Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36342e302f32322d3234203d3e2037303239.roa
File:                     3231372e3231372e36342e302f32322d3234203d3e2037303239.roa (raw, json)
Hash identifier:          KtBsLohll1QRLjGQSYBD97ElTnJAoZLD01sOoALDg3E=
Subject key identifier:   0D:99:C2:19:D7:C5:B4:3B:81:A0:24:3C:86:96:34:62:C8:88:4F:4B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5626EFD484AD671943D06DC66B3D190B0A20521D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36342e302f32322d3234203d3e2037303239.roa
Signing time:             Wed 23 Jul 2025 18:15:29 +0000
ROA not before:           Wed 23 Jul 2025 18:10:29 +0000
ROA not after:            Wed 22 Jul 2026 18:15:29 +0000
asID:                     7029
IP address blocks:        217.217.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:26:ef:d4:84:ad:67:19:43:d0:6d:c6:6b:3d:19:0b:0a:20:52:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 23 18:10:29 2025 GMT
            Not After : Jul 22 18:15:29 2026 GMT
        Subject: CN=0D99C219D7C5B43B81A0243C86963462C8884F4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1c:c3:c7:5f:5b:8e:6f:98:53:26:95:02:7b:
                    39:d2:5f:a4:76:d1:cf:0b:87:56:06:91:f5:2d:3c:
                    97:aa:88:f4:53:16:9f:b0:27:44:e8:58:be:f6:02:
                    ef:bb:76:0f:a9:a0:0e:98:ec:5f:9b:d8:97:93:ce:
                    b6:63:db:8c:7f:84:10:b4:a3:49:14:67:70:fd:52:
                    35:39:96:c7:0b:2a:f7:e6:87:97:e9:ff:71:c5:43:
                    61:9d:27:df:2c:00:e9:b8:9d:d0:24:d6:de:05:7f:
                    32:b6:06:21:01:b4:f7:9b:bc:78:0d:c7:f0:5b:8f:
                    59:51:06:f0:2d:77:a1:24:e4:4c:4a:da:3f:c9:4c:
                    ec:5d:2d:ea:c5:cc:f5:69:a5:1e:86:01:b0:f0:40:
                    44:43:6e:64:57:90:81:2b:09:1d:7e:ad:d6:75:ba:
                    06:a5:e7:db:8f:f8:e0:02:60:ad:4e:0b:dd:f3:b4:
                    0a:88:9d:4e:ae:a8:d3:c3:e3:09:1d:78:4b:e5:7f:
                    ab:80:18:6e:15:2b:fe:76:cb:12:02:2b:eb:e3:7a:
                    fb:ad:c2:5a:4d:f3:8f:32:1a:34:95:3f:f3:1f:c6:
                    98:4e:ad:57:f9:15:b0:bb:54:03:d4:51:77:3f:10:
                    f3:ef:85:3e:46:fd:3e:0d:e4:9e:06:b3:41:b1:55:
                    8d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:99:C2:19:D7:C5:B4:3B:81:A0:24:3C:86:96:34:62:C8:88:4F:4B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36342e302f32322d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:a2:2e:de:e1:06:9e:b3:55:2e:07:17:6f:3b:82:b1:8a:d0:
         1a:f3:bb:09:ed:5f:e8:65:6f:62:8a:2c:53:3c:9e:ff:4d:bf:
         c0:04:96:75:b0:24:d5:17:4f:68:ab:d2:5f:a9:e1:49:57:ee:
         14:34:fe:e9:8d:dd:9d:a1:42:68:38:0f:95:71:d4:a6:80:6d:
         42:f7:5f:aa:f7:29:89:7a:02:56:fc:5c:c8:a4:e3:c0:44:bd:
         3e:70:c0:e5:67:7e:07:1a:c7:3b:8f:dd:40:dc:2f:f2:78:b9:
         ef:2b:bd:94:1b:34:8b:7e:57:35:e0:2f:31:59:2f:69:b6:52:
         f4:9d:98:11:a2:44:f9:17:0f:ed:7b:e6:41:f2:e7:dc:de:25:
         8a:d3:26:32:4e:56:8b:91:10:6d:22:bb:d3:67:9c:01:b0:76:
         0c:38:a7:c5:0a:41:e3:38:3f:ad:74:e3:28:13:c0:f8:ab:81:
         90:ef:dd:f8:d9:49:b2:e0:c4:9c:fc:72:8c:65:07:61:c9:13:
         20:7f:e9:be:9d:69:da:91:b2:f0:ac:ac:58:58:19:29:40:15:
         fd:76:a5:80:aa:96:c3:08:3c:0f:35:7a:88:d3:d2:1a:92:66:
         fc:04:74:b9:ca:f5:84:a4:81:9f:b2:0c:ee:2d:bd:c9:90:ce:
         33:e5:8c:fc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVibv1IStZxlD0G3Gaz0ZCwogUh0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjMxODEwMjlaFw0yNjA3MjIxODE1MjlaMDMxMTAvBgNV
BAMTKDBEOTlDMjE5RDdDNUI0M0I4MUEwMjQzQzg2OTYzNDYyQzg4ODRGNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiHMPHX1uOb5hTJpUCeznSX6R2
0c8Lh1YGkfUtPJeqiPRTFp+wJ0ToWL72Au+7dg+poA6Y7F+b2JeTzrZj24x/hBC0
o0kUZ3D9UjU5lscLKvfmh5fp/3HFQ2GdJ98sAOm4ndAk1t4FfzK2BiEBtPebvHgN
x/Bbj1lRBvAtd6Ek5ExK2j/JTOxdLerFzPVppR6GAbDwQERDbmRXkIErCR1+rdZ1
ugal59uP+OACYK1OC93ztAqInU6uqNPD4wkdeEvlf6uAGG4VK/52yxICK+vjevut
wlpN848yGjSVP/MfxphOrVf5FbC7VAPUUXc/EPPvhT5G/T4N5J4Gs0GxVY2pAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDZnCGdfFtDuBoCQ8hpY0YsiIT0swHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM2
MzQyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzMwMzIzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
QDANBgkqhkiG9w0BAQsFAAOCAQEAlKIu3uEGnrNVLgcXbzuCsYrQGvO7Ce1f6GVv
YoosUzye/02/wASWdbAk1RdPaKvSX6nhSVfuFDT+6Y3dnaFCaDgPlXHUpoBtQvdf
qvcpiXoCVvxcyKTjwES9PnDA5Wd+BxrHO4/dQNwv8ni57yu9lBs0i35XNeAvMVkv
abZS9J2YEaJE+RcP7XvmQfLn3N4litMmMk5Wi5EQbSK702ecAbB2DDinxQpB4zg/
rXTjKBPA+KuBkO/d+NlJsuDEnPxyjGUHYckTIH/pvp1p2pGy8KysWFgZKUAV/Xal
gKqWwwg8DzV6iNPSGpJm/AR0ucr1hKSBn7IM7i29yZDOM+WM/A==
-----END CERTIFICATE-----