Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31342e302f32342d3234203d3e2039333138.roa
File:                     3231372e32352e31342e302f32342d3234203d3e2039333138.roa (raw, json)
Hash identifier:          g2ofm16r16kl7irVfvgX1+7ziEvLdY7dJdeeSirOg4Y=
Subject key identifier:   8D:4E:05:7B:DE:27:2A:77:FD:F9:0A:45:36:37:AD:D8:F3:AF:3D:5E
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       5CABD84D155DB0F887027766986E8ACCAEB3A077
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31342e302f32342d3234203d3e2039333138.roa
Signing time:             Tue 03 Mar 2026 04:50:28 +0000
ROA not before:           Tue 03 Mar 2026 04:45:28 +0000
ROA not after:            Tue 02 Mar 2027 04:50:28 +0000
asID:                     9318
IP address blocks:        217.25.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:ab:d8:4d:15:5d:b0:f8:87:02:77:66:98:6e:8a:cc:ae:b3:a0:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  3 04:45:28 2026 GMT
            Not After : Mar  2 04:50:28 2027 GMT
        Subject: CN=8D4E057BDE272A77FDF90A453637ADD8F3AF3D5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b7:19:56:b7:c6:dc:ec:62:56:a3:92:c2:03:
                    af:19:11:7c:df:e0:42:29:a7:bb:3c:45:a5:9f:66:
                    08:71:58:99:ba:6f:9d:22:77:32:87:c5:cd:83:a8:
                    8c:3f:d7:a5:14:dd:16:c7:df:e6:36:26:a5:87:61:
                    63:fd:06:2e:ba:ce:87:5f:c7:86:ce:f9:fd:4a:ea:
                    68:0e:be:48:42:52:9e:b6:ea:40:ac:18:c2:ea:ca:
                    48:f9:fc:05:cb:0a:ca:99:cb:7d:18:3d:86:72:c7:
                    60:a9:fa:d4:ee:29:ef:0f:f0:ce:1c:4e:22:02:47:
                    cf:da:0c:35:14:18:7f:dc:a4:32:56:1f:87:40:43:
                    0d:7e:d1:3a:6b:42:3b:28:a2:70:e7:74:27:2c:ef:
                    f5:be:81:92:95:06:a8:a8:74:96:48:2b:82:6a:25:
                    4f:2e:24:eb:ca:0d:8c:5e:7e:d4:cc:9a:77:6f:dd:
                    01:94:54:a9:9c:f1:4d:7e:fc:b0:9c:a2:70:30:0f:
                    9a:40:dd:2d:ec:10:52:ba:99:e0:de:11:87:99:f2:
                    33:4d:50:1f:1a:39:a6:9d:00:3d:e0:e4:f8:dd:3f:
                    07:ad:58:fb:d7:ec:64:fb:4e:36:c6:c6:19:bd:30:
                    a8:69:fa:7e:b0:1d:1d:04:db:a5:7a:de:18:90:1e:
                    c5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:4E:05:7B:DE:27:2A:77:FD:F9:0A:45:36:37:AD:D8:F3:AF:3D:5E
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31342e302f32342d3234203d3e2039333138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:54:d8:8b:e2:6e:8a:8e:33:52:e6:c0:9a:94:8a:c5:27:d8:
         1b:7f:37:7f:bd:f8:86:1f:6a:50:39:a7:17:54:59:70:9a:68:
         6f:83:34:8c:84:8f:4d:e5:55:ba:31:63:67:91:b3:f0:8e:f1:
         c2:88:0e:35:e5:3e:c0:f8:7e:ff:8b:54:1a:1e:ca:0c:79:08:
         0a:c2:71:d6:5b:6f:ed:3b:4e:e5:09:9d:d3:e4:61:94:3b:bd:
         be:12:56:68:04:f2:cc:37:c9:b5:14:d6:12:43:c1:be:de:60:
         47:63:ac:72:bf:37:48:c6:40:e6:98:57:3c:10:3d:e0:c8:1b:
         d7:41:8f:58:4c:ab:cf:4e:e0:45:33:82:bf:db:78:ce:df:f7:
         97:36:91:bf:50:d8:69:4c:01:21:d7:2e:f6:8b:b9:a6:3f:61:
         2c:10:4a:a2:85:f4:f7:a1:bf:c1:ff:c7:07:f4:6a:de:3e:e8:
         9d:74:e7:cb:b9:f7:4a:48:49:d0:48:ec:86:1a:18:e5:1b:47:
         86:22:78:bf:a2:48:f4:96:49:a4:d3:d2:0c:48:62:d0:59:78:
         30:14:0c:e0:30:d0:3d:08:2a:2b:10:78:9d:b9:7d:78:b2:e2:
         5b:ab:ab:76:44:9b:8d:12:d7:b2:17:98:96:42:a5:6d:e2:33:
         ab:38:0f:02
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXKvYTRVdsPiHAndmmG6KzK6zoHcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDMwNDQ1MjhaFw0yNzAzMDIwNDUwMjhaMDMxMTAvBgNV
BAMTKDhENEUwNTdCREUyNzJBNzdGREY5MEE0NTM2MzdBREQ4RjNBRjNENUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYtxlWt8bc7GJWo5LCA68ZEXzf
4EIpp7s8RaWfZghxWJm6b50idzKHxc2DqIw/16UU3RbH3+Y2JqWHYWP9Bi66zodf
x4bO+f1K6mgOvkhCUp626kCsGMLqykj5/AXLCsqZy30YPYZyx2Cp+tTuKe8P8M4c
TiICR8/aDDUUGH/cpDJWH4dAQw1+0TprQjsoonDndCcs7/W+gZKVBqiodJZIK4Jq
JU8uJOvKDYxeftTMmndv3QGUVKmc8U1+/LCconAwD5pA3S3sEFK6meDeEYeZ8jNN
UB8aOaadAD3g5PjdPwetWPvX7GT7TjbGxhm9MKhp+n6wHR0E26V63hiQHsXVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUjU4Fe94nKnf9+QpFNjet2POvPV4wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADZGQ4w
DQYJKoZIhvcNAQELBQADggEBAIVU2IviboqOM1LmwJqUisUn2Bt/N3+9+IYfalA5
pxdUWXCaaG+DNIyEj03lVboxY2eRs/CO8cKIDjXlPsD4fv+LVBoeygx5CArCcdZb
b+07TuUJndPkYZQ7vb4SVmgE8sw3ybUU1hJDwb7eYEdjrHK/N0jGQOaYVzwQPeDI
G9dBj1hMq89O4EUzgr/beM7f95c2kb9Q2GlMASHXLvaLuaY/YSwQSqKF9Pehv8H/
xwf0at4+6J1058u590pISdBI7IYaGOUbR4YieL+iSPSWSaTT0gxIYtBZeDAUDOAw
0D0IKisQeJ25fXiy4lurq3ZEm40S17IXmJZCpW3iM6s4DwI=
-----END CERTIFICATE-----