Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e332e302f32342d3234203d3e203230343733.roa
File:                     3231372e32352e332e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          Gtvwy4O2g92Wl34q1NG2a1KSHDIDcCrqvni9SpsOlEs=
Subject key identifier:   21:5F:57:48:F6:FA:52:E2:BC:C5:02:84:72:D5:C6:D9:F8:1C:1C:DC
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       599EB1B7C13DA3279217896085686A7267D594DA
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e332e302f32342d3234203d3e203230343733.roa
Signing time:             Thu 12 Mar 2026 13:27:19 +0000
ROA not before:           Thu 12 Mar 2026 13:22:19 +0000
ROA not after:            Thu 11 Mar 2027 13:27:19 +0000
asID:                     20473
IP address blocks:        217.25.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 16:54:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:9e:b1:b7:c1:3d:a3:27:92:17:89:60:85:68:6a:72:67:d5:94:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar 12 13:22:19 2026 GMT
            Not After : Mar 11 13:27:19 2027 GMT
        Subject: CN=215F5748F6FA52E2BCC5028472D5C6D9F81C1CDC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c7:bf:4d:f4:f4:8a:a9:67:2c:f1:11:06:21:
                    1b:77:f9:6a:ad:dd:a7:2d:93:86:45:dd:3b:4f:62:
                    96:67:f4:08:55:58:cd:33:b2:86:6c:e2:85:ca:04:
                    7f:49:b5:70:98:56:e3:77:33:8a:24:b1:ec:bf:e1:
                    34:f1:a7:8e:7c:6f:c8:44:92:7a:c4:60:d9:81:ec:
                    a1:1f:33:9a:dd:1a:6b:5f:4d:6c:38:61:2d:bf:76:
                    a0:37:16:d7:01:93:bf:a9:c2:c5:75:37:42:1a:13:
                    56:a4:8f:94:8e:af:9a:90:7d:8e:f0:53:45:9c:0b:
                    5c:e2:41:9a:a3:8c:ab:92:37:10:ce:78:2e:5a:62:
                    d4:df:0c:f6:94:cd:aa:19:c6:4b:72:61:57:a3:75:
                    b9:88:c1:c5:2a:07:ad:68:aa:67:9a:8f:c0:7a:a4:
                    69:bc:17:05:1c:d4:9d:7b:9a:3c:29:46:1d:20:03:
                    1a:d5:f5:a8:f6:32:a4:22:32:de:b4:0c:71:99:f6:
                    4a:bc:8a:d7:35:87:78:ad:61:2a:b6:f5:25:37:ca:
                    aa:bc:02:de:6a:87:57:9b:ca:5f:0e:bf:db:d9:0e:
                    a8:7e:5c:a2:b4:80:0b:f1:90:3b:9f:4c:59:e9:e3:
                    d5:5b:40:d4:04:70:03:6f:b7:a4:33:5c:cc:dd:d1:
                    9b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:5F:57:48:F6:FA:52:E2:BC:C5:02:84:72:D5:C6:D9:F8:1C:1C:DC
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e332e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:8d:32:e0:a2:07:c9:1c:7f:05:66:d8:06:a9:e8:c8:9c:f1:
         ff:f9:10:f1:30:24:21:f5:fd:a2:d7:9e:8e:5a:8f:2f:a0:fc:
         fe:11:ac:4e:de:bb:0c:a2:aa:17:dd:33:e4:5b:a2:6b:b8:96:
         8c:8f:00:fc:e6:ea:27:7b:d3:5f:52:bc:37:da:58:a1:68:bc:
         e8:22:c3:75:b6:d0:8d:b3:0b:4d:29:75:df:db:f8:36:8f:fb:
         9a:c2:45:f7:26:97:f2:77:67:64:d8:69:c0:b8:d1:32:36:09:
         64:1b:e4:f2:2b:8d:68:40:59:96:18:5e:bd:8a:0c:b9:01:2e:
         d6:8a:fa:a6:45:14:e7:25:e6:6b:6c:22:8f:d8:ff:95:5a:ac:
         01:e8:f4:ef:ae:6a:c0:58:89:1f:0a:8a:bd:8e:4a:4b:d5:88:
         89:48:e1:e2:24:a6:bc:77:e4:83:4e:59:26:e6:49:11:7f:14:
         0f:39:4c:2f:bb:8b:28:f1:02:ab:86:ea:70:a7:dc:f7:29:d2:
         5c:ff:ec:6c:89:ba:a0:11:1c:5c:f7:7e:5e:4d:1b:0d:48:eb:
         b3:8b:07:25:a3:c8:e1:21:e9:e2:e1:98:b8:f6:61:f3:9a:a3:
         72:70:8a:6e:43:43:23:c0:64:ba:d0:f7:30:74:40:02:e7:e4:
         ed:c5:d8:03
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUWZ6xt8E9oyeSF4lghWhqcmfVlNowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMTIxMzIyMTlaFw0yNzAzMTExMzI3MTlaMDMxMTAvBgNV
BAMTKDIxNUY1NzQ4RjZGQTUyRTJCQ0M1MDI4NDcyRDVDNkQ5RjgxQzFDREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMx79N9PSKqWcs8REGIRt3+Wqt
3actk4ZF3TtPYpZn9AhVWM0zsoZs4oXKBH9JtXCYVuN3M4oksey/4TTxp458b8hE
knrEYNmB7KEfM5rdGmtfTWw4YS2/dqA3FtcBk7+pwsV1N0IaE1akj5SOr5qQfY7w
U0WcC1ziQZqjjKuSNxDOeC5aYtTfDPaUzaoZxktyYVejdbmIwcUqB61oqmeaj8B6
pGm8FwUc1J17mjwpRh0gAxrV9aj2MqQiMt60DHGZ9kq8itc1h3itYSq29SU3yqq8
At5qh1ebyl8Ov9vZDqh+XKK0gAvxkDufTFnp49VbQNQEcANvt6QzXMzd0ZuZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUIV9XSPb6UuK8xQKEctXG2fgcHNwwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNDM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADZGQMw
DQYJKoZIhvcNAQELBQADggEBAJCNMuCiB8kcfwVm2Aap6Mic8f/5EPEwJCH1/aLX
no5ajy+g/P4RrE7euwyiqhfdM+Rbomu4loyPAPzm6id7019SvDfaWKFovOgiw3W2
0I2zC00pdd/b+DaP+5rCRfcml/J3Z2TYacC40TI2CWQb5PIrjWhAWZYYXr2KDLkB
LtaK+qZFFOcl5mtsIo/Y/5VarAHo9O+uasBYiR8Kir2OSkvViIlI4eIkprx35INO
WSbmSRF/FA85TC+7iyjxAquG6nCn3Pcp0lz/7GyJuqARHFz3fl5NGw1I67OLByWj
yOEh6eLhmLj2YfOao3Jwim5DQyPAZLrQ9zB0QALn5O3F2AM=
-----END CERTIFICATE-----