Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e33362e302f32322d3234203d3e2032383536.roa
File:                     3231372e3231372e33362e302f32322d3234203d3e2032383536.roa (raw, json)
Hash identifier:          h2ckFVeNSVjKkzv5rJrNMkfes2XefQA1H+TckR2mwmY=
Subject key identifier:   87:24:26:AB:31:27:AE:54:A8:48:8E:99:42:A7:80:B3:29:6F:09:9E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3B69210F27A5A769591747058F594E0F089A07DC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e33362e302f32322d3234203d3e2032383536.roa
Signing time:             Wed 16 Jul 2025 09:31:35 +0000
ROA not before:           Wed 16 Jul 2025 09:26:35 +0000
ROA not after:            Wed 15 Jul 2026 09:31:35 +0000
asID:                     2856
IP address blocks:        217.217.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:69:21:0f:27:a5:a7:69:59:17:47:05:8f:59:4e:0f:08:9a:07:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 16 09:26:35 2025 GMT
            Not After : Jul 15 09:31:35 2026 GMT
        Subject: CN=872426AB3127AE54A8488E9942A780B3296F099E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:25:af:09:b3:aa:ba:03:22:4f:70:8c:8f:86:
                    5a:71:eb:86:e4:54:bc:4d:b1:ec:f6:78:5c:ce:bb:
                    c7:cc:36:60:73:1a:75:b1:1f:14:9b:97:a5:39:39:
                    09:55:57:29:34:67:1f:f0:ab:2a:d6:ea:a0:3f:ff:
                    f0:9c:2b:46:5f:56:f7:88:48:37:0b:6f:aa:18:a4:
                    f2:ec:a1:58:8a:e9:e9:9a:fc:92:d4:e9:b5:a9:81:
                    71:74:98:5d:cf:84:0f:32:aa:c6:73:1d:6b:bd:26:
                    b8:1b:8c:8b:c2:af:db:74:e7:74:13:e2:76:f3:99:
                    c8:6e:28:15:76:3a:72:40:26:e6:62:1c:c2:6a:a6:
                    32:3c:45:5f:50:ff:43:e3:a1:ab:c9:7f:1c:41:27:
                    9d:a9:98:36:ae:f0:66:79:74:db:b6:58:c4:54:6a:
                    a4:b7:a6:d7:56:3e:c2:98:ff:30:38:e4:a3:13:88:
                    30:9d:61:70:44:ad:a8:77:1c:eb:48:c6:5d:41:b0:
                    6b:62:61:c9:37:ae:1c:ff:2b:79:c7:9f:12:8c:45:
                    60:2d:86:7a:33:9e:9f:13:14:a9:f0:72:ea:b9:69:
                    af:34:0f:c0:81:c7:00:1b:d1:66:09:6c:ac:07:f5:
                    83:93:6e:3b:b2:5e:e4:0b:e3:b2:d6:db:e0:ef:d4:
                    ea:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:24:26:AB:31:27:AE:54:A8:48:8E:99:42:A7:80:B3:29:6F:09:9E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e33362e302f32322d3234203d3e2032383536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:76:17:d3:f3:32:f9:ef:ca:e0:86:8b:f4:16:1d:7c:b0:a0:
         9a:40:0b:d9:c9:1d:d2:4e:7c:6c:da:b1:9d:9d:a0:70:a4:93:
         3e:48:75:ee:f4:b8:6e:4f:24:85:07:fc:a1:ab:1c:49:d1:67:
         07:29:84:4b:b2:df:ee:95:8a:66:a3:77:4f:e8:58:44:5e:66:
         87:72:07:91:8e:cf:6a:7c:6d:75:45:1f:9b:b1:e0:1f:5b:79:
         b9:5f:7d:2b:b1:70:b0:43:82:6c:66:92:9c:74:11:be:3a:65:
         e1:df:ec:5d:73:ae:93:1f:d7:f5:53:04:80:6a:f2:c5:24:f5:
         bf:7c:69:f0:4d:b3:e0:0b:4b:69:7e:93:6b:3c:3f:b5:3a:b1:
         8d:6d:69:59:02:80:be:55:53:27:fb:63:05:77:50:12:74:e5:
         d8:10:31:c6:9e:1a:30:42:45:6c:1f:91:80:20:41:bf:87:5d:
         c9:1a:b6:50:4e:0b:d1:18:86:cb:02:f4:54:a2:f4:1c:fb:74:
         3e:24:b7:eb:ab:27:a3:bc:29:f5:e3:0b:55:e7:94:b7:35:fa:
         36:47:12:12:71:6b:9c:95:a5:c6:d4:dc:6c:ca:08:7e:40:5a:
         bf:ec:63:4c:11:9c:7d:a5:a4:b5:17:5f:54:29:82:37:ec:6b:
         f3:cb:30:56
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUO2khDyelp2lZF0cFj1lODwiaB9wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTYwOTI2MzVaFw0yNjA3MTUwOTMxMzVaMDMxMTAvBgNV
BAMTKDg3MjQyNkFCMzEyN0FFNTRBODQ4OEU5OTQyQTc4MEIzMjk2RjA5OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxJa8Js6q6AyJPcIyPhlpx64bk
VLxNsez2eFzOu8fMNmBzGnWxHxSbl6U5OQlVVyk0Zx/wqyrW6qA///CcK0ZfVveI
SDcLb6oYpPLsoViK6ema/JLU6bWpgXF0mF3PhA8yqsZzHWu9JrgbjIvCr9t053QT
4nbzmchuKBV2OnJAJuZiHMJqpjI8RV9Q/0PjoavJfxxBJ52pmDau8GZ5dNu2WMRU
aqS3ptdWPsKY/zA45KMTiDCdYXBErah3HOtIxl1BsGtiYck3rhz/K3nHnxKMRWAt
hnoznp8TFKnwcuq5aa80D8CBxwAb0WYJbKwH9YOTbjuyXuQL47LW2+Dv1OpdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUhyQmqzEnrlSoSI6ZQqeAsylvCZ4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMz
MzYyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjM4MzUzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
JDANBgkqhkiG9w0BAQsFAAOCAQEAX3YX0/My+e/K4IaL9BYdfLCgmkAL2ckd0k58
bNqxnZ2gcKSTPkh17vS4bk8khQf8oascSdFnBymES7Lf7pWKZqN3T+hYRF5mh3IH
kY7PanxtdUUfm7HgH1t5uV99K7FwsEOCbGaSnHQRvjpl4d/sXXOukx/X9VMEgGry
xST1v3xp8E2z4AtLaX6Tazw/tTqxjW1pWQKAvlVTJ/tjBXdQEnTl2BAxxp4aMEJF
bB+RgCBBv4ddyRq2UE4L0RiGywL0VKL0HPt0PiS366sno7wp9eMLVeeUtzX6NkcS
EnFrnJWlxtTcbMoIfkBav+xjTBGcfaWktRdfVCmCN+xr88swVg==
-----END CERTIFICATE-----