Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36382e302f32322d3234203d3e2037383433.roa
File:                     3231372e3231372e36382e302f32322d3234203d3e2037383433.roa (raw, json)
Hash identifier:          uxiFDqIMbA3HLT+SKPGrskTa2yYFhd27bnC1HFK5cTA=
Subject key identifier:   47:CD:3D:4A:64:7F:4B:75:94:A0:F6:86:B3:D6:8F:FF:4D:D0:D8:35
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6E7150FD3E3770AED4FFDD89E98F92E587639AC4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36382e302f32322d3234203d3e2037383433.roa
Signing time:             Wed 23 Jul 2025 18:15:29 +0000
ROA not before:           Wed 23 Jul 2025 18:10:29 +0000
ROA not after:            Wed 22 Jul 2026 18:15:29 +0000
asID:                     7843
IP address blocks:        217.217.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:71:50:fd:3e:37:70:ae:d4:ff:dd:89:e9:8f:92:e5:87:63:9a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 23 18:10:29 2025 GMT
            Not After : Jul 22 18:15:29 2026 GMT
        Subject: CN=47CD3D4A647F4B7594A0F686B3D68FFF4DD0D835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:e9:31:24:b1:89:84:6d:98:18:59:b5:4b:
                    58:6b:4f:7f:90:a6:69:61:00:1e:bc:08:fb:fa:0d:
                    1a:96:27:6e:50:97:19:8e:94:30:7e:07:fa:bc:3e:
                    e0:0f:f5:ab:1c:c1:7f:3d:ad:aa:77:a1:9d:91:da:
                    12:d4:c3:03:f5:b6:5d:b1:a6:d1:69:7b:36:6f:2b:
                    7f:a5:03:f7:74:69:c7:75:50:ed:b1:48:be:91:37:
                    0f:c4:01:4f:a0:a5:f2:98:22:5b:6e:d9:36:65:84:
                    f5:31:73:99:0b:e7:93:01:47:a3:a7:97:a6:71:43:
                    80:0f:a3:62:d9:dd:06:64:bd:58:89:68:48:67:3e:
                    b1:64:bc:36:c8:66:c4:b5:4b:9a:c1:92:6e:be:54:
                    18:64:9c:0f:09:d1:42:c1:00:83:9d:99:39:ec:ee:
                    78:95:48:84:32:01:b1:2b:07:84:20:a1:42:95:91:
                    32:9a:2c:5c:19:fb:37:96:74:f0:ff:25:b9:f3:22:
                    1b:9b:67:c3:e8:94:ba:70:9a:36:a8:6b:1b:fc:24:
                    ef:f9:a0:3a:c3:7e:66:61:19:b8:5f:a8:d0:da:3c:
                    63:99:1b:28:0f:c5:c6:04:f6:df:40:52:0f:aa:f0:
                    c9:84:77:4e:03:97:d2:98:6d:6e:e0:e7:9a:32:d1:
                    5f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:CD:3D:4A:64:7F:4B:75:94:A0:F6:86:B3:D6:8F:FF:4D:D0:D8:35
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e36382e302f32322d3234203d3e2037383433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:f1:9c:3c:e8:b8:fb:bf:36:23:32:27:d0:36:b4:ea:37:f4:
         d5:f7:4d:9e:1e:8f:2f:e5:66:e9:da:e0:9e:9a:5f:a0:f4:d6:
         59:97:9d:23:b4:f6:bf:64:29:bd:54:3f:58:ab:6b:b7:c8:00:
         4f:0f:73:af:6a:8c:17:82:df:43:0b:3a:6d:4d:18:8d:27:c5:
         95:0e:f3:52:4f:7a:e2:f0:1c:79:45:ad:41:f6:3b:d6:44:03:
         18:17:0f:69:9f:36:29:da:c5:52:9c:a3:2f:f7:3a:7e:7d:6f:
         7e:f2:84:c6:3d:37:42:1d:ec:d2:78:ca:36:79:c4:cf:ef:fc:
         4f:1c:3f:ef:d5:14:55:30:83:50:62:34:95:10:23:3a:f0:76:
         b6:e3:a4:04:c3:63:5f:75:27:80:96:77:98:c8:a0:70:a1:ca:
         39:45:47:03:54:39:e2:b0:c5:ad:c9:ab:04:c7:9d:49:e0:cf:
         b7:07:b3:a2:d3:6b:00:29:f0:1d:84:c8:8a:64:05:a9:19:52:
         b4:d8:db:a2:06:4b:95:be:29:3c:bf:2a:69:84:35:bc:74:55:
         f0:dd:a6:c1:cb:88:03:5a:8f:d0:2b:ab:08:26:99:4a:4e:c8:
         7a:d6:8c:f4:25:c4:09:6b:15:b6:7e:cc:4d:e8:f7:b8:87:16:
         c2:67:8f:e5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbnFQ/T43cK7U/92J6Y+S5YdjmsQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MjMxODEwMjlaFw0yNjA3MjIxODE1MjlaMDMxMTAvBgNV
BAMTKDQ3Q0QzRDRBNjQ3RjRCNzU5NEEwRjY4NkIzRDY4RkZGNEREMEQ4MzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2KukxJLGJhG2YGFm1S1hrT3+Q
pmlhAB68CPv6DRqWJ25QlxmOlDB+B/q8PuAP9ascwX89rap3oZ2R2hLUwwP1tl2x
ptFpezZvK3+lA/d0acd1UO2xSL6RNw/EAU+gpfKYIltu2TZlhPUxc5kL55MBR6On
l6ZxQ4APo2LZ3QZkvViJaEhnPrFkvDbIZsS1S5rBkm6+VBhknA8J0ULBAIOdmTns
7niVSIQyAbErB4QgoUKVkTKaLFwZ+zeWdPD/JbnzIhubZ8PolLpwmjaoaxv8JO/5
oDrDfmZhGbhfqNDaPGOZGygPxcYE9t9AUg+q8MmEd04Dl9KYbW7g55oy0V8rAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUR809SmR/S3WUoPaGs9aP/03Q2DUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTM2
MzgyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzM4MzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtnZ
RDANBgkqhkiG9w0BAQsFAAOCAQEAEPGcPOi4+782IzIn0Da06jf01fdNnh6PL+Vm
6drgnppfoPTWWZedI7T2v2QpvVQ/WKtrt8gATw9zr2qMF4LfQws6bU0YjSfFlQ7z
Uk964vAceUWtQfY71kQDGBcPaZ82KdrFUpyjL/c6fn1vfvKExj03Qh3s0njKNnnE
z+/8Txw/79UUVTCDUGI0lRAjOvB2tuOkBMNjX3UngJZ3mMigcKHKOUVHA1Q54rDF
rcmrBMedSeDPtwezotNrACnwHYTIimQFqRlStNjbogZLlb4pPL8qaYQ1vHRV8N2m
wcuIA1qP0CurCCaZSk7IetaM9CXECWsVtn7MTej3uIcWwmeP5Q==
-----END CERTIFICATE-----