Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31352e302f32342d3234203d3e2039333138.roa
File:                     3231372e32352e31352e302f32342d3234203d3e2039333138.roa (raw, json)
Hash identifier:          R5MZ0SUrJW4CLZizJcr1R/s4uU+VevPvUalEFyfnK94=
Subject key identifier:   63:39:1D:46:D4:4E:B8:DC:15:EC:E3:79:16:C4:C6:3C:2F:51:6E:77
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       6284D8581AE1BAF408B927358E2047D49D837CDC
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31352e302f32342d3234203d3e2039333138.roa
Signing time:             Sat 23 May 2026 03:49:31 +0000
ROA not before:           Sat 23 May 2026 03:44:31 +0000
ROA not after:            Sat 22 May 2027 03:49:31 +0000
asID:                     9318
IP address blocks:        217.25.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 20:36:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:84:d8:58:1a:e1:ba:f4:08:b9:27:35:8e:20:47:d4:9d:83:7c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May 23 03:44:31 2026 GMT
            Not After : May 22 03:49:31 2027 GMT
        Subject: CN=63391D46D44EB8DC15ECE37916C4C63C2F516E77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:61:d9:07:59:8b:05:58:0d:06:bc:bf:83:11:
                    7f:a7:9c:ac:23:01:50:f4:11:ce:35:8c:b3:0d:89:
                    d2:9c:d4:3f:78:f9:bc:90:ad:9a:cb:13:0c:a3:8e:
                    e0:2d:4c:59:d5:31:e7:33:80:6b:a5:a3:14:b4:02:
                    64:ec:df:90:eb:b7:28:8c:0e:55:af:19:b3:9a:79:
                    13:03:77:9f:ff:0a:b9:f4:4b:98:c8:2b:c4:e4:d2:
                    8b:ac:1f:29:81:72:7f:e6:72:e2:fb:f5:4e:e0:e4:
                    fe:dd:59:62:58:13:f6:8e:65:63:a2:c6:6f:3e:54:
                    d8:f0:e3:83:3f:98:9f:0b:aa:be:31:2b:98:4c:ce:
                    eb:9b:26:ca:ed:e4:01:94:58:b4:9d:4b:22:b4:99:
                    c0:01:df:84:75:a3:f2:e8:21:cb:75:2a:ad:b0:c5:
                    7e:b6:9b:43:97:e4:ed:ea:22:00:fe:f0:a1:39:9c:
                    06:29:e3:34:bf:d6:55:c9:61:7e:55:74:93:48:68:
                    6f:1a:7e:36:51:15:44:dd:4f:e7:f0:a4:21:b7:04:
                    86:ed:65:f6:fe:f3:1e:eb:66:e4:fa:50:87:88:71:
                    88:5b:98:7e:cd:c9:1a:ba:8b:9b:1f:c5:18:71:40:
                    7a:e2:9e:82:60:19:57:2d:6c:14:2d:92:12:e4:e7:
                    a0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:39:1D:46:D4:4E:B8:DC:15:EC:E3:79:16:C4:C6:3C:2F:51:6E:77
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31352e302f32342d3234203d3e2039333138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:d6:fa:5d:8f:6a:41:2b:4a:98:99:3c:8c:be:93:70:ef:7f:
         30:8b:3e:d7:0b:e7:34:fa:82:b7:b6:14:28:93:89:e3:bc:c9:
         a6:62:cb:98:9c:ec:16:6b:06:ce:4b:3e:4b:fa:64:f4:85:ae:
         e1:e1:44:16:35:fd:ba:47:c5:c8:e4:04:e1:b0:04:cf:0e:0a:
         7a:3d:e9:7c:10:01:aa:86:0d:e7:2a:1e:2b:61:1b:92:14:18:
         27:1a:36:5e:e1:33:74:09:ee:4f:ea:91:22:92:0e:78:3a:6d:
         30:21:c7:46:96:71:15:a1:aa:64:3a:c2:b7:6e:e1:a3:54:24:
         db:df:f2:af:33:c9:f8:50:f5:af:03:1a:09:a1:61:22:01:65:
         d8:d1:e5:df:42:b9:1b:53:8a:04:1e:1c:86:c6:5d:0b:b8:a2:
         90:bb:cc:8a:22:9a:3a:dd:09:13:86:72:8b:86:c5:54:d0:86:
         fa:e2:c3:95:df:8c:29:0d:81:80:f9:e0:7b:a2:bf:8f:e4:68:
         46:cd:eb:5f:ad:ca:f5:55:f6:cd:47:24:2e:97:ab:77:ee:69:
         e0:03:88:16:ab:c8:e5:eb:f4:6d:78:da:a8:6f:30:e7:ac:7b:
         03:af:b0:e4:4e:16:fc:04:89:03:04:a1:58:7f:7d:f7:30:e7:
         19:81:c0:07
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYoTYWBrhuvQIuSc1jiBH1J2DfNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MjMwMzQ0MzFaFw0yNzA1MjIwMzQ5MzFaMDMxMTAvBgNV
BAMTKDYzMzkxRDQ2RDQ0RUI4REMxNUVDRTM3OTE2QzRDNjNDMkY1MTZFNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLYdkHWYsFWA0GvL+DEX+nnKwj
AVD0Ec41jLMNidKc1D94+byQrZrLEwyjjuAtTFnVMeczgGuloxS0AmTs35DrtyiM
DlWvGbOaeRMDd5//Crn0S5jIK8Tk0ousHymBcn/mcuL79U7g5P7dWWJYE/aOZWOi
xm8+VNjw44M/mJ8Lqr4xK5hMzuubJsrt5AGUWLSdSyK0mcAB34R1o/LoIct1Kq2w
xX62m0OX5O3qIgD+8KE5nAYp4zS/1lXJYX5VdJNIaG8afjZRFUTdT+fwpCG3BIbt
Zfb+8x7rZuT6UIeIcYhbmH7NyRq6i5sfxRhxQHrinoJgGVctbBQtkhLk56BLAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUYzkdRtROuNwV7ON5FsTGPC9RbncwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADZGQ8w
DQYJKoZIhvcNAQELBQADggEBAFbW+l2PakErSpiZPIy+k3DvfzCLPtcL5zT6gre2
FCiTieO8yaZiy5ic7BZrBs5LPkv6ZPSFruHhRBY1/bpHxcjkBOGwBM8OCno96XwQ
AaqGDecqHithG5IUGCcaNl7hM3QJ7k/qkSKSDng6bTAhx0aWcRWhqmQ6wrdu4aNU
JNvf8q8zyfhQ9a8DGgmhYSIBZdjR5d9CuRtTigQeHIbGXQu4opC7zIoimjrdCROG
couGxVTQhvriw5XfjCkNgYD54Huiv4/kaEbN61+tyvVV9s1HJC6Xq3fuaeADiBar
yOXr9G142qhvMOesewOvsOROFvwEiQMEoVh/ffcw5xmBwAc=
-----END CERTIFICATE-----