Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e342e302f32342d3234203d3e20313432313436.roa
File:                     3231372e32352e342e302f32342d3234203d3e20313432313436.roa (raw, json)
Hash identifier:          vZRhvTOHCjCN3qpqUAQpaZnKJPXOT/7YVpVSmsbplMQ=
Subject key identifier:   21:9D:FC:74:77:F1:27:A8:2A:6E:D2:33:DE:59:42:FF:04:B6:47:BE
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       7592A54A27F35A2CA094F569F6A21096C128ACF7
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e342e302f32342d3234203d3e20313432313436.roa
Signing time:             Mon 02 Mar 2026 11:38:38 +0000
ROA not before:           Mon 02 Mar 2026 11:33:38 +0000
ROA not after:            Mon 01 Mar 2027 11:38:38 +0000
asID:                     142146
IP address blocks:        217.25.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:92:a5:4a:27:f3:5a:2c:a0:94:f5:69:f6:a2:10:96:c1:28:ac:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:38 2026 GMT
            Not After : Mar  1 11:38:38 2027 GMT
        Subject: CN=219DFC7477F127A82A6ED233DE5942FF04B647BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4e:95:c9:0b:e1:5b:c4:87:7c:a5:5e:ab:76:
                    4d:78:84:3b:f4:40:11:79:76:b2:77:9a:77:f3:e5:
                    86:b5:fd:fc:c8:3b:12:b5:7c:a3:0c:ce:f3:aa:72:
                    72:6e:c6:b0:91:ee:14:84:ae:2f:d0:70:06:61:61:
                    16:1f:11:f3:ca:4e:c1:01:36:bf:72:5e:8e:bb:3f:
                    b2:ae:10:58:6c:9b:5d:66:78:b8:3b:a2:d1:f9:ff:
                    e2:61:7a:fc:70:8d:46:b5:6b:b6:a5:23:da:be:fc:
                    9d:22:fa:5d:0d:ab:d7:b2:37:0b:b2:dd:dd:c6:b1:
                    70:84:d3:a4:50:d4:26:cf:c8:8b:d7:72:af:9f:4d:
                    3a:b9:56:3e:3b:64:f5:dd:c6:bf:e0:62:dd:e0:15:
                    09:74:af:93:08:28:02:68:48:5c:17:37:78:6f:04:
                    36:ad:03:5e:af:ba:26:3a:cf:85:07:e1:f5:7e:99:
                    ff:94:b6:a8:23:f6:5b:b6:39:4d:bd:77:75:3d:ec:
                    0c:89:89:b4:eb:7e:47:84:63:2c:4f:bd:2f:b5:a3:
                    4f:2d:61:ef:f9:d4:11:fb:7c:32:8e:42:0e:49:47:
                    9d:9a:91:9e:b7:c3:6d:87:2f:c7:bf:52:3b:e7:32:
                    f8:2f:9e:e9:14:9d:6f:bf:cf:40:10:6e:cc:1d:d9:
                    26:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:9D:FC:74:77:F1:27:A8:2A:6E:D2:33:DE:59:42:FF:04:B6:47:BE
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e342e302f32342d3234203d3e20313432313436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:3d:7b:4b:04:6c:16:86:2c:ab:5f:aa:60:1f:45:6f:43:f6:
         62:b6:da:b0:a3:47:63:f1:ef:66:85:8c:1b:33:30:9e:5c:65:
         ec:01:b3:42:48:f1:fe:a6:8d:bc:0c:56:2c:d5:c1:e0:4f:2a:
         6b:37:36:0b:6f:76:40:eb:f1:c8:94:74:ab:d2:34:15:55:2f:
         03:20:c8:c1:ce:31:34:1b:12:fe:7f:ce:b9:96:a9:18:43:f9:
         d7:e3:bd:4d:a0:0d:f1:a4:41:be:18:98:72:38:ed:5b:dd:b9:
         06:26:4c:a2:89:da:92:46:db:57:5c:f4:72:12:3c:be:ab:46:
         e5:b0:6e:7c:e7:b2:71:bc:5c:36:2a:06:8e:b8:b7:13:a1:6b:
         9c:42:53:55:1b:f6:8f:09:96:88:16:ed:2c:34:04:d4:e1:b7:
         15:4d:28:07:b0:bc:3c:d6:1e:b2:c6:a2:c8:5e:b8:cd:4e:60:
         aa:a6:cb:7c:54:e3:92:99:4a:32:ee:1e:69:a0:ed:12:16:4d:
         a8:88:ca:7a:be:d0:fb:21:8d:89:04:23:b7:9a:02:4b:66:53:
         ac:4c:8c:3d:ee:90:38:fd:72:c5:94:50:0c:48:7f:fe:24:eb:
         81:b4:1d:50:c4:70:46:9e:ef:3c:35:5e:22:89:0f:db:9a:32:
         2b:0d:09:41
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdZKlSifzWiyglPVp9qIQlsEorPcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzhaFw0yNzAzMDExMTM4MzhaMDMxMTAvBgNV
BAMTKDIxOURGQzc0NzdGMTI3QTgyQTZFRDIzM0RFNTk0MkZGMDRCNjQ3QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtTpXJC+FbxId8pV6rdk14hDv0
QBF5drJ3mnfz5Ya1/fzIOxK1fKMMzvOqcnJuxrCR7hSEri/QcAZhYRYfEfPKTsEB
Nr9yXo67P7KuEFhsm11meLg7otH5/+JhevxwjUa1a7alI9q+/J0i+l0Nq9eyNwuy
3d3GsXCE06RQ1CbPyIvXcq+fTTq5Vj47ZPXdxr/gYt3gFQl0r5MIKAJoSFwXN3hv
BDatA16vuiY6z4UH4fV+mf+Utqgj9lu2OU29d3U97AyJibTrfkeEYyxPvS+1o08t
Ye/51BH7fDKOQg5JR52akZ63w22HL8e/UjvnMvgvnukUnW+/z0AQbswd2Sb/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIZ38dHfxJ6gqbtIz3llC/wS2R74wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzMjMxMzQzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
BDANBgkqhkiG9w0BAQsFAAOCAQEAfT17SwRsFoYsq1+qYB9Fb0P2YrbasKNHY/Hv
ZoWMGzMwnlxl7AGzQkjx/qaNvAxWLNXB4E8qazc2C292QOvxyJR0q9I0FVUvAyDI
wc4xNBsS/n/OuZapGEP51+O9TaAN8aRBvhiYcjjtW925BiZMoonakkbbV1z0chI8
vqtG5bBufOeycbxcNioGjri3E6FrnEJTVRv2jwmWiBbtLDQE1OG3FU0oB7C8PNYe
ssaiyF64zU5gqqbLfFTjkplKMu4eaaDtEhZNqIjKer7Q+yGNiQQjt5oCS2ZTrEyM
Pe6QOP1yxZRQDEh//iTrgbQdUMRwRp7vPDVeIokP25oyKw0JQQ==
-----END CERTIFICATE-----