Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e332e302f32342d3234203d3e20383334.roa
File:                     3231372e32352e332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ruc7Sb6/pEHuwWQB0NlrWrQDuha6uU6uHeWIYFVfrBU=
Subject key identifier:   D7:EF:8C:E9:09:5D:24:8A:0A:AE:7A:D7:B4:B1:26:A0:A6:C8:60:71
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       626C11CD4B1849E4866C84529711214F4B222A8F
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e332e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 11:38:37 +0000
ROA not before:           Mon 02 Mar 2026 11:33:37 +0000
ROA not after:            Mon 01 Mar 2027 11:38:37 +0000
asID:                     834
IP address blocks:        217.25.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:6c:11:cd:4b:18:49:e4:86:6c:84:52:97:11:21:4f:4b:22:2a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:37 2026 GMT
            Not After : Mar  1 11:38:37 2027 GMT
        Subject: CN=D7EF8CE9095D248A0AAE7AD7B4B126A0A6C86071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c3:00:1a:8e:f1:29:4c:2a:62:88:3e:a9:f3:
                    0b:b4:15:ce:85:bd:6d:44:a3:e4:b7:16:46:c4:00:
                    ba:89:c8:aa:f6:8f:46:d1:df:03:41:55:28:66:de:
                    9e:ed:55:23:8f:c6:78:40:39:b9:12:c2:96:64:7d:
                    4a:32:83:09:62:5e:19:ef:7d:02:4b:94:77:e6:0a:
                    d2:ef:1b:d3:c2:a9:db:68:87:d5:ba:31:9c:3e:1a:
                    05:40:ba:3f:1d:9b:b3:a6:25:d9:b2:64:bc:2d:3a:
                    b9:b3:d3:35:8d:07:33:fd:94:fd:34:1a:a5:28:7e:
                    a2:12:0e:68:85:e5:23:74:ce:0d:be:8a:a0:41:0c:
                    cf:c2:c6:45:9c:ad:1f:27:70:a4:e1:86:8e:be:6b:
                    c1:ff:0f:79:e0:83:e0:cf:6f:82:52:f6:e0:84:46:
                    aa:f4:b9:aa:ff:af:9b:70:1d:b3:25:58:09:04:dd:
                    9e:31:ca:48:e5:c4:a4:bf:19:f4:e2:7f:45:0d:ce:
                    57:1b:25:e3:77:b3:4a:81:d0:fc:46:8d:bd:22:ce:
                    9f:a2:52:40:0a:10:8d:1c:81:ba:49:39:65:d1:d0:
                    ca:07:3f:91:1c:89:ae:eb:b2:d9:3b:8e:7a:3f:54:
                    6a:63:f9:6f:09:d8:0c:56:10:97:0a:c5:f0:23:54:
                    4a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:EF:8C:E9:09:5D:24:8A:0A:AE:7A:D7:B4:B1:26:A0:A6:C8:60:71
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:06:45:e9:f0:4e:cc:b2:92:6e:ed:36:b2:53:29:aa:9d:3a:
         ea:72:4b:55:4e:d4:00:f5:26:71:22:02:75:09:bf:0b:91:be:
         90:53:0f:c0:93:47:32:a4:f2:60:b7:ba:0e:52:37:00:72:01:
         83:03:f7:69:1a:25:6c:fe:85:23:21:d4:ea:5d:a2:56:47:4a:
         a7:db:96:1b:d4:04:e6:67:48:d8:33:db:7c:6c:16:0d:11:d7:
         06:98:31:48:a1:9c:b3:f6:58:a1:01:f1:55:b3:8d:a7:ca:28:
         07:61:95:3c:0d:b8:2a:72:00:04:2e:26:ac:ec:5e:41:3d:95:
         e7:56:ee:88:b4:f8:83:ad:c7:68:a8:ef:64:b4:2d:75:74:ee:
         4e:80:a9:2a:a8:72:1b:b7:1f:fb:5e:4d:85:33:19:7a:b7:5a:
         6b:bb:08:c3:4c:c1:60:41:ef:ce:24:cf:ab:d8:4b:7a:11:ba:
         b1:9f:fe:0a:d8:62:56:5a:30:cc:0a:53:85:82:c3:41:57:44:
         3e:f7:51:21:0e:11:ec:a4:2a:c7:4d:d5:7c:57:50:12:29:31:
         8a:c5:79:55:71:76:df:ee:e8:55:75:9f:db:e7:e9:76:98:2f:
         f8:7b:77:0b:0d:a9:e9:2d:e8:f6:36:94:79:f0:a9:9f:07:95:
         61:87:ad:1b
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUYmwRzUsYSeSGbIRSlxEhT0siKo8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzdaFw0yNzAzMDExMTM4MzdaMDMxMTAvBgNV
BAMTKEQ3RUY4Q0U5MDk1RDI0OEEwQUFFN0FEN0I0QjEyNkEwQTZDODYwNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJwwAajvEpTCpiiD6p8wu0Fc6F
vW1Eo+S3FkbEALqJyKr2j0bR3wNBVShm3p7tVSOPxnhAObkSwpZkfUoygwliXhnv
fQJLlHfmCtLvG9PCqdtoh9W6MZw+GgVAuj8dm7OmJdmyZLwtOrmz0zWNBzP9lP00
GqUofqISDmiF5SN0zg2+iqBBDM/CxkWcrR8ncKThho6+a8H/D3ngg+DPb4JS9uCE
Rqr0uar/r5twHbMlWAkE3Z4xykjlxKS/GfTif0UNzlcbJeN3s0qB0PxGjb0izp+i
UkAKEI0cgbpJOWXR0MoHP5Ecia7rstk7jno/VGpj+W8J2AxWEJcKxfAjVEr9AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQU1++M6QldJIoKrnrXtLEmoKbIYHEwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZAzANBgkq
hkiG9w0BAQsFAAOCAQEAHQZF6fBOzLKSbu02slMpqp066nJLVU7UAPUmcSICdQm/
C5G+kFMPwJNHMqTyYLe6DlI3AHIBgwP3aRolbP6FIyHU6l2iVkdKp9uWG9QE5mdI
2DPbfGwWDRHXBpgxSKGcs/ZYoQHxVbONp8ooB2GVPA24KnIABC4mrOxeQT2V51bu
iLT4g63HaKjvZLQtdXTuToCpKqhyG7cf+15NhTMZerdaa7sIw0zBYEHvziTPq9hL
ehG6sZ/+CthiVlowzApThYLDQVdEPvdRIQ4R7KQqx03VfFdQEikxisV5VXF23+7o
VXWf2+fpdpgv+Ht3Cw2p6S3o9jaUefCpnweVYYetGw==
-----END CERTIFICATE-----