Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e35322e302f32322d3234203d3e2037383433.roa
File:                     3231372e3231372e35322e302f32322d3234203d3e2037383433.roa (raw, json)
Hash identifier:          rCOpXK/u6poWJq82dNoIhqC71PmwtPTUGJDZNARSD+s=
Subject key identifier:   37:81:50:46:BA:64:40:0B:61:BF:4D:EC:4E:BA:5F:11:1D:77:E6:5F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       12EA294D2C9325B336C4557C21C3402550CAE436
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e35322e302f32322d3234203d3e2037383433.roa
Signing time:             Fri 18 Jul 2025 19:14:38 +0000
ROA not before:           Fri 18 Jul 2025 19:09:38 +0000
ROA not after:            Fri 17 Jul 2026 19:14:38 +0000
asID:                     7843
IP address blocks:        217.217.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:ea:29:4d:2c:93:25:b3:36:c4:55:7c:21:c3:40:25:50:ca:e4:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 18 19:09:38 2025 GMT
            Not After : Jul 17 19:14:38 2026 GMT
        Subject: CN=37815046BA64400B61BF4DEC4EBA5F111D77E65F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ba:3c:dd:3a:4b:20:ae:e7:76:d0:29:e8:c1:
                    39:4e:87:05:6d:8c:0d:07:e0:67:f9:0a:87:30:fa:
                    bc:3c:bb:20:9c:a2:e2:7d:6c:2a:7b:6f:12:9e:f4:
                    1e:a0:f7:85:49:46:65:6c:53:b9:6d:b0:1f:fa:e5:
                    9c:5d:ea:16:9d:3a:a7:6a:a4:11:c6:7e:3d:bc:03:
                    cf:ef:89:e5:53:7b:cf:b6:4f:98:e0:14:14:8c:0b:
                    8d:f7:df:9d:f0:d7:55:c6:06:6b:0d:c6:c2:86:72:
                    21:64:2b:64:2f:2c:f7:79:5a:44:da:bb:fb:3c:18:
                    3e:18:51:b1:97:24:d2:f8:a4:70:56:a4:c9:15:26:
                    3e:91:2e:52:b5:76:0a:6f:3b:19:82:e6:d5:94:ff:
                    da:e8:1a:55:9b:65:c9:12:85:64:c1:38:88:2e:6a:
                    a2:58:cb:94:8b:e1:f5:4e:30:f1:cf:5f:91:45:10:
                    63:e4:08:e2:f0:91:d2:de:b8:37:68:09:10:03:50:
                    d7:54:7c:f3:ba:16:c9:c2:15:e2:21:51:b4:fc:c6:
                    58:b2:d6:a8:c0:bb:0e:0c:5f:f6:ea:7a:55:78:96:
                    b0:2d:fe:38:b3:6b:a1:b2:73:10:10:89:9a:a7:92:
                    37:e4:60:00:57:30:1a:02:75:6b:fe:ec:95:1f:5d:
                    72:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:81:50:46:BA:64:40:0B:61:BF:4D:EC:4E:BA:5F:11:1D:77:E6:5F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e35322e302f32322d3234203d3e2037383433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:d8:1d:34:2f:2b:03:7e:aa:33:2c:2f:77:d9:a8:a3:20:d0:
         b3:59:e6:be:a8:8c:eb:80:de:9e:26:56:3c:b4:b2:07:7a:a8:
         cf:8c:95:fb:a8:b3:d3:7c:56:b7:96:89:9c:95:60:34:2c:28:
         e1:b8:a5:1e:8e:21:87:7e:e2:76:0d:69:67:71:00:b3:0f:57:
         44:da:5c:8d:36:b1:42:f8:83:b6:3f:02:03:58:f7:11:a7:a4:
         6c:9c:9e:b8:67:dc:09:62:2e:80:b1:61:9a:7a:a4:a6:bf:23:
         c4:57:59:2e:43:24:d4:77:40:8d:c8:42:fb:9c:55:ec:44:19:
         df:8b:ec:2a:13:77:7c:85:47:83:24:e3:5a:35:5d:ca:ba:5d:
         0e:4c:d0:e8:8a:93:93:ff:f5:78:7c:3b:a8:ef:bf:26:02:65:
         0e:b5:a3:3f:ab:e1:54:47:2b:7e:6f:6e:38:d4:44:fd:e1:08:
         a2:3f:08:ff:8e:6d:a5:36:3e:92:3c:33:b0:c7:ef:75:d1:ab:
         59:cc:a8:ef:5a:37:97:2f:67:ad:30:0d:20:9b:e9:b3:7e:ca:
         1d:65:d7:63:b6:8e:24:08:78:d0:e8:65:41:d8:49:d7:d3:05:
         f4:f1:fc:d8:74:7e:ca:74:a8:53:68:00:1b:ca:6b:67:4a:7f:
         47:47:de:f1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEuopTSyTJbM2xFV8IcNAJVDK5DYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTgxOTA5MzhaFw0yNjA3MTcxOTE0MzhaMDMxMTAvBgNV
BAMTKDM3ODE1MDQ2QkE2NDQwMEI2MUJGNERFQzRFQkE1RjExMUQ3N0U2NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5ujzdOksgrud20CnowTlOhwVt
jA0H4Gf5Cocw+rw8uyCcouJ9bCp7bxKe9B6g94VJRmVsU7ltsB/65Zxd6hadOqdq
pBHGfj28A8/vieVTe8+2T5jgFBSMC433353w11XGBmsNxsKGciFkK2QvLPd5WkTa
u/s8GD4YUbGXJNL4pHBWpMkVJj6RLlK1dgpvOxmC5tWU/9roGlWbZckShWTBOIgu
aqJYy5SL4fVOMPHPX5FFEGPkCOLwkdLeuDdoCRADUNdUfPO6FsnCFeIhUbT8xliy
1qjAuw4MX/bqelV4lrAt/jiza6GycxAQiZqnkjfkYABXMBoCdWv+7JUfXXLvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUN4FQRrpkQAthv03sTrpfER135l8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM1
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzM4MzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
NDANBgkqhkiG9w0BAQsFAAOCAQEAZtgdNC8rA36qMywvd9mooyDQs1nmvqiM64De
niZWPLSyB3qoz4yV+6iz03xWt5aJnJVgNCwo4bilHo4hh37idg1pZ3EAsw9XRNpc
jTaxQviDtj8CA1j3EaekbJyeuGfcCWIugLFhmnqkpr8jxFdZLkMk1HdAjchC+5xV
7EQZ34vsKhN3fIVHgyTjWjVdyrpdDkzQ6IqTk//1eHw7qO+/JgJlDrWjP6vhVEcr
fm9uONRE/eEIoj8I/45tpTY+kjwzsMfvddGrWcyo71o3ly9nrTANIJvps37KHWXX
Y7aOJAh40OhlQdhJ19MF9PH82HR+ynSoU2gAG8prZ0p/R0fe8Q==
-----END CERTIFICATE-----