Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e382e302f32342d3234203d3e20333939363331.roa
File:                     3231372e32352e382e302f32342d3234203d3e20333939363331.roa (raw, json)
Hash identifier:          liRAHxY1zWqdiQcxc2Hwg5kJJEz2RCHG2+ULjCE1an8=
Subject key identifier:   6D:60:A9:03:05:37:FD:3A:8B:CC:34:19:B8:86:03:D8:54:5A:92:8D
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       3A91262CA9E5ACE3F53F702D8690CD0F0EE6138E
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e382e302f32342d3234203d3e20333939363331.roa
Signing time:             Thu 18 Jun 2026 06:23:09 +0000
ROA not before:           Thu 18 Jun 2026 06:18:09 +0000
ROA not after:            Thu 17 Jun 2027 06:23:09 +0000
asID:                     399631
IP address blocks:        217.25.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 00:35:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:91:26:2c:a9:e5:ac:e3:f5:3f:70:2d:86:90:cd:0f:0e:e6:13:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Jun 18 06:18:09 2026 GMT
            Not After : Jun 17 06:23:09 2027 GMT
        Subject: CN=6D60A9030537FD3A8BCC3419B88603D8545A928D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:32:5d:99:bc:a2:3f:a4:62:a3:94:ee:9f:a8:
                    c6:f7:ef:23:d7:b1:5b:ce:81:5d:6d:2b:30:18:52:
                    3c:cc:0c:39:a8:dc:1d:79:54:fc:e8:36:cb:e8:a5:
                    2e:55:8e:ef:2e:17:48:52:a7:1b:e8:25:2c:42:04:
                    9c:2a:d5:47:ff:9b:9b:c7:28:ba:58:d2:a1:07:bb:
                    55:18:0e:38:2a:03:9a:c6:f4:8b:ea:35:c2:c6:9a:
                    8a:46:81:af:6b:a7:c5:f2:c4:9e:af:13:d6:12:a0:
                    da:60:d8:48:8b:84:74:89:38:13:a8:0c:88:1c:96:
                    b0:58:f9:01:81:3f:d3:72:1e:10:f1:05:43:dd:02:
                    32:65:87:cf:ca:9d:37:62:0f:c9:f1:74:21:1d:d1:
                    e1:9f:86:92:6e:85:e4:16:d7:2c:0d:fd:ad:e1:5e:
                    b1:80:be:98:0a:e9:cb:6f:e0:fa:c9:38:b2:65:7d:
                    cf:1d:f1:ca:b6:f7:63:7f:19:ca:33:3f:83:b3:01:
                    e5:ff:af:0a:f3:bb:57:4d:72:92:69:3f:7b:4e:33:
                    46:9a:d7:e6:ce:bb:9e:89:09:f7:bf:1a:0a:8d:27:
                    b8:57:0c:e1:5f:4f:66:f9:8a:36:d6:69:88:37:f4:
                    ee:dd:b5:2a:69:68:bb:32:d1:13:2c:c1:77:26:f7:
                    14:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:60:A9:03:05:37:FD:3A:8B:CC:34:19:B8:86:03:D8:54:5A:92:8D
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e382e302f32342d3234203d3e20333939363331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:cb:38:26:6e:fe:1a:be:d5:32:21:01:a2:d3:21:8b:a2:d3:
         75:76:a9:30:0b:9b:62:2e:0d:4b:5a:15:c6:d6:65:d9:40:26:
         6a:d0:6a:4b:81:7e:f6:61:32:08:2a:f3:71:3b:25:a9:40:62:
         89:e5:18:e0:d5:2e:5b:6a:3a:d0:e5:29:a0:11:20:12:9f:d8:
         15:0e:5f:a1:53:54:5c:4a:5a:84:c7:e1:b2:c4:00:21:94:1a:
         9d:b3:9f:7d:ab:34:ed:91:22:99:f6:34:d1:1a:2b:08:13:b3:
         f8:a7:83:bf:ce:e0:c3:4e:d0:dd:44:c1:99:32:be:e3:9a:5c:
         e4:79:e6:d5:45:34:2c:68:11:17:0b:a5:d6:b8:84:0a:74:b7:
         0f:2e:8e:3c:f1:31:83:a9:4e:1a:0d:7a:2d:01:1a:38:ca:c4:
         59:ac:b9:9f:e5:22:54:7d:0a:07:97:fe:17:29:96:dd:d2:69:
         6b:9d:6e:0d:32:1b:42:77:5d:31:fa:54:61:24:28:3f:2f:ec:
         ca:b7:a9:81:3d:81:0b:4d:99:0f:bf:55:4f:58:60:41:4d:66:
         3c:8f:98:65:0f:38:70:e0:88:25:9f:26:07:17:af:12:d0:f5:
         cf:f3:d0:2d:eb:80:bf:0f:73:3f:6f:e1:c4:7f:2e:b1:74:27:
         ca:b2:9a:33
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOpEmLKnlrOP1P3AthpDNDw7mE44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA2MTgwNjE4MDlaFw0yNzA2MTcwNjIzMDlaMDMxMTAvBgNV
BAMTKDZENjBBOTAzMDUzN0ZEM0E4QkNDMzQxOUI4ODYwM0Q4NTQ1QTkyOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIMl2ZvKI/pGKjlO6fqMb37yPX
sVvOgV1tKzAYUjzMDDmo3B15VPzoNsvopS5Vju8uF0hSpxvoJSxCBJwq1Uf/m5vH
KLpY0qEHu1UYDjgqA5rG9IvqNcLGmopGga9rp8XyxJ6vE9YSoNpg2EiLhHSJOBOo
DIgclrBY+QGBP9NyHhDxBUPdAjJlh8/KnTdiD8nxdCEd0eGfhpJuheQW1ywN/a3h
XrGAvpgK6ctv4PrJOLJlfc8d8cq292N/GcozP4OzAeX/rwrzu1dNcpJpP3tOM0aa
1+bOu56JCfe/GgqNJ7hXDOFfT2b5ijbWaYg39O7dtSppaLsy0RMswXcm9xR7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbWCpAwU3/TqLzDQZuIYD2FRako0wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzOTM2MzMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
CDANBgkqhkiG9w0BAQsFAAOCAQEAGss4Jm7+Gr7VMiEBotMhi6LTdXapMAubYi4N
S1oVxtZl2UAmatBqS4F+9mEyCCrzcTslqUBiieUY4NUuW2o60OUpoBEgEp/YFQ5f
oVNUXEpahMfhssQAIZQanbOffas07ZEimfY00RorCBOz+KeDv87gw07Q3UTBmTK+
45pc5Hnm1UU0LGgRFwul1riECnS3Dy6OPPExg6lOGg16LQEaOMrEWay5n+UiVH0K
B5f+FymW3dJpa51uDTIbQnddMfpUYSQoPy/syrepgT2BC02ZD79VT1hgQU1mPI+Y
ZQ84cOCIJZ8mBxevEtD1z/PQLeuAvw9zP2/hxH8usXQnyrKaMw==
-----END CERTIFICATE-----