Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36342e302f32322d3234203d3e2037383433.roa
File:                     3231372e3231372e36342e302f32322d3234203d3e2037383433.roa (raw, json)
Hash identifier:          hvshdXq2+e9Keu2Vly2K4XRdwJFalGOKqNEqHb8pMGs=
Subject key identifier:   6E:3B:93:A1:32:3C:F1:F6:60:7C:59:04:C0:C4:D2:D6:41:A1:2B:55
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2E1A91D832A299D3F9DFF8F690F22820695EE1E4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36342e302f32322d3234203d3e2037383433.roa
Signing time:             Wed 23 Jul 2025 18:15:31 +0000
ROA not before:           Wed 23 Jul 2025 18:10:31 +0000
ROA not after:            Wed 22 Jul 2026 18:15:31 +0000
asID:                     7843
IP address blocks:        217.217.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:1a:91:d8:32:a2:99:d3:f9:df:f8:f6:90:f2:28:20:69:5e:e1:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 23 18:10:31 2025 GMT
            Not After : Jul 22 18:15:31 2026 GMT
        Subject: CN=6E3B93A1323CF1F6607C5904C0C4D2D641A12B55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:32:89:19:4c:71:84:f4:ce:d3:ac:d4:c9:aa:
                    20:0c:48:d5:ff:02:23:0d:1a:4f:f4:02:9a:8f:f3:
                    48:cf:8f:f9:08:1b:0e:66:70:80:84:1f:93:29:2d:
                    70:2a:22:98:5c:17:77:dc:7e:49:e6:c0:e5:8d:21:
                    44:60:5b:c4:8f:28:cd:c5:c2:7f:74:b4:4c:55:13:
                    66:05:ce:b7:3c:b7:65:79:11:2a:a7:96:e0:d3:21:
                    cb:64:9b:1b:12:28:01:36:b3:68:d8:d7:ee:ed:16:
                    65:00:b4:b7:92:2b:c7:bc:56:78:27:f7:84:b9:28:
                    63:06:46:e3:1c:c8:4f:a7:dd:0d:16:2f:7e:90:0f:
                    56:ea:b0:17:ff:f9:73:8b:d6:97:09:e8:96:d5:ab:
                    df:bd:a8:e0:b5:5d:f4:d7:6d:be:b8:f2:b3:a1:6f:
                    fa:a0:d1:7f:51:dd:89:0a:c0:6b:37:38:d8:30:8b:
                    8b:1d:fe:b6:07:13:0c:b2:e8:2f:0a:97:b8:d9:59:
                    e9:33:f9:e4:b9:92:e9:4e:51:81:12:28:93:56:36:
                    40:7c:49:b8:3c:e8:69:0e:46:1e:3b:79:1a:8a:91:
                    df:2c:27:12:7e:b9:cd:93:d0:de:e1:1e:fc:48:a3:
                    ae:a8:bc:02:37:63:ce:bd:45:dc:51:82:1c:dc:40:
                    32:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:3B:93:A1:32:3C:F1:F6:60:7C:59:04:C0:C4:D2:D6:41:A1:2B:55
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36342e302f32322d3234203d3e2037383433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:04:0b:1e:2c:fd:81:3c:41:ab:a5:d6:72:d2:ef:95:55:8b:
         41:35:db:e2:1d:56:ee:4f:ff:b1:2d:ca:87:38:09:38:b9:8a:
         14:cf:71:3e:b7:61:82:37:a7:63:bc:8f:bf:a9:37:47:82:48:
         44:5d:58:38:41:21:d2:ab:6b:42:b4:b9:89:a3:05:16:75:e5:
         00:9b:37:18:55:21:a3:0f:7f:26:48:1b:7d:35:80:3b:e5:5b:
         31:74:c6:78:f8:88:3c:82:aa:9f:0b:d6:f6:93:0c:cb:ef:87:
         e4:3d:8d:e1:d7:59:7a:d3:8b:bd:b0:1b:eb:4b:75:35:24:a1:
         5c:90:e2:7a:64:c5:77:df:39:5c:ca:4a:bf:1c:04:2d:0d:83:
         30:61:8b:58:ba:0c:f1:06:cb:55:1c:e3:84:26:05:ac:7f:a8:
         a3:23:16:c7:cb:6e:1a:24:7c:cf:48:6b:7a:15:2a:06:38:6c:
         f3:8f:7f:ca:f0:4d:d6:16:35:b1:f0:31:ad:4e:da:3c:61:ca:
         e6:dc:0f:7d:44:c0:e0:63:d7:db:08:1b:ac:5a:d9:90:8d:a7:
         7c:6c:2f:b9:7c:b6:40:dc:dc:6b:61:c5:86:4c:f2:37:64:c1:
         ef:04:3c:d3:89:5f:9c:6e:8d:81:94:89:c4:14:0e:fa:d5:f9:
         c3:4a:20:3a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULhqR2DKimdP53/j2kPIoIGle4eQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjMxODEwMzFaFw0yNjA3MjIxODE1MzFaMDMxMTAvBgNV
BAMTKDZFM0I5M0ExMzIzQ0YxRjY2MDdDNTkwNEMwQzREMkQ2NDFBMTJCNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSMokZTHGE9M7TrNTJqiAMSNX/
AiMNGk/0ApqP80jPj/kIGw5mcICEH5MpLXAqIphcF3fcfknmwOWNIURgW8SPKM3F
wn90tExVE2YFzrc8t2V5ESqnluDTIctkmxsSKAE2s2jY1+7tFmUAtLeSK8e8Vngn
94S5KGMGRuMcyE+n3Q0WL36QD1bqsBf/+XOL1pcJ6JbVq9+9qOC1XfTXbb648rOh
b/qg0X9R3YkKwGs3ONgwi4sd/rYHEwyy6C8Kl7jZWekz+eS5kulOUYESKJNWNkB8
Sbg86GkORh47eRqKkd8sJxJ+uc2T0N7hHvxIo66ovAI3Y869RdxRghzcQDLpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbjuToTI88fZgfFkEwMTS1kGhK1UwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM2
MzQyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzM4MzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
QDANBgkqhkiG9w0BAQsFAAOCAQEAPAQLHiz9gTxBq6XWctLvlVWLQTXb4h1W7k//
sS3KhzgJOLmKFM9xPrdhgjenY7yPv6k3R4JIRF1YOEEh0qtrQrS5iaMFFnXlAJs3
GFUhow9/JkgbfTWAO+VbMXTGePiIPIKqnwvW9pMMy++H5D2N4ddZetOLvbAb60t1
NSShXJDiemTFd985XMpKvxwELQ2DMGGLWLoM8QbLVRzjhCYFrH+ooyMWx8tuGiR8
z0hrehUqBjhs849/yvBN1hY1sfAxrU7aPGHK5twPfUTA4GPX2wgbrFrZkI2nfGwv
uXy2QNzca2HFhkzyN2TB7wQ804lfnG6NgZSJxBQO+tX5w0ogOg==
-----END CERTIFICATE-----