Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e34382e302f32322d3234203d3e2037383433.roa
File:                     3231372e3231372e34382e302f32322d3234203d3e2037383433.roa (raw, json)
Hash identifier:          VNP41nVg7fnFA3jk3ELu+82hH2CpKY5f8xv4ufKmPrw=
Subject key identifier:   6C:19:43:E5:F6:E6:5A:01:37:0F:43:26:50:4A:72:DB:ED:16:CB:CD
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3C5D2DB7051C3052D6B2B1725E8311DE5DFD5477
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e34382e302f32322d3234203d3e2037383433.roa
Signing time:             Fri 18 Jul 2025 19:14:57 +0000
ROA not before:           Fri 18 Jul 2025 19:09:57 +0000
ROA not after:            Fri 17 Jul 2026 19:14:57 +0000
asID:                     7843
IP address blocks:        217.217.48.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:5d:2d:b7:05:1c:30:52:d6:b2:b1:72:5e:83:11:de:5d:fd:54:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 18 19:09:57 2025 GMT
            Not After : Jul 17 19:14:57 2026 GMT
        Subject: CN=6C1943E5F6E65A01370F4326504A72DBED16CBCD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:fd:5d:11:4b:42:2f:c7:7f:14:91:f3:bc:42:
                    51:8d:78:d9:61:d0:88:b6:6e:ed:2d:41:00:97:5c:
                    31:76:08:2a:65:c9:d7:80:6a:99:02:27:f2:b3:56:
                    c0:dc:01:9a:2a:d9:44:83:2e:e2:bf:9c:62:b5:1b:
                    61:dc:86:d7:e8:a6:7e:8e:db:e9:f1:8e:16:81:1c:
                    11:18:49:54:0b:58:d4:2c:29:77:78:dd:84:6e:1a:
                    95:fd:12:1d:da:03:25:20:c4:15:f9:23:3a:13:d3:
                    a8:0d:ec:eb:c6:9b:ed:a4:18:3c:9c:60:bb:d4:7c:
                    0d:13:b1:50:ea:c5:9b:54:d5:4c:3e:60:ed:3f:6f:
                    90:f2:d5:53:97:62:87:00:76:44:80:d9:25:bb:1c:
                    a7:d2:69:13:27:d7:96:92:da:ab:1f:68:e6:d5:7d:
                    0f:7e:6c:56:2f:78:c7:1d:09:02:e9:cc:55:2f:56:
                    86:38:60:33:94:a3:b4:e1:d4:65:dc:5c:ba:c4:57:
                    b4:ed:d1:c4:67:f0:dc:ba:d5:e3:fe:03:27:90:da:
                    68:bf:8b:a7:4f:6c:80:9c:b4:cd:0b:f3:9a:24:c5:
                    69:63:1f:c5:80:c7:be:8a:97:45:84:81:7b:62:cf:
                    12:43:41:87:0c:95:15:f0:ce:e7:30:f5:3b:13:42:
                    f0:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:19:43:E5:F6:E6:5A:01:37:0F:43:26:50:4A:72:DB:ED:16:CB:CD
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e34382e302f32322d3234203d3e2037383433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:72:f6:f0:fe:d9:f5:81:47:77:95:1e:b0:5c:b0:ee:3f:31:
         a5:63:2b:e7:a4:54:f4:c9:6b:3f:4b:a6:f6:af:7e:fb:dd:f8:
         8f:10:23:83:65:37:98:24:ac:fb:4e:42:03:89:d7:00:76:5e:
         a7:77:16:5d:82:02:fe:05:4a:a4:60:b7:2c:d5:75:04:0e:59:
         b1:b3:93:47:ac:13:63:90:bd:56:76:18:0c:da:d7:49:6c:2f:
         29:9d:f1:3c:06:51:c5:76:42:b5:31:76:36:9f:71:48:c6:fc:
         f8:b8:cc:43:cf:12:99:23:54:be:58:c2:87:53:f0:8e:46:64:
         bb:49:30:82:52:cd:28:a4:49:94:47:ec:af:9c:d4:7e:a7:6e:
         1f:7b:73:a9:eb:8d:fc:32:0d:c8:cb:23:c7:c6:b8:3e:a9:12:
         3e:ec:4d:a9:c6:a8:3a:32:e9:6b:bb:bb:2a:dc:86:1d:8d:b6:
         cd:1f:80:fa:de:65:e2:d0:5b:32:a4:32:02:3d:40:df:ad:bc:
         ec:b4:53:e7:e2:e8:12:8d:e6:30:a3:df:ea:d8:39:c1:f5:60:
         b3:f0:54:d1:a8:a8:2f:66:04:61:d5:14:d1:86:5d:17:d2:e7:
         ad:df:89:96:66:41:56:77:4e:d8:84:7e:79:f8:7f:3a:85:91:
         b6:69:ec:cb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPF0ttwUcMFLWsrFyXoMR3l39VHcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTgxOTA5NTdaFw0yNjA3MTcxOTE0NTdaMDMxMTAvBgNV
BAMTKDZDMTk0M0U1RjZFNjVBMDEzNzBGNDMyNjUwNEE3MkRCRUQxNkNCQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH/V0RS0Ivx38UkfO8QlGNeNlh
0Ii2bu0tQQCXXDF2CCplydeAapkCJ/KzVsDcAZoq2USDLuK/nGK1G2Hchtfopn6O
2+nxjhaBHBEYSVQLWNQsKXd43YRuGpX9Eh3aAyUgxBX5IzoT06gN7OvGm+2kGDyc
YLvUfA0TsVDqxZtU1Uw+YO0/b5Dy1VOXYocAdkSA2SW7HKfSaRMn15aS2qsfaObV
fQ9+bFYveMcdCQLpzFUvVoY4YDOUo7Th1GXcXLrEV7Tt0cRn8Ny61eP+AyeQ2mi/
i6dPbICctM0L85okxWljH8WAx76Kl0WEgXtizxJDQYcMlRXwzucw9TsTQvClAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbBlD5fbmWgE3D0MmUEpy2+0Wy80wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM0
MzgyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzM4MzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
MDANBgkqhkiG9w0BAQsFAAOCAQEAEnL28P7Z9YFHd5UesFyw7j8xpWMr56RU9Mlr
P0um9q9++934jxAjg2U3mCSs+05CA4nXAHZep3cWXYIC/gVKpGC3LNV1BA5ZsbOT
R6wTY5C9VnYYDNrXSWwvKZ3xPAZRxXZCtTF2Np9xSMb8+LjMQ88SmSNUvljCh1Pw
jkZku0kwglLNKKRJlEfsr5zUfqduH3tzqeuN/DINyMsjx8a4PqkSPuxNqcaoOjLp
a7u7KtyGHY22zR+A+t5l4tBbMqQyAj1A36287LRT5+LoEo3mMKPf6tg5wfVgs/BU
0aioL2YEYdUU0YZdF9Lnrd+JlmZBVndO2IR+efh/OoWRtmnsyw==
-----END CERTIFICATE-----