Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3231322e31372e3232342e302f31392d3234203d3e2038383230.roa
File:                     3231322e31372e3232342e302f31392d3234203d3e2038383230.roa (raw, json)
Hash identifier:          IMkviRlqHvonpHb2XG2utg7rCy+qP/74JF3yJ3ENAQg=
Subject key identifier:   F3:39:3F:84:6F:E1:A3:10:2D:6C:6F:A9:1C:09:B1:61:D7:CC:F1:3B
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       2284443ED25F56FC8CCA9309C7DFB0209B2606FE
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3231322e31372e3232342e302f31392d3234203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:04 +0000
ROA not before:           Thu 04 Sep 2025 10:35:04 +0000
ROA not after:            Thu 03 Sep 2026 10:40:04 +0000
asID:                     8820
IP address blocks:        212.17.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:84:44:3e:d2:5f:56:fc:8c:ca:93:09:c7:df:b0:20:9b:26:06:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:04 2025 GMT
            Not After : Sep  3 10:40:04 2026 GMT
        Subject: CN=F3393F846FE1A3102D6C6FA91C09B161D7CCF13B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:29:6a:81:f9:b8:b0:1c:6a:43:71:d4:4e:27:
                    fa:9b:53:1d:ad:43:84:07:17:f9:33:a0:23:3c:0d:
                    87:ea:f2:6c:45:28:20:94:97:47:8f:80:e4:31:85:
                    7e:a3:0a:1a:a6:2a:d8:15:86:d2:8c:4c:f7:c6:e0:
                    cb:f3:52:60:a7:d1:71:da:4e:13:78:de:b8:d3:e8:
                    b1:50:67:f1:5e:c4:bc:ba:67:75:95:8f:f7:d3:91:
                    db:55:3f:aa:5d:2a:ef:d2:9d:a1:16:87:00:8c:26:
                    68:c7:36:59:43:83:88:41:a2:2a:ea:d6:44:92:57:
                    89:e1:8a:56:f4:fd:b9:50:58:5e:14:2d:fb:14:ae:
                    8e:22:ed:0e:c8:69:67:aa:1a:8b:cc:ba:56:7a:05:
                    54:2b:51:66:60:ff:88:95:48:92:15:f5:e0:88:f2:
                    b2:c3:4f:fc:53:84:6a:65:3b:bc:89:00:68:18:07:
                    53:2d:71:d2:88:77:01:a5:e7:c0:b6:01:45:27:1a:
                    75:a6:1b:0f:80:cb:38:bd:51:3c:46:90:fa:f5:b3:
                    2d:09:ed:7d:4d:e0:15:e8:cc:4a:1d:64:be:5e:8e:
                    6a:18:df:b2:0a:b5:46:db:88:19:4a:aa:ca:46:ee:
                    b4:e3:10:39:56:db:a5:1a:b7:76:ac:5d:31:a4:80:
                    9a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:39:3F:84:6F:E1:A3:10:2D:6C:6F:A9:1C:09:B1:61:D7:CC:F1:3B
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3231322e31372e3232342e302f31392d3234203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.17.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2d:13:92:1f:2e:57:98:08:90:18:13:e7:8c:f0:b9:d7:9f:50:
         88:7e:91:bf:8c:de:47:ea:64:4b:48:ed:e0:f0:6d:20:82:b5:
         13:f4:6e:0e:ff:c4:51:5e:7b:b3:91:03:b2:5f:f6:0a:e4:71:
         4b:a9:84:ff:1d:03:31:c1:86:c5:94:7d:47:d3:9e:9b:9d:ec:
         a7:99:15:68:09:b8:d9:eb:0c:b5:5c:1f:3f:72:e6:d1:b3:7e:
         65:05:26:a7:26:8b:40:61:c6:4b:56:8f:e7:0d:d2:cb:fc:b6:
         06:68:07:39:56:b9:ed:76:35:1f:c5:bd:ad:cf:7d:6d:0a:18:
         4b:ee:18:97:53:d7:8c:1b:54:2a:f7:8c:60:1d:08:83:1d:72:
         54:bc:29:64:2e:b7:c8:41:09:20:f5:59:56:bd:5a:6b:d5:80:
         e5:24:b1:f6:44:60:10:df:a3:d9:67:1b:97:fa:c8:a0:41:3d:
         b0:1b:ff:02:65:57:07:2e:09:7c:76:82:9a:54:8b:29:0e:05:
         07:18:10:30:24:d5:b5:f5:40:0b:4f:70:24:7f:32:81:32:98:
         5a:49:f9:a7:f7:cd:a4:d2:5e:56:f2:07:01:6d:5a:15:13:06:
         44:68:1f:44:d3:b6:53:c6:27:59:b4:26:11:2a:76:37:fd:6a:
         7a:ca:0c:bb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIoREPtJfVvyMypMJx9+wIJsmBv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDRaFw0yNjA5MDMxMDQwMDRaMDMxMTAvBgNV
BAMTKEYzMzkzRjg0NkZFMUEzMTAyRDZDNkZBOTFDMDlCMTYxRDdDQ0YxM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9KWqB+biwHGpDcdROJ/qbUx2t
Q4QHF/kzoCM8DYfq8mxFKCCUl0ePgOQxhX6jChqmKtgVhtKMTPfG4MvzUmCn0XHa
ThN43rjT6LFQZ/FexLy6Z3WVj/fTkdtVP6pdKu/SnaEWhwCMJmjHNllDg4hBoirq
1kSSV4nhilb0/blQWF4ULfsUro4i7Q7IaWeqGovMulZ6BVQrUWZg/4iVSJIV9eCI
8rLDT/xThGplO7yJAGgYB1MtcdKIdwGl58C2AUUnGnWmGw+Ayzi9UTxGkPr1sy0J
7X1N4BXozEodZL5ejmoY37IKtUbbiBlKqspG7rTjEDlW26Uat3asXTGkgJr/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8zk/hG/hoxAtbG+pHAmxYdfM8TswHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzIzMTMyMmUzMTM3MmUzMjMy
MzQyZTMwMmYzMTM5MmQzMjM0MjAzZDNlMjAzODM4MzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBdQR
4DANBgkqhkiG9w0BAQsFAAOCAQEALROSHy5XmAiQGBPnjPC5159QiH6Rv4zeR+pk
S0jt4PBtIIK1E/RuDv/EUV57s5EDsl/2CuRxS6mE/x0DMcGGxZR9R9Oem53sp5kV
aAm42esMtVwfP3Lm0bN+ZQUmpyaLQGHGS1aP5w3Sy/y2BmgHOVa57XY1H8W9rc99
bQoYS+4Yl1PXjBtUKveMYB0Igx1yVLwpZC63yEEJIPVZVr1aa9WA5SSx9kRgEN+j
2Wcbl/rIoEE9sBv/AmVXBy4JfHaCmlSLKQ4FBxgQMCTVtfVAC09wJH8ygTKYWkn5
p/fNpNJeVvIHAW1aFRMGRGgfRNO2U8YnWbQmESp2N/1qesoMuw==
-----END CERTIFICATE-----