Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31352e302f32342d3234203d3e20383334.roa
File:                     3231372e32352e31352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          etjfV0kGb76d5lSxFiq8JUUbGdWAGGaQAAqGc0Sfyfo=
Subject key identifier:   2A:4D:C5:71:6B:2E:95:CC:D0:D3:49:58:5B:B8:4F:72:4C:EE:8C:F5
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       06CC65DE5CE7E57E60FB42239890EDDD51E3E22D
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31352e302f32342d3234203d3e20383334.roa
Signing time:             Tue 03 Mar 2026 04:51:11 +0000
ROA not before:           Tue 03 Mar 2026 04:46:11 +0000
ROA not after:            Tue 02 Mar 2027 04:51:11 +0000
asID:                     834
IP address blocks:        217.25.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:cc:65:de:5c:e7:e5:7e:60:fb:42:23:98:90:ed:dd:51:e3:e2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  3 04:46:11 2026 GMT
            Not After : Mar  2 04:51:11 2027 GMT
        Subject: CN=2A4DC5716B2E95CCD0D349585BB84F724CEE8CF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a4:d8:1f:41:6e:e1:59:1a:3a:37:50:bc:3b:
                    7e:5d:60:ec:f8:fc:da:a1:35:f4:f0:11:0c:8a:6b:
                    ef:f6:80:a0:31:15:c2:0f:84:2d:40:bc:9d:44:93:
                    ef:be:19:64:07:8d:9c:26:88:20:1e:8e:de:16:b0:
                    d6:b8:22:1e:24:2b:9c:29:08:f2:6a:5e:f1:0c:82:
                    de:78:96:97:ae:27:71:e3:8e:81:dc:11:36:ce:e5:
                    23:85:5b:bc:e3:dd:16:32:b5:3f:45:7f:e3:2a:96:
                    0d:f5:5c:28:0d:c9:6a:e5:81:a5:58:b9:8e:c0:8f:
                    fd:d8:65:2f:27:8d:68:77:3d:a4:ab:16:27:eb:b6:
                    b0:cc:54:9b:99:88:8e:d1:a1:82:5f:1a:09:ab:6c:
                    62:09:46:20:4b:9b:2e:27:d4:bc:ba:c0:a8:b3:e2:
                    f4:f7:86:68:1d:44:ee:fa:32:ee:8d:28:47:20:3d:
                    13:bd:8d:7f:c5:68:83:10:47:91:79:b3:a2:3b:2f:
                    57:73:f7:84:8b:1e:db:49:52:17:b0:be:1a:c2:2e:
                    a5:06:22:2a:8e:d1:d2:82:40:be:f1:32:80:9f:f1:
                    fe:a8:7f:d7:12:ef:fe:e6:13:d6:de:89:e1:ae:e5:
                    94:15:b6:ab:a4:69:7b:75:40:7a:0a:f4:f3:03:ea:
                    cf:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:4D:C5:71:6B:2E:95:CC:D0:D3:49:58:5B:B8:4F:72:4C:EE:8C:F5
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:2c:69:05:6f:cc:bd:2a:09:2a:8b:ba:e4:8e:d2:78:ce:90:
         45:1f:79:b1:4a:db:97:1c:6a:f8:b5:1b:aa:1f:4e:99:9d:1a:
         0b:20:06:3e:7f:f0:3e:56:91:c1:41:52:d1:7d:89:0a:00:81:
         75:06:3b:4d:db:48:6d:ce:10:85:59:d6:e1:a8:36:47:40:26:
         84:b8:f8:53:c6:43:b8:07:fd:07:e5:48:0e:f9:e2:45:dc:de:
         fc:41:dc:4e:68:45:66:14:68:a6:6d:fb:38:7a:46:8d:f1:59:
         00:f3:14:92:e8:e8:83:1f:59:b4:2e:e4:45:5b:9f:18:f9:15:
         0d:83:47:f9:af:5d:a6:2a:c1:7c:64:dc:7e:cf:c5:7c:e5:38:
         35:92:54:a7:65:61:19:84:9b:bb:23:0a:e6:eb:11:1d:3d:db:
         ae:99:9a:35:fd:3e:10:63:22:08:6a:e1:d5:78:17:32:7e:ac:
         4e:f4:fa:36:25:af:ec:44:4a:b6:0d:98:04:65:87:df:5b:11:
         dc:f0:51:41:65:50:4b:e6:91:ee:fb:0d:9b:75:65:e2:4b:4f:
         79:5a:83:fc:cf:4c:29:ae:89:3f:50:fb:5a:e7:69:b4:e5:f1:
         93:d6:4c:e9:f4:d3:fa:ae:44:83:93:41:12:7b:64:25:09:30:
         88:ef:4b:7f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUBsxl3lzn5X5g+0IjmJDt3VHj4i0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDMwNDQ2MTFaFw0yNzAzMDIwNDUxMTFaMDMxMTAvBgNV
BAMTKDJBNERDNTcxNkIyRTk1Q0NEMEQzNDk1ODVCQjg0RjcyNENFRThDRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPpNgfQW7hWRo6N1C8O35dYOz4
/NqhNfTwEQyKa+/2gKAxFcIPhC1AvJ1Ek+++GWQHjZwmiCAejt4WsNa4Ih4kK5wp
CPJqXvEMgt54lpeuJ3HjjoHcETbO5SOFW7zj3RYytT9Ff+Mqlg31XCgNyWrlgaVY
uY7Aj/3YZS8njWh3PaSrFifrtrDMVJuZiI7RoYJfGgmrbGIJRiBLmy4n1Ly6wKiz
4vT3hmgdRO76Mu6NKEcgPRO9jX/FaIMQR5F5s6I7L1dz94SLHttJUhewvhrCLqUG
IiqO0dKCQL7xMoCf8f6of9cS7/7mE9beieGu5ZQVtqukaXt1QHoK9PMD6s9HAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUKk3FcWsulczQ00lYW7hPckzujPUwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RkPMA0G
CSqGSIb3DQEBCwUAA4IBAQBALGkFb8y9Kgkqi7rkjtJ4zpBFH3mxStuXHGr4tRuq
H06ZnRoLIAY+f/A+VpHBQVLRfYkKAIF1BjtN20htzhCFWdbhqDZHQCaEuPhTxkO4
B/0H5UgO+eJF3N78QdxOaEVmFGimbfs4ekaN8VkA8xSS6OiDH1m0LuRFW58Y+RUN
g0f5r12mKsF8ZNx+z8V85Tg1klSnZWEZhJu7Iwrm6xEdPduumZo1/T4QYyIIauHV
eBcyfqxO9Po2Ja/sREq2DZgEZYffWxHc8FFBZVBL5pHu+w2bdWXiS095WoP8z0wp
rok/UPta52m05fGT1kzp9NP6rkSDk0ESe2QlCTCI70t/
-----END CERTIFICATE-----