Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e35362e302f32322d3234203d3e2032383536.roa
File:                     3231372e3231372e35362e302f32322d3234203d3e2032383536.roa (raw, json)
Hash identifier:          S9b8PZ/huC4DxCDRGiX50IbfNRJmLcpq9CizuTGHJcM=
Subject key identifier:   7E:F1:6E:03:EC:13:86:33:69:D9:E5:86:EF:AE:A5:38:28:C0:66:7C
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5462181576634150FEB9A29F0AB295BDF2CF2E0C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e35362e302f32322d3234203d3e2032383536.roa
Signing time:             Thu 17 Jul 2025 17:42:52 +0000
ROA not before:           Thu 17 Jul 2025 17:37:52 +0000
ROA not after:            Thu 16 Jul 2026 17:42:52 +0000
asID:                     2856
IP address blocks:        217.217.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:62:18:15:76:63:41:50:fe:b9:a2:9f:0a:b2:95:bd:f2:cf:2e:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 17 17:37:52 2025 GMT
            Not After : Jul 16 17:42:52 2026 GMT
        Subject: CN=7EF16E03EC13863369D9E586EFAEA53828C0667C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:e0:52:d6:84:6f:fc:8b:71:ad:66:5d:9b:a3:
                    aa:2b:dc:30:12:5c:66:21:b4:1f:bb:db:ef:f7:dc:
                    8d:db:ee:eb:82:0f:50:bc:65:2a:5c:ea:02:ac:4b:
                    aa:6b:51:5c:02:ac:29:d9:77:a2:2f:d2:dd:8b:77:
                    af:e6:01:64:ce:a9:cb:37:d7:10:62:27:6e:03:6d:
                    54:07:44:38:d4:c8:ae:89:12:26:fa:6d:40:b1:ec:
                    38:98:ac:a1:cc:0a:bb:9e:66:2e:1e:51:0e:a7:59:
                    26:9f:38:e6:00:09:e6:9d:8e:ab:68:6c:ab:cf:1c:
                    f1:af:16:34:98:59:03:ec:00:3c:f4:3f:c4:13:04:
                    bf:63:ad:db:01:95:3e:63:c3:8b:c4:bc:35:73:8c:
                    7c:bc:2a:fa:0b:4f:1e:8a:2d:98:4e:8a:f8:34:c1:
                    b4:aa:72:f7:01:76:3d:c9:32:d4:80:0b:d5:27:cc:
                    98:b2:7b:a1:06:39:2f:c5:23:f1:50:1c:72:aa:22:
                    ab:fd:21:42:73:3e:f5:27:01:2e:1c:16:e8:f1:ee:
                    7a:aa:9a:f7:51:91:74:81:20:08:11:68:cf:e3:4b:
                    39:b9:9f:3d:58:2b:59:b8:aa:e5:c3:9d:c5:1e:70:
                    94:7b:87:e2:89:cb:02:07:d3:67:a0:5c:68:14:e7:
                    42:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:F1:6E:03:EC:13:86:33:69:D9:E5:86:EF:AE:A5:38:28:C0:66:7C
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e35362e302f32322d3234203d3e2032383536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:64:f8:0d:8b:e8:b5:92:fc:b4:09:87:40:25:7c:db:92:75:
         55:11:03:7a:c4:18:e8:63:87:6e:c1:c9:b5:19:97:6e:74:bf:
         1c:f3:05:f3:3b:d0:2f:71:e1:d5:9d:bb:a0:02:1c:51:26:73:
         ab:85:4f:3f:82:c4:96:30:48:f7:f4:a0:0d:7f:f5:a5:24:bf:
         29:35:c8:4a:90:62:0a:f6:09:70:0d:0c:95:e3:ae:f7:a7:83:
         49:70:67:91:4a:a3:30:5d:4c:00:f0:26:2b:cf:a0:53:8f:22:
         69:5d:0a:92:19:9f:ea:66:93:91:be:00:62:9c:8b:65:b4:44:
         1b:b5:0c:6b:3d:86:d5:ee:e8:86:ac:7e:5e:77:14:d4:91:77:
         fd:c2:b2:dc:0d:b9:0b:57:fc:1d:bd:2c:1c:72:9a:41:3e:27:
         03:f6:c3:89:f9:8c:4c:a8:1c:ba:c5:10:a6:e7:e4:8e:f9:13:
         d4:53:ec:62:c1:21:c3:f0:c4:ed:2c:8b:d9:6b:c9:99:5f:60:
         11:b5:34:5f:85:ed:36:af:80:34:6b:0f:d3:df:77:bb:06:14:
         35:90:2c:43:13:c0:c5:3d:02:5f:59:60:6a:0b:73:ce:89:dd:
         1a:dd:ee:a2:11:77:16:99:7e:f6:96:8e:dd:2d:1f:a7:3e:1e:
         c4:66:eb:b9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVGIYFXZjQVD+uaKfCrKVvfLPLgwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTcxNzM3NTJaFw0yNjA3MTYxNzQyNTJaMDMxMTAvBgNV
BAMTKDdFRjE2RTAzRUMxMzg2MzM2OUQ5RTU4NkVGQUVBNTM4MjhDMDY2N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW4FLWhG/8i3GtZl2bo6or3DAS
XGYhtB+72+/33I3b7uuCD1C8ZSpc6gKsS6prUVwCrCnZd6Iv0t2Ld6/mAWTOqcs3
1xBiJ24DbVQHRDjUyK6JEib6bUCx7DiYrKHMCrueZi4eUQ6nWSafOOYACeadjqto
bKvPHPGvFjSYWQPsADz0P8QTBL9jrdsBlT5jw4vEvDVzjHy8KvoLTx6KLZhOivg0
wbSqcvcBdj3JMtSAC9UnzJiye6EGOS/FI/FQHHKqIqv9IUJzPvUnAS4cFujx7nqq
mvdRkXSBIAgRaM/jSzm5nz1YK1m4quXDncUecJR7h+KJywIH02egXGgU50LNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfvFuA+wThjNp2eWG766lOCjAZnwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM1
MzYyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjM4MzUzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
ODANBgkqhkiG9w0BAQsFAAOCAQEAaGT4DYvotZL8tAmHQCV825J1VREDesQY6GOH
bsHJtRmXbnS/HPMF8zvQL3Hh1Z27oAIcUSZzq4VPP4LEljBI9/SgDX/1pSS/KTXI
SpBiCvYJcA0MleOu96eDSXBnkUqjMF1MAPAmK8+gU48iaV0Kkhmf6maTkb4AYpyL
ZbREG7UMaz2G1e7ohqx+XncU1JF3/cKy3A25C1f8Hb0sHHKaQT4nA/bDifmMTKgc
usUQpufkjvkT1FPsYsEhw/DE7SyL2WvJmV9gEbU0X4XtNq+ANGsP0993uwYUNZAs
QxPAxT0CX1lgagtzzondGt3uohF3Fpl+9paO3S0fpz4exGbruQ==
-----END CERTIFICATE-----