Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31322e302f32342d3234203d3e203533333536.roa
File:                     3231372e32352e31322e302f32342d3234203d3e203533333536.roa (raw, json)
Hash identifier:          ISZePjQZHgjZYw73RzwsKrdIyiH3v0ys4nWleWv3vxk=
Subject key identifier:   57:69:B0:78:51:DA:AD:A9:F7:2B:0E:19:63:5B:A6:FA:8C:FC:86:EA
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       59689320B744CBE1D800F0F73AA77893B39496CE
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31322e302f32342d3234203d3e203533333536.roa
Signing time:             Mon 02 Mar 2026 11:38:37 +0000
ROA not before:           Mon 02 Mar 2026 11:33:37 +0000
ROA not after:            Mon 01 Mar 2027 11:38:37 +0000
asID:                     53356
IP address blocks:        217.25.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:68:93:20:b7:44:cb:e1:d8:00:f0:f7:3a:a7:78:93:b3:94:96:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:37 2026 GMT
            Not After : Mar  1 11:38:37 2027 GMT
        Subject: CN=5769B07851DAADA9F72B0E19635BA6FA8CFC86EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f4:ad:99:27:6d:d5:1e:84:ac:80:66:af:14:
                    3b:64:cd:d6:8b:e4:7c:86:11:6b:af:6a:e4:49:45:
                    3f:0f:11:15:8e:f5:6e:bd:15:e5:b7:c2:75:3a:f4:
                    b1:3a:e7:2c:ec:2c:a9:92:39:7f:42:ab:0a:8c:c8:
                    2b:1b:00:ee:22:62:ac:1b:d4:c0:d8:c2:6e:26:2e:
                    c7:17:bb:bb:aa:cf:93:5e:0a:47:01:48:2b:0e:f9:
                    a8:4b:60:34:e3:6e:e5:0f:f5:43:ff:c4:fb:3d:71:
                    64:7e:4b:68:d2:60:b4:6d:c1:64:dd:41:79:70:d5:
                    c9:32:87:02:b5:63:bd:d2:18:de:81:ae:03:cb:23:
                    91:ba:9b:d3:ec:46:34:ec:e2:66:ec:3d:5b:a1:fa:
                    3d:25:a7:9c:b4:8c:79:c8:e3:8d:23:24:a5:82:8e:
                    8f:37:10:26:15:a1:96:b7:61:d9:bf:40:58:42:49:
                    d7:43:12:de:4e:e4:76:71:9e:dd:1e:13:ed:4d:92:
                    57:bc:28:b3:eb:6a:34:20:96:4a:81:6e:59:a9:59:
                    ea:88:11:cd:fc:c3:66:35:41:f9:0f:47:48:10:1d:
                    25:a0:1a:14:c0:6e:23:47:57:e5:af:ea:e3:0c:65:
                    27:23:4d:01:4a:74:bc:44:1c:e2:49:fa:8c:65:cb:
                    f1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:69:B0:78:51:DA:AD:A9:F7:2B:0E:19:63:5B:A6:FA:8C:FC:86:EA
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31322e302f32342d3234203d3e203533333536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:d0:44:78:56:73:aa:c5:0f:50:3d:67:44:bf:f9:ee:c6:89:
         31:9a:b2:ca:eb:d0:27:e0:93:4d:cc:42:c1:e6:d5:42:b0:78:
         8f:67:92:9c:c1:fc:a3:38:3f:2e:38:83:fc:ea:4f:5a:a5:3f:
         df:47:23:ea:6e:37:62:7c:e2:07:34:57:4b:3e:6a:88:6b:13:
         5e:d1:d1:43:c1:f2:67:eb:f7:c9:b8:2c:5c:dd:f7:d4:4c:50:
         b4:4b:f0:e7:8b:d4:00:66:d9:75:4f:a6:37:80:24:f0:e2:1e:
         72:6b:22:25:ca:9d:5a:32:5b:37:d9:58:5b:42:ee:21:f7:ae:
         67:58:29:03:fb:b9:f9:ac:bc:71:ab:37:fb:6c:1d:00:ed:2c:
         d9:3a:62:2c:13:a7:62:b4:72:d7:7b:51:3e:66:1e:2c:17:0c:
         e1:0e:22:24:a3:9c:9d:1f:26:c5:62:ec:76:f6:8f:3a:79:60:
         92:e9:4f:ff:62:2b:81:06:81:05:02:04:01:75:29:1a:d6:86:
         fa:aa:a0:92:c0:96:75:01:19:18:d0:7b:ab:c0:2b:db:3e:82:
         bd:48:b0:6c:3d:7e:52:ee:28:40:6b:27:3f:1f:77:b2:f0:6f:
         62:5e:28:27:2b:80:0b:ef:dd:d6:dc:7d:88:bc:c4:8d:31:46:
         c5:cb:bc:ad
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWWiTILdEy+HYAPD3Oqd4k7OUls4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzdaFw0yNzAzMDExMTM4MzdaMDMxMTAvBgNV
BAMTKDU3NjlCMDc4NTFEQUFEQTlGNzJCMEUxOTYzNUJBNkZBOENGQzg2RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+9K2ZJ23VHoSsgGavFDtkzdaL
5HyGEWuvauRJRT8PERWO9W69FeW3wnU69LE65yzsLKmSOX9CqwqMyCsbAO4iYqwb
1MDYwm4mLscXu7uqz5NeCkcBSCsO+ahLYDTjbuUP9UP/xPs9cWR+S2jSYLRtwWTd
QXlw1ckyhwK1Y73SGN6BrgPLI5G6m9PsRjTs4mbsPVuh+j0lp5y0jHnI440jJKWC
jo83ECYVoZa3Ydm/QFhCSddDEt5O5HZxnt0eE+1Nkle8KLPrajQglkqBblmpWeqI
Ec38w2Y1QfkPR0gQHSWgGhTAbiNHV+Wv6uMMZScjTQFKdLxEHOJJ+oxly/F5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUV2mweFHaran3Kw4ZY1um+oz8huowHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMzMzMzUzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
DDANBgkqhkiG9w0BAQsFAAOCAQEAZNBEeFZzqsUPUD1nRL/57saJMZqyyuvQJ+CT
TcxCwebVQrB4j2eSnMH8ozg/LjiD/OpPWqU/30cj6m43YnziBzRXSz5qiGsTXtHR
Q8HyZ+v3ybgsXN331ExQtEvw54vUAGbZdU+mN4Ak8OIecmsiJcqdWjJbN9lYW0Lu
IfeuZ1gpA/u5+ay8cas3+2wdAO0s2TpiLBOnYrRy13tRPmYeLBcM4Q4iJKOcnR8m
xWLsdvaPOnlgkulP/2IrgQaBBQIEAXUpGtaG+qqgksCWdQEZGNB7q8Ar2z6CvUiw
bD1+Uu4oQGsnPx93svBvYl4oJyuAC+/d1tx9iLzEjTFGxcu8rQ==
-----END CERTIFICATE-----