Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31302e302f32342d3234203d3e20383334.roa
File:                     3231372e32352e31302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          8dkRhViDL6svksS7wszcUnYLTFZf0MLMOb3PDwzqRgU=
Subject key identifier:   2E:A1:C7:A2:63:31:88:C9:F5:00:69:9B:BB:DC:2D:15:17:CF:63:F5
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       3A56EB867D862812CA0D4DCE9228DD8421F5E888
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31302e302f32342d3234203d3e20383334.roa
Signing time:             Sat 23 May 2026 04:07:28 +0000
ROA not before:           Sat 23 May 2026 04:02:28 +0000
ROA not after:            Sat 22 May 2027 04:07:28 +0000
asID:                     834
IP address blocks:        217.25.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 20:36:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:56:eb:86:7d:86:28:12:ca:0d:4d:ce:92:28:dd:84:21:f5:e8:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May 23 04:02:28 2026 GMT
            Not After : May 22 04:07:28 2027 GMT
        Subject: CN=2EA1C7A2633188C9F500699BBBDC2D1517CF63F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:85:c1:f9:4d:8d:c2:0d:26:d2:17:cf:7c:b4:
                    94:7a:58:13:dc:75:d8:21:6d:b9:b2:59:cc:4d:4e:
                    f7:38:53:fe:3e:7c:af:8f:34:da:93:33:e6:86:80:
                    3f:7d:9c:ca:a2:7d:8b:2f:06:2c:92:b6:fc:d9:69:
                    98:f7:fd:01:43:18:72:92:c4:e8:9f:55:b3:05:7a:
                    92:0e:fc:ed:ad:97:6f:9a:af:b3:87:c9:06:bd:ca:
                    f1:1d:8f:f2:80:ee:78:16:eb:58:ed:96:dc:87:35:
                    84:dc:b4:ee:b0:83:8a:04:f2:38:19:e0:b2:ad:c9:
                    cb:94:99:58:8d:be:ac:03:de:da:0e:60:87:ce:26:
                    07:59:b4:5c:7e:dd:27:d4:fa:9c:ee:0c:9c:cb:c0:
                    fc:fe:72:54:f5:b5:d8:7c:df:c1:13:ae:ba:b3:b5:
                    0e:11:87:50:dc:25:56:9f:e2:d9:b3:60:60:62:f1:
                    e3:70:1d:50:d6:15:34:d1:e5:c1:fe:86:55:88:f6:
                    50:f3:69:54:7a:de:08:36:f5:a5:d2:93:65:15:27:
                    75:c6:aa:e3:fa:a1:76:e1:32:df:59:f4:3f:1e:c6:
                    7d:99:b8:3b:42:e4:48:d9:5b:65:3b:4c:1d:53:22:
                    7f:a7:ac:be:72:a1:00:90:e1:07:59:07:a4:a1:df:
                    d6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A1:C7:A2:63:31:88:C9:F5:00:69:9B:BB:DC:2D:15:17:CF:63:F5
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:95:b9:52:90:7d:4c:ad:6e:08:05:98:24:8b:a4:e5:0c:3a:
         ab:0b:f1:9a:12:29:45:66:e7:e1:60:44:f5:66:fe:46:cb:04:
         f8:f9:7e:28:c6:49:17:ed:e1:84:f7:63:f6:8f:a8:8e:cc:12:
         5e:30:03:ca:df:21:f6:48:3d:11:5f:6e:f3:6f:d1:9d:30:e4:
         a5:36:b2:18:45:7d:94:94:c6:fe:8d:2d:67:95:8e:e6:b2:f4:
         43:8d:0f:e0:a9:59:d8:5c:ea:67:86:12:a9:c8:7f:df:39:c4:
         51:eb:20:d0:72:e9:38:4c:61:9b:3c:f5:98:c6:94:c2:16:2b:
         20:4e:20:55:f8:53:74:dd:2e:35:e7:65:22:a1:da:a3:36:d4:
         12:77:e0:58:51:1c:8a:4b:fb:23:2c:29:c9:73:44:90:9e:82:
         d4:44:a1:9e:a8:0d:94:4c:73:0a:ab:d1:66:d0:c6:17:5e:5a:
         d2:62:4c:2d:8d:4a:c0:d6:72:d4:68:41:43:d8:89:41:a4:01:
         4d:12:9b:d9:90:ff:30:dc:67:2e:66:41:c3:cb:5e:a3:4b:70:
         83:62:a6:da:c0:65:3c:85:1a:35:47:16:3d:3b:fb:61:8e:df:
         38:7b:16:20:c1:60:85:14:07:d7:8f:15:71:57:aa:b3:19:8b:
         26:5d:52:9b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUOlbrhn2GKBLKDU3OkijdhCH16IgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MjMwNDAyMjhaFw0yNzA1MjIwNDA3MjhaMDMxMTAvBgNV
BAMTKDJFQTFDN0EyNjMzMTg4QzlGNTAwNjk5QkJCREMyRDE1MTdDRjYzRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbhcH5TY3CDSbSF898tJR6WBPc
ddghbbmyWcxNTvc4U/4+fK+PNNqTM+aGgD99nMqifYsvBiyStvzZaZj3/QFDGHKS
xOifVbMFepIO/O2tl2+ar7OHyQa9yvEdj/KA7ngW61jtltyHNYTctO6wg4oE8jgZ
4LKtycuUmViNvqwD3toOYIfOJgdZtFx+3SfU+pzuDJzLwPz+clT1tdh838ETrrqz
tQ4Rh1DcJVaf4tmzYGBi8eNwHVDWFTTR5cH+hlWI9lDzaVR63gg29aXSk2UVJ3XG
quP6oXbhMt9Z9D8exn2ZuDtC5EjZW2U7TB1TIn+nrL5yoQCQ4QdZB6Sh39Z3AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQULqHHomMxiMn1AGmbu9wtFRfPY/UwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RkKMA0G
CSqGSIb3DQEBCwUAA4IBAQALlblSkH1MrW4IBZgki6TlDDqrC/GaEilFZufhYET1
Zv5GywT4+X4oxkkX7eGE92P2j6iOzBJeMAPK3yH2SD0RX27zb9GdMOSlNrIYRX2U
lMb+jS1nlY7msvRDjQ/gqVnYXOpnhhKpyH/fOcRR6yDQcuk4TGGbPPWYxpTCFisg
TiBV+FN03S4152UiodqjNtQSd+BYURyKS/sjLCnJc0SQnoLURKGeqA2UTHMKq9Fm
0MYXXlrSYkwtjUrA1nLUaEFD2IlBpAFNEpvZkP8w3GcuZkHDy16jS3CDYqbawGU8
hRo1RxY9O/thjt84exYgwWCFFAfXjxVxV6qzGYsmXVKb
-----END CERTIFICATE-----