Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e392e302f32342d3234203d3e203230393135.roa
File:                     3231372e32352e392e302f32342d3234203d3e203230393135.roa (raw, json)
Hash identifier:          rmdhD9oEv5bK0HHyZCb7v/EPNkPHtC4nPe4iuyupLhE=
Subject key identifier:   ED:C5:9A:76:30:A8:78:F9:08:65:6F:FD:C0:40:37:C3:5B:F6:CF:86
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       1A1C7C875CF2A9E8699AC7ABCC57C4A1C6B7605B
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e392e302f32342d3234203d3e203230393135.roa
Signing time:             Mon 02 Mar 2026 11:38:35 +0000
ROA not before:           Mon 02 Mar 2026 11:33:35 +0000
ROA not after:            Mon 01 Mar 2027 11:38:35 +0000
asID:                     20915
IP address blocks:        217.25.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:1c:7c:87:5c:f2:a9:e8:69:9a:c7:ab:cc:57:c4:a1:c6:b7:60:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Mar  2 11:33:35 2026 GMT
            Not After : Mar  1 11:38:35 2027 GMT
        Subject: CN=EDC59A7630A878F908656FFDC04037C35BF6CF86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:cb:94:88:65:52:bc:b2:c2:86:1d:1f:45:60:
                    ed:b9:04:13:c7:ec:04:c7:b9:f0:25:60:26:c5:c9:
                    35:59:f4:cd:63:a8:fc:24:7a:26:b7:08:47:40:e0:
                    05:1e:40:54:3f:50:71:aa:12:d8:d8:c2:3a:5b:aa:
                    2a:2e:5a:32:cc:b8:89:74:7a:0e:28:0b:ff:44:0a:
                    b3:eb:c0:da:29:ca:e5:5f:0e:7c:63:1b:19:ed:f4:
                    19:de:d3:1d:11:ca:28:6a:63:83:a7:9d:3f:6c:03:
                    8a:b7:7f:a2:40:d4:87:a0:71:82:f1:a1:b0:91:06:
                    6a:d8:1c:25:42:07:79:3b:9e:9d:25:8b:39:cc:51:
                    48:02:7c:ec:cc:cb:13:a0:d8:93:37:28:73:57:b0:
                    89:b2:03:1e:8c:61:3a:9c:f9:f1:b0:09:ca:7d:93:
                    c3:25:53:88:64:75:a6:39:ab:05:bc:ac:85:30:f4:
                    99:0e:83:f0:67:31:9f:a9:34:cd:eb:f3:a9:c1:87:
                    ad:e9:f9:45:fd:f8:ac:53:6a:9c:a7:18:45:51:bc:
                    c5:65:a0:09:d9:cf:c3:85:6a:db:e7:a7:de:5b:6e:
                    a5:a6:2e:2d:11:d4:6a:19:3e:de:67:58:70:78:a6:
                    91:70:0e:f6:02:f3:b4:09:4c:d3:a7:8c:2e:a2:77:
                    fe:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C5:9A:76:30:A8:78:F9:08:65:6F:FD:C0:40:37:C3:5B:F6:CF:86
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e392e302f32342d3234203d3e203230393135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:81:cd:39:30:ad:d9:46:c6:78:6c:e7:90:e0:5b:dc:cc:79:
         ae:3c:02:06:ae:e5:07:69:68:67:ef:03:be:a7:0f:a5:e4:40:
         0f:05:f1:3a:8d:b6:51:3b:95:c6:8c:00:af:08:57:5e:d8:13:
         05:ea:4c:87:d3:e8:bc:e3:51:0d:b8:17:b6:bc:48:3c:38:e5:
         8f:68:32:d0:b2:e4:cd:5f:bf:01:42:29:52:bc:51:28:4e:52:
         59:91:50:89:9d:f3:d8:89:36:37:76:c2:31:0c:c6:35:0b:b0:
         d5:4f:9d:28:cc:b2:e0:93:2e:b6:62:d9:f3:3f:67:d7:26:bf:
         01:01:9e:50:c2:dd:9a:1b:72:c9:7c:86:22:85:8e:c3:82:65:
         8c:84:c3:17:62:93:e7:a6:bd:e1:2f:ea:0d:c6:0c:0c:c7:e6:
         9d:36:c4:1d:f1:ae:47:9a:01:06:e6:f6:90:68:3d:d1:fc:0a:
         b2:e7:1e:a3:c3:64:a3:4d:24:a1:fd:57:cd:29:73:d7:66:ea:
         1c:5e:c3:8e:03:ed:ef:ea:3b:06:7f:0d:34:6c:2f:d6:76:7e:
         72:df:00:dc:c6:ed:32:eb:e9:8c:2f:46:01:ce:e3:49:41:d3:
         bc:01:22:58:14:67:cd:71:45:6a:35:35:58:39:ba:92:72:cd:
         a3:e4:0d:4b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGhx8h1zyqehpmserzFfEoca3YFswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzVaFw0yNzAzMDExMTM4MzVaMDMxMTAvBgNV
BAMTKEVEQzU5QTc2MzBBODc4RjkwODY1NkZGREMwNDAzN0MzNUJGNkNGODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5y5SIZVK8ssKGHR9FYO25BBPH
7ATHufAlYCbFyTVZ9M1jqPwkeia3CEdA4AUeQFQ/UHGqEtjYwjpbqiouWjLMuIl0
eg4oC/9ECrPrwNopyuVfDnxjGxnt9Bne0x0RyihqY4OnnT9sA4q3f6JA1IegcYLx
obCRBmrYHCVCB3k7np0liznMUUgCfOzMyxOg2JM3KHNXsImyAx6MYTqc+fGwCcp9
k8MlU4hkdaY5qwW8rIUw9JkOg/BnMZ+pNM3r86nBh63p+UX9+KxTapynGEVRvMVl
oAnZz8OFatvnp95bbqWmLi0R1GoZPt5nWHB4ppFwDvYC87QJTNOnjC6id/6xAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU7cWadjCoePkIZW/9wEA3w1v2z4YwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTMxMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADZGQkw
DQYJKoZIhvcNAQELBQADggEBACyBzTkwrdlGxnhs55DgW9zMea48Agau5QdpaGfv
A76nD6XkQA8F8TqNtlE7lcaMAK8IV17YEwXqTIfT6LzjUQ24F7a8SDw45Y9oMtCy
5M1fvwFCKVK8UShOUlmRUImd89iJNjd2wjEMxjULsNVPnSjMsuCTLrZi2fM/Z9cm
vwEBnlDC3Zobcsl8hiKFjsOCZYyEwxdik+emveEv6g3GDAzH5p02xB3xrkeaAQbm
9pBoPdH8CrLnHqPDZKNNJKH9V80pc9dm6hxew44D7e/qOwZ/DTRsL9Z2fnLfANzG
7TLr6YwvRgHO40lB07wBIlgUZ81xRWo1NVg5upJyzaPkDUs=
-----END CERTIFICATE-----