Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e322e302f32342d3234203d3e20343032323638.roa
File:                     3231372e32352e322e302f32342d3234203d3e20343032323638.roa (raw, json)
Hash identifier:          eO9NqT6i2l2HEGs+WVV7UTiynn+SIqeiEipfCYpnbLk=
Subject key identifier:   79:57:70:55:AA:9D:CD:A2:90:16:8C:56:22:A9:18:57:A7:7B:1B:EB
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       772FB54BDF15C2B03A96C4E5B198E43AA4C0D7B5
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e322e302f32342d3234203d3e20343032323638.roa
Signing time:             Tue 05 May 2026 16:17:24 +0000
ROA not before:           Tue 05 May 2026 16:12:24 +0000
ROA not after:            Tue 04 May 2027 16:17:24 +0000
asID:                     402268
IP address blocks:        217.25.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 May 2026 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:2f:b5:4b:df:15:c2:b0:3a:96:c4:e5:b1:98:e4:3a:a4:c0:d7:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May  5 16:12:24 2026 GMT
            Not After : May  4 16:17:24 2027 GMT
        Subject: CN=79577055AA9DCDA290168C5622A91857A77B1BEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:13:7c:86:09:1f:cc:93:96:bf:c2:fd:9d:62:
                    11:5f:e2:6e:f7:d3:3f:29:43:10:8f:67:cd:e3:01:
                    df:af:c5:d5:ab:ae:60:6f:54:c6:d4:43:43:ce:9d:
                    20:bb:97:7f:86:cf:f1:da:20:e1:86:97:35:a4:0c:
                    fa:ac:99:51:7d:ea:1f:5f:7f:35:f7:71:a4:1e:17:
                    44:ba:dd:93:4e:7c:aa:cc:ca:25:ad:f8:b5:f4:83:
                    6b:00:86:13:6f:13:a2:2d:9e:9a:d0:ab:d3:17:c3:
                    a0:ee:f5:a6:9e:b9:57:d6:b9:1a:12:58:fd:4f:3d:
                    29:52:b1:15:73:a7:8a:4e:c5:f3:2c:f6:86:47:2d:
                    13:73:94:0b:83:ab:89:1f:7a:27:c3:72:ed:9a:55:
                    7b:ea:da:60:05:cc:df:d8:8e:6b:ce:46:1b:32:c2:
                    9a:17:6d:52:20:a5:07:da:bb:e8:23:26:52:ea:7f:
                    ba:0c:18:90:54:2a:13:5c:27:a7:1f:88:ab:09:b2:
                    b2:68:74:04:a2:39:f6:e3:7f:36:92:45:1e:89:2d:
                    cc:cb:7f:9f:11:46:07:e3:45:f6:74:05:38:7f:e8:
                    af:af:f9:0b:a8:2d:ec:35:95:17:d8:08:d2:b0:c3:
                    55:a9:fc:37:01:31:cf:3f:a6:b7:24:f7:be:19:7c:
                    4d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:57:70:55:AA:9D:CD:A2:90:16:8C:56:22:A9:18:57:A7:7B:1B:EB
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e322e302f32342d3234203d3e20343032323638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b3:3b:0f:23:a7:98:79:d1:80:27:64:b3:95:9f:c2:5c:35:
         ea:65:8b:c6:ca:11:c4:09:97:1c:8e:47:7d:86:40:7b:88:ef:
         b1:08:ac:2e:d6:71:ce:3d:0b:02:a3:fe:67:1d:24:72:61:35:
         48:ba:8e:14:e5:bc:e5:de:eb:27:b4:7a:b4:f8:15:0e:c9:eb:
         69:bb:6b:cd:dd:a2:db:3d:dc:6b:f2:be:c3:38:0a:6c:33:20:
         3b:9a:c8:0f:8a:b7:a3:18:cd:d9:cb:0d:f6:8d:a4:04:48:f6:
         26:e1:40:a5:1a:ca:b0:51:6a:5a:03:9e:dc:96:77:58:58:15:
         6e:09:cf:d9:12:d5:02:b8:c3:a6:86:08:f0:4e:74:ea:47:24:
         ff:67:a4:46:52:a7:c3:b9:99:c7:a1:e7:e5:06:0e:28:a8:74:
         ec:ec:f3:4f:7e:b5:9c:6e:d4:e8:1a:04:a1:c7:3a:31:33:8d:
         88:3f:95:5a:0f:24:65:e6:a4:b9:31:b7:1a:ff:89:8c:74:b6:
         b3:c9:d4:38:7c:d7:b5:56:19:27:47:cd:6a:6a:f6:d7:c4:ca:
         97:15:2e:fc:1a:95:a3:89:20:1c:bc:8e:a4:c1:fd:89:8d:aa:
         82:c2:79:a3:06:80:28:29:93:0b:d8:f9:63:92:41:9a:c1:a7:
         1a:cd:36:f5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdy+1S98VwrA6lsTlsZjkOqTA17UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MDUxNjEyMjRaFw0yNzA1MDQxNjE3MjRaMDMxMTAvBgNV
BAMTKDc5NTc3MDU1QUE5RENEQTI5MDE2OEM1NjIyQTkxODU3QTc3QjFCRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXE3yGCR/Mk5a/wv2dYhFf4m73
0z8pQxCPZ83jAd+vxdWrrmBvVMbUQ0POnSC7l3+Gz/HaIOGGlzWkDPqsmVF96h9f
fzX3caQeF0S63ZNOfKrMyiWt+LX0g2sAhhNvE6ItnprQq9MXw6Du9aaeuVfWuRoS
WP1PPSlSsRVzp4pOxfMs9oZHLRNzlAuDq4kfeifDcu2aVXvq2mAFzN/YjmvORhsy
wpoXbVIgpQfau+gjJlLqf7oMGJBUKhNcJ6cfiKsJsrJodASiOfbjfzaSRR6JLczL
f58RRgfjRfZ0BTh/6K+v+QuoLew1lRfYCNKww1Wp/DcBMc8/prck974ZfE1/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeVdwVaqdzaKQFoxWIqkYV6d7G+swHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMjMyMzYzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
AjANBgkqhkiG9w0BAQsFAAOCAQEAhbM7DyOnmHnRgCdks5Wfwlw16mWLxsoRxAmX
HI5HfYZAe4jvsQisLtZxzj0LAqP+Zx0kcmE1SLqOFOW85d7rJ7R6tPgVDsnrabtr
zd2i2z3ca/K+wzgKbDMgO5rID4q3oxjN2csN9o2kBEj2JuFApRrKsFFqWgOe3JZ3
WFgVbgnP2RLVArjDpoYI8E506kck/2ekRlKnw7mZx6Hn5QYOKKh07OzzT361nG7U
6BoEocc6MTONiD+VWg8kZeakuTG3Gv+JjHS2s8nUOHzXtVYZJ0fNamr218TKlxUu
/BqVo4kgHLyOpMH9iY2qgsJ5owaAKCmTC9j5Y5JBmsGnGs029Q==
-----END CERTIFICATE-----