Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e34302e302f32312d3231203d3e203539363432.roa
File:                     3231372e3231372e34302e302f32312d3231203d3e203539363432.roa (raw, json)
Hash identifier:          v3aMrg0pEIsojNdWdWPIs9/5EjzoZPTyQvK77kcNa/s=
Subject key identifier:   67:78:C5:30:0A:07:EE:72:B9:16:9E:0C:B1:75:D8:47:D0:22:55:DA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       244C25EA8D998882AF3FD7EF267AF164531197A3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e34302e302f32312d3231203d3e203539363432.roa
Signing time:             Thu 17 Jul 2025 17:42:30 +0000
ROA not before:           Thu 17 Jul 2025 17:37:30 +0000
ROA not after:            Thu 16 Jul 2026 17:42:30 +0000
asID:                     59642
IP address blocks:        217.217.40.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:4c:25:ea:8d:99:88:82:af:3f:d7:ef:26:7a:f1:64:53:11:97:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 17 17:37:30 2025 GMT
            Not After : Jul 16 17:42:30 2026 GMT
        Subject: CN=6778C5300A07EE72B9169E0CB175D847D02255DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:90:af:61:12:f7:e2:b7:6a:0e:11:3c:b8:3a:
                    fe:c5:67:2c:9b:6c:81:7e:f9:55:ae:dd:a1:e1:90:
                    b2:73:12:67:fc:1e:2f:f5:f8:0a:4a:4c:ce:6f:2c:
                    a4:f3:cc:e8:88:33:ba:a2:9f:f9:54:a6:e7:81:3b:
                    ba:46:b2:f4:5c:83:6f:c9:50:c5:fd:4c:dc:bb:81:
                    d7:38:b2:a2:1d:b4:82:69:9c:f7:9d:35:57:7c:b0:
                    2c:ae:d9:e8:b7:93:4e:53:3b:1e:bb:07:52:c0:e8:
                    59:b2:5c:db:b0:cf:30:5f:af:6f:7e:36:b2:05:fa:
                    05:74:a9:60:5d:0d:3c:93:ae:d8:ae:4d:3d:51:ae:
                    de:b9:95:bb:c3:4a:f6:08:f2:cf:54:49:d6:6f:a6:
                    eb:6e:ea:81:5d:8e:9a:82:5a:f0:1f:ff:a8:6e:89:
                    4c:d9:27:46:fe:4b:0a:75:a3:0d:eb:aa:7b:52:d3:
                    fc:1b:bc:dc:84:f1:0e:09:7c:99:54:bb:49:3d:3d:
                    2e:0f:44:19:92:a9:3c:8e:65:e5:38:d9:14:d0:f4:
                    38:11:2a:05:3a:9f:98:14:c0:33:e1:77:c5:69:97:
                    88:89:c1:7a:31:c6:99:40:05:82:b0:54:a4:94:45:
                    68:f6:8a:12:59:ad:bb:ce:96:20:61:d6:a1:81:3a:
                    75:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:78:C5:30:0A:07:EE:72:B9:16:9E:0C:B1:75:D8:47:D0:22:55:DA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e34302e302f32312d3231203d3e203539363432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         19:25:00:f1:16:49:bc:4e:ee:5b:55:1d:66:b8:b4:b6:89:4e:
         89:bb:95:5b:ec:51:88:c4:ad:3c:2f:80:d4:52:7b:b4:15:fa:
         8b:38:02:a6:4f:b4:2b:02:a6:2c:94:16:c3:63:d8:2f:78:d9:
         c9:1c:32:4d:5d:54:6d:54:71:ef:a7:bf:20:3c:d1:5c:46:51:
         a3:fb:73:ef:73:df:92:2d:0c:b2:9b:62:4d:6f:af:b7:50:53:
         83:4f:99:95:68:a6:dc:6a:db:0c:a0:ba:a0:65:ce:14:37:9f:
         a7:3e:68:8e:e5:33:7b:c3:de:4a:70:59:b0:bd:3b:71:35:78:
         ef:68:49:dd:51:52:fc:0f:3b:11:38:02:67:d6:06:9d:5e:5b:
         3b:93:90:ce:42:dc:de:db:16:7f:ba:6a:0d:b8:56:61:f2:eb:
         e9:d1:93:42:3d:ac:01:33:04:26:e2:3f:3d:f0:3e:33:49:10:
         36:44:8d:6f:3d:d7:ac:2d:d4:5b:51:3b:c0:db:80:21:7a:10:
         56:67:67:7b:17:b7:4c:19:f0:68:4a:52:83:a9:70:2a:f0:e7:
         03:f6:20:ec:be:42:6e:83:80:00:85:c7:77:25:e7:fb:80:2f:
         c7:f2:a8:9a:28:9b:ed:e9:c6:d3:59:d0:04:d5:f7:97:2a:40:
         fe:34:02:70
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUJEwl6o2ZiIKvP9fvJnrxZFMRl6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTcxNzM3MzBaFw0yNjA3MTYxNzQyMzBaMDMxMTAvBgNV
BAMTKDY3NzhDNTMwMEEwN0VFNzJCOTE2OUUwQ0IxNzVEODQ3RDAyMjU1REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrkK9hEvfit2oOETy4Ov7FZyyb
bIF++VWu3aHhkLJzEmf8Hi/1+ApKTM5vLKTzzOiIM7qin/lUpueBO7pGsvRcg2/J
UMX9TNy7gdc4sqIdtIJpnPedNVd8sCyu2ei3k05TOx67B1LA6FmyXNuwzzBfr29+
NrIF+gV0qWBdDTyTrtiuTT1Rrt65lbvDSvYI8s9USdZvputu6oFdjpqCWvAf/6hu
iUzZJ0b+Swp1ow3rqntS0/wbvNyE8Q4JfJlUu0k9PS4PRBmSqTyOZeU42RTQ9DgR
KgU6n5gUwDPhd8Vpl4iJwXoxxplABYKwVKSURWj2ihJZrbvOliBh1qGBOnVPAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUZ3jFMAoH7nK5Fp4MsXXYR9AiVdowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM0
MzAyZTMwMmYzMjMxMmQzMjMxMjAzZDNlMjAzNTM5MzYzNDMyLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD
2dkoMA0GCSqGSIb3DQEBCwUAA4IBAQAZJQDxFkm8Tu5bVR1muLS2iU6Ju5Vb7FGI
xK08L4DUUnu0FfqLOAKmT7QrAqYslBbDY9gveNnJHDJNXVRtVHHvp78gPNFcRlGj
+3Pvc9+SLQyym2JNb6+3UFODT5mVaKbcatsMoLqgZc4UN5+nPmiO5TN7w95KcFmw
vTtxNXjvaEndUVL8DzsROAJn1gadXls7k5DOQtze2xZ/umoNuFZh8uvp0ZNCPawB
MwQm4j898D4zSRA2RI1vPdesLdRbUTvA24AhehBWZ2d7F7dMGfBoSlKDqXAq8OcD
9iDsvkJug4AAhcd3Jef7gC/H8qiaKJvt6cbTWdAE1feXKkD+NAJw
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:56:15 2025 by rpki-client