Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e352e302f32342d3234203d3e20343032323638.roa
File:                     3231372e32352e352e302f32342d3234203d3e20343032323638.roa (raw, json)
Hash identifier:          m6GVFGT3chGDddVmeN56HbfdXm/0nlLfVkYgH2NWLMU=
Subject key identifier:   4A:30:A2:80:4B:32:28:B3:C6:94:15:48:06:06:0E:C4:AF:50:4A:85
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       1D5420A91F5AB7170724F9EC23B225A064EA08D2
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e352e302f32342d3234203d3e20343032323638.roa
Signing time:             Tue 05 May 2026 14:28:55 +0000
ROA not before:           Tue 05 May 2026 14:23:55 +0000
ROA not after:            Tue 04 May 2027 14:28:55 +0000
asID:                     402268
IP address blocks:        217.25.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 May 2026 11:18:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:54:20:a9:1f:5a:b7:17:07:24:f9:ec:23:b2:25:a0:64:ea:08:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: May  5 14:23:55 2026 GMT
            Not After : May  4 14:28:55 2027 GMT
        Subject: CN=4A30A2804B3228B3C694154806060EC4AF504A85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:3d:c3:05:cb:a6:63:23:f1:f4:47:3a:5f:5d:
                    c6:65:77:91:5f:bf:e2:2d:d8:45:92:dc:1f:41:cf:
                    48:61:d2:ef:a1:a6:ff:75:6b:d9:6f:a7:e5:b4:fb:
                    80:76:5a:75:90:62:00:b8:0a:5d:dc:50:ef:04:a3:
                    b7:55:cd:86:74:2e:21:0b:53:f3:47:5d:ff:b0:0d:
                    0b:b5:35:68:27:98:33:49:b7:91:a8:0e:d3:9d:14:
                    b4:f8:6d:45:73:ae:10:4a:20:c7:55:eb:9e:2a:40:
                    a9:40:e9:ee:2c:c3:ae:76:fc:4a:fd:f9:a0:f5:d6:
                    92:ea:c9:37:0b:42:4f:86:f1:e3:e6:29:66:83:86:
                    43:78:78:d4:e6:cf:f8:03:22:10:13:aa:63:9e:2d:
                    d9:8a:fa:60:90:42:b0:4f:c7:3b:10:f0:ea:77:4a:
                    3a:c7:e2:89:1e:a4:9f:15:f9:a9:29:7b:b4:73:7b:
                    e5:3d:3a:74:02:4f:e9:10:47:ee:09:ee:8b:17:0c:
                    4c:4b:83:16:7a:e8:45:99:33:78:fb:53:5b:f3:5d:
                    6b:68:c8:0f:1a:3e:e8:a0:32:1c:d2:91:bd:63:7e:
                    c9:33:25:f8:b5:86:5c:4d:dc:49:bf:59:05:b7:ad:
                    5b:1f:7d:67:74:f4:ff:22:74:5f:18:4b:3c:73:2f:
                    4d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:30:A2:80:4B:32:28:B3:C6:94:15:48:06:06:0E:C4:AF:50:4A:85
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e352e302f32342d3234203d3e20343032323638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:64:2c:00:cc:57:39:6c:1e:4d:f5:d4:75:f4:82:eb:a5:6c:
         f2:89:0c:54:f7:25:d9:da:84:14:80:bc:fa:13:ff:70:62:14:
         41:f9:0c:cf:24:33:c7:62:e6:0b:a6:dd:0f:07:22:f5:ce:93:
         68:8d:5e:71:0f:51:5b:23:7d:75:fd:5b:c8:b0:45:6a:4e:38:
         65:3b:7e:bd:92:72:d9:e2:a2:28:92:ab:e0:2a:5f:1c:26:4f:
         a7:64:11:f3:14:cd:01:83:34:ba:6c:69:cf:06:50:44:11:53:
         04:d9:d6:37:f2:8f:77:d6:c2:20:03:f9:70:e8:0c:89:c0:2f:
         cf:27:1f:21:cf:b5:d1:01:f5:64:64:b4:1e:ec:d1:30:24:cd:
         6b:ac:aa:01:36:bc:32:09:ae:04:26:00:69:04:90:2f:06:df:
         53:6f:5f:d9:f9:7f:b6:5d:90:a2:13:95:ce:04:35:3b:34:88:
         7a:0e:76:37:11:53:87:0c:33:8c:d6:b5:ed:bc:6e:2f:ba:13:
         b2:b6:21:90:f4:78:1d:94:c7:e2:1c:b7:30:8e:d3:73:4b:bd:
         0d:ed:25:38:0b:4a:2b:8b:cd:9c:07:b1:54:8a:17:35:38:8f:
         ff:d2:53:f9:ea:c3:db:b7:80:e8:22:34:f0:5b:18:a9:7e:94:
         46:84:36:89
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHVQgqR9atxcHJPnsI7IloGTqCNIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MDUxNDIzNTVaFw0yNzA1MDQxNDI4NTVaMDMxMTAvBgNV
BAMTKDRBMzBBMjgwNEIzMjI4QjNDNjk0MTU0ODA2MDYwRUM0QUY1MDRBODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPPcMFy6ZjI/H0RzpfXcZld5Ff
v+It2EWS3B9Bz0hh0u+hpv91a9lvp+W0+4B2WnWQYgC4Cl3cUO8Eo7dVzYZ0LiEL
U/NHXf+wDQu1NWgnmDNJt5GoDtOdFLT4bUVzrhBKIMdV654qQKlA6e4sw652/Er9
+aD11pLqyTcLQk+G8ePmKWaDhkN4eNTmz/gDIhATqmOeLdmK+mCQQrBPxzsQ8Op3
SjrH4okepJ8V+akpe7Rze+U9OnQCT+kQR+4J7osXDExLgxZ66EWZM3j7U1vzXWto
yA8aPuigMhzSkb1jfskzJfi1hlxN3Em/WQW3rVsffWd09P8idF8YSzxzL03zAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSjCigEsyKLPGlBVIBgYOxK9QSoUwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMjMyMzYzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
BTANBgkqhkiG9w0BAQsFAAOCAQEASmQsAMxXOWweTfXUdfSC66Vs8okMVPcl2dqE
FIC8+hP/cGIUQfkMzyQzx2LmC6bdDwci9c6TaI1ecQ9RWyN9df1byLBFak44ZTt+
vZJy2eKiKJKr4CpfHCZPp2QR8xTNAYM0umxpzwZQRBFTBNnWN/KPd9bCIAP5cOgM
icAvzycfIc+10QH1ZGS0HuzRMCTNa6yqATa8MgmuBCYAaQSQLwbfU29f2fl/tl2Q
ohOVzgQ1OzSIeg52NxFThwwzjNa17bxuL7oTsrYhkPR4HZTH4hy3MI7Tc0u9De0l
OAtKK4vNnAexVIoXNTiP/9JT+erD27eA6CI08FsYqX6URoQ2iQ==
-----END CERTIFICATE-----