Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e33322e302f32322d3234203d3e2039333034.roa
File:                     3231372e3231372e33322e302f32322d3234203d3e2039333034.roa (raw, json)
Hash identifier:          yk4nK0im1jiHJ1yBedg3tSz73P9DH/3DmuSTrd9TsEU=
Subject key identifier:   5C:31:CA:D0:29:7E:76:9A:E2:80:69:23:F0:A4:34:58:79:0D:7F:9C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       217C01BB0197976FAC7171F858285EF36363E060
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e33322e302f32322d3234203d3e2039333034.roa
Signing time:             Wed 16 Jul 2025 09:32:16 +0000
ROA not before:           Wed 16 Jul 2025 09:27:16 +0000
ROA not after:            Wed 15 Jul 2026 09:32:16 +0000
asID:                     9304
IP address blocks:        217.217.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:7c:01:bb:01:97:97:6f:ac:71:71:f8:58:28:5e:f3:63:63:e0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 16 09:27:16 2025 GMT
            Not After : Jul 15 09:32:16 2026 GMT
        Subject: CN=5C31CAD0297E769AE2806923F0A43458790D7F9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:69:0b:79:b9:4d:1d:16:ca:24:0a:fc:3e:95:
                    d5:ac:25:da:b8:ad:63:b4:a5:cf:20:ce:35:6b:d9:
                    97:9d:b6:ae:41:78:1e:44:e3:6d:5d:84:43:43:6a:
                    44:a2:72:b4:34:2c:89:de:07:09:0c:bf:d8:47:b5:
                    34:48:a5:84:8d:e4:af:f1:ec:3c:81:60:92:06:8c:
                    01:43:0b:90:c2:75:0f:4d:a1:28:e7:72:df:1e:ac:
                    16:b2:99:a3:f5:03:e8:a4:77:9c:57:b3:be:0b:36:
                    fe:87:41:a1:c2:90:0e:12:b3:d6:5f:55:d1:13:8e:
                    a8:d9:67:5d:b8:74:ee:68:32:52:50:71:4b:cd:26:
                    bb:0f:5e:34:f4:c6:fb:2e:f2:eb:db:f8:0e:a5:7b:
                    f7:04:a9:ab:c9:7f:bd:ef:f3:fc:d8:44:08:a5:7a:
                    aa:6c:39:01:7c:67:e6:d1:3a:8b:a0:79:13:58:d2:
                    0b:10:88:4a:40:88:9f:d6:b9:b0:7a:db:20:9f:18:
                    a2:10:1a:2a:97:d4:cf:d0:60:73:2c:e5:b3:a1:95:
                    04:6f:24:7c:2e:cb:bd:8f:e0:58:cf:33:20:0b:e0:
                    90:81:19:96:e2:12:8c:b4:7c:ba:1b:64:58:d1:0a:
                    f9:13:07:5c:d6:2b:59:5c:79:33:07:97:4f:96:e0:
                    36:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:31:CA:D0:29:7E:76:9A:E2:80:69:23:F0:A4:34:58:79:0D:7F:9C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e33322e302f32322d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:fa:70:b7:2f:35:45:0e:12:af:3c:16:aa:05:5c:e0:8b:6a:
         59:e7:78:d3:f6:4f:38:c2:35:e4:4d:33:21:41:ee:60:d5:e9:
         71:ec:08:36:98:e0:45:88:5c:4f:5b:18:8a:1a:db:d4:2e:8a:
         12:93:4f:76:8c:59:3c:73:a5:a0:99:b4:dd:f9:6d:49:29:7d:
         95:3b:24:48:3d:5a:60:7a:21:75:73:24:64:d5:c8:0a:e3:1c:
         54:03:cb:93:3b:eb:c2:0c:27:c8:c2:56:ba:f4:51:4e:be:fa:
         13:6d:e2:4d:df:74:ee:e0:5e:73:c4:01:a0:1d:88:b7:c2:a1:
         63:5d:b8:28:e5:14:f9:ec:3c:43:ec:af:33:6d:9e:8b:f3:32:
         48:9e:25:ba:ed:ae:98:83:5a:74:5b:be:98:ce:1a:ab:7e:68:
         5c:21:2d:e6:71:10:72:26:a3:b2:e5:0f:34:38:ab:27:7d:59:
         e2:71:d9:ca:aa:77:ca:ed:d3:80:59:ec:1b:69:02:0f:4d:03:
         9a:48:c5:b1:e2:eb:73:7a:76:54:37:b4:c9:04:1f:2f:38:fe:
         55:59:e3:27:7c:09:ad:3f:84:9a:bb:47:5a:0e:03:0f:6b:6e:
         69:cb:c2:85:71:86:4a:0d:ee:43:ba:be:50:c6:ba:26:5d:9d:
         a9:61:89:0a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIXwBuwGXl2+scXH4WChe82Nj4GAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTYwOTI3MTZaFw0yNjA3MTUwOTMyMTZaMDMxMTAvBgNV
BAMTKDVDMzFDQUQwMjk3RTc2OUFFMjgwNjkyM0YwQTQzNDU4NzkwRDdGOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUaQt5uU0dFsokCvw+ldWsJdq4
rWO0pc8gzjVr2Zedtq5BeB5E421dhENDakSicrQ0LIneBwkMv9hHtTRIpYSN5K/x
7DyBYJIGjAFDC5DCdQ9NoSjnct8erBaymaP1A+ikd5xXs74LNv6HQaHCkA4Ss9Zf
VdETjqjZZ124dO5oMlJQcUvNJrsPXjT0xvsu8uvb+A6le/cEqavJf73v8/zYRAil
eqpsOQF8Z+bROougeRNY0gsQiEpAiJ/WubB62yCfGKIQGiqX1M/QYHMs5bOhlQRv
JHwuy72P4FjPMyAL4JCBGZbiEoy0fLobZFjRCvkTB1zWK1lceTMHl0+W4DZVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXDHK0Cl+dprigGkj8KQ0WHkNf5wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMz
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
IDANBgkqhkiG9w0BAQsFAAOCAQEAe/pwty81RQ4SrzwWqgVc4ItqWed40/ZPOMI1
5E0zIUHuYNXpcewINpjgRYhcT1sYihrb1C6KEpNPdoxZPHOloJm03fltSSl9lTsk
SD1aYHohdXMkZNXICuMcVAPLkzvrwgwnyMJWuvRRTr76E23iTd907uBec8QBoB2I
t8KhY124KOUU+ew8Q+yvM22ei/MySJ4luu2umINadFu+mM4aq35oXCEt5nEQciaj
suUPNDirJ31Z4nHZyqp3yu3TgFnsG2kCD00DmkjFseLrc3p2VDe0yQQfLzj+VVnj
J3wJrT+EmrtHWg4DD2tuacvChXGGSg3uQ7q+UMa6Jl2dqWGJCg==
-----END CERTIFICATE-----