:26:48:33:9f:3c:2b:
                    65:50:67:41:e7:09:02:13:cf:da:61:df:42:8b:41:
                    af:aa:57:27:5a:67:62:f4:19:ec:57:c1:78:01:a2:
                    87:76:2a:93:64:93:18:63:45:6b:ba:0e:f2:64:37:
                    3d:ee:81:8c:a0:a5:81:ad:98:a9:d1:ad:38:47:25:
                    5d:41:5d:c2:b6:56:6a:d3:85:fd:ed:43:fc:28:a6:
                    f1:db:4b:19:b3:5f:2b:e8:04:2f:dd:7e:a6:28:5e:
                    dd:9e:0e:24:4a:d4:d5:4e:d9:f2:fd:43:23:4e:11:
                    66:52:d8:6c:92:7f:7b:4a:11:57:5c:fe:57:e3:a8:
                    8c:77:51:b2:71:ad:2f:59:d0:21:66:72:be:4f:16:
                    71:b5:53:39:58:3b:18:d4:f7:66:12:8d:cb:49:1c:
                    ca:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F4:39:BF:1B:98:77:CB:1B:23:32:EE:B3:27:13:C3:E4:65:1C:5B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32392e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:a3:10:0b:fe:ce:48:47:2e:84:21:03:ab:67:25:5a:45:3c:
         84:a1:8c:2e:14:0c:e5:42:2e:3e:5a:13:ea:fd:d7:9b:59:7f:
         24:74:e5:8c:2b:93:ba:c6:52:b5:d7:e5:d4:db:70:13:8f:48:
         b7:08:49:35:ec:0c:65:bb:7a:fb:c1:0f:19:68:28:6a:18:96:
         2e:9f:6b:26:a9:26:17:50:b8:94:ba:50:63:9e:0a:e2:fb:03:
         6e:7b:a4:f8:10:5d:76:a9:57:ba:e6:b7:4f:6d:4b:de:fe:8d:
         07:b3:e7:96:57:21:99:74:af:67:ab:47:99:d8:f9:45:d8:58:
         a2:9f:60:91:56:3f:3b:75:d2:e0:84:fc:59:de:7d:db:84:0a:
         24:27:bd:46:b7:d0:e5:58:ee:80:ee:35:d4:cf:82:22:69:60:
         2d:69:de:85:a7:10:f5:39:41:9e:ce:6f:08:9c:4c:ad:6a:7c:
         b4:e2:ee:55:64:55:04:23:f5:b9:24:be:1e:23:8e:42:2f:9c:
         3d:d9:ab:68:0d:27:b4:67:8c:a8:b4:99:15:79:ef:2c:f2:4e:
         e8:c7:0a:dc:39:d5:bd:e4:16:60:16:94:34:55:57:99:22:16:
         24:ea:b8:56:5e:f8:9f:a1:18:24:33:ab:95:63:97:9c:48:d9:
         2e:a2:e3:1f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCC0Vja2YjeC91Byl6xW1e1oZXhowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjMwOTE1NDFaFw0yNjA3MjIwOTIwNDFaMDMxMTAvBgNV
BAMTKDgzRjQzOUJGMUI5ODc3Q0IxQjIzMzJFRUIzMjcxM0MzRTQ2NTFDNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPQgXgLhAaKIg+WI74LndWQHLb
KxfT9NU8aBsqlqKdzdB61SChAikELQJhfYZUTVrx8X64Phe1mamkgJWw05DttiRO
jRe4NblpfIbkSvOZZEHv0zM3ALIAcSrtiNCxC2jWJyZIM588K2VQZ0HnCQITz9ph
30KLQa+qVydaZ2L0GexXwXgBood2KpNkkxhjRWu6DvJkNz3ugYygpYGtmKnRrThH
JV1BXcK2VmrThf3tQ/wopvHbSxmzXyvoBC/dfqYoXt2eDiRK1NVO2fL9QyNOEWZS
2GySf3tKEVdc/lfjqIx3UbJxrS9Z0CFmcr5PFnG1UzlYOxjU92YSjctJHMqHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUg/Q5vxuYd8sbIzLusycTw+RlHFswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnZ
HTANBgkqhkiG9w0BAQsFAAOCAQEALqMQC/7OSEcuhCEDq2clWkU8hKGMLhQM5UIu
PloT6v3Xm1l/JHTljCuTusZStdfl1NtwE49ItwhJNewMZbt6+8EPGWgoahiWLp9r
JqkmF1C4lLpQY54K4vsDbnuk+BBddqlXuua3T21L3v6NB7PnllchmXSvZ6tHmdj5
RdhYop9gkVY/O3XS4IT8Wd5924QKJCe9RrfQ5VjugO411M+CImlgLWnehacQ9TlB
ns5vCJxMrWp8tOLuVWRVBCP1uSS+HiOOQi+cPdmraA0ntGeMqLSZFXnvLPJO6McK
3DnVveQWYBaUNFVXmSIWJOq4Vl74n6EYJDOrlWOXnEjZLqLjHw==
-----END CERTIFICATE-----