Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e35362e33322e302f32322d3332203d3e203430303231.roa
File:                     3231322e35362e33322e302f32322d3332203d3e203430303231.roa (raw, json)
Hash identifier:          29iynYgzdOQF8mmUTdmVqtLRCO5m/fJlmAJRdaiiGwQ=
Subject key identifier:   10:B5:35:6D:E1:08:C4:56:7D:0B:A7:FD:E9:95:4A:8F:5B:43:A7:96
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6EE75B19687E3E5BAB364E82B7DC383644C578BD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e35362e33322e302f32322d3332203d3e203430303231.roa
Signing time:             Tue 26 Aug 2025 16:47:25 +0000
ROA not before:           Tue 26 Aug 2025 16:42:25 +0000
ROA not after:            Tue 25 Aug 2026 16:47:25 +0000
asID:                     40021
IP address blocks:        212.56.32.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 18:29:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:e7:5b:19:68:7e:3e:5b:ab:36:4e:82:b7:dc:38:36:44:c5:78:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 26 16:42:25 2025 GMT
            Not After : Aug 25 16:47:25 2026 GMT
        Subject: CN=10B5356DE108C4567D0BA7FDE9954A8F5B43A796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c6:9b:ee:b9:1e:e8:16:1f:71:5c:a6:f6:9a:
                    0f:e8:af:04:07:48:b9:48:17:c4:46:95:46:01:65:
                    72:d7:6b:c7:39:2f:ef:98:0a:06:0d:bc:38:14:03:
                    f1:e4:1c:d1:5e:d3:2b:d9:9c:fe:f6:ed:6e:13:6a:
                    c5:bc:98:cb:fd:93:fe:0c:3a:21:1e:9f:e7:68:c8:
                    7e:38:e2:7b:73:2d:de:d7:f4:00:82:24:20:59:76:
                    a6:d9:b0:dc:af:2b:e0:73:69:66:8b:92:fe:cf:55:
                    95:c4:a7:67:6b:8c:46:2c:c8:0d:fb:d5:0a:5f:2a:
                    bf:b4:bc:80:c8:79:44:b7:1d:8c:61:72:03:4b:11:
                    41:02:41:4d:76:dd:71:aa:36:91:d4:2f:9f:63:0b:
                    65:4f:88:aa:98:cc:10:65:95:aa:39:c0:70:9e:26:
                    35:68:a4:d0:e6:37:75:91:86:40:0c:e8:ef:e8:6a:
                    c7:97:bd:e5:de:4b:10:5f:b7:a3:de:0f:96:ea:38:
                    71:b1:65:0a:75:58:a2:70:7a:12:db:12:a0:8e:7a:
                    5b:c7:f0:64:d3:5a:56:d2:d9:91:22:45:ab:a2:76:
                    5c:18:6a:a7:a7:da:b9:fa:19:78:5a:7b:16:65:ec:
                    c0:aa:dd:af:d0:5a:e1:c9:4d:d4:65:da:a4:f2:ba:
                    7f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:B5:35:6D:E1:08:C4:56:7D:0B:A7:FD:E9:95:4A:8F:5B:43:A7:96
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e35362e33322e302f32322d3332203d3e203430303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.56.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:74:02:0d:00:8f:43:e7:33:27:94:67:38:c5:be:43:44:52:
         bd:29:7c:ec:f1:57:62:05:65:5d:6c:27:ed:0c:0e:4e:fe:76:
         c8:d3:b0:55:97:c8:54:d1:03:84:a2:31:28:01:0d:35:47:8f:
         3a:58:56:6d:0d:ec:06:e7:32:42:76:6b:74:0c:0c:f8:e1:52:
         68:f8:bb:b9:93:ca:a2:41:cf:4d:45:2a:66:c7:ef:e6:63:60:
         c2:39:34:24:ff:49:8c:21:f5:08:67:c2:77:a4:61:6e:97:3a:
         85:4b:25:89:c0:75:97:87:fe:45:cc:16:c0:6b:be:47:4d:25:
         82:5b:68:c3:a5:3b:e2:fa:33:45:3f:04:0b:51:cc:cb:c7:66:
         ed:9c:64:5e:2f:22:ad:57:87:a3:42:d1:9f:9c:36:ee:91:e2:
         a4:7f:ba:02:18:56:cf:86:7a:7a:e4:0c:9b:6f:2d:a4:8b:5b:
         e1:50:45:fc:97:41:ad:05:f7:11:33:98:9d:c8:1d:ab:53:78:
         f8:ca:e8:07:56:a0:30:47:01:72:48:4d:6f:6f:70:23:2d:ad:
         68:ba:0c:07:b5:61:c4:e5:aa:9c:eb:02:6f:54:8c:70:40:25:
         3a:a4:86:65:51:96:5f:06:8c:90:6f:66:4a:dc:e0:b5:6f:96:
         8d:b3:97:78
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbudbGWh+PlurNk6Ct9w4NkTFeL0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjYxNjQyMjVaFw0yNjA4MjUxNjQ3MjVaMDMxMTAvBgNV
BAMTKDEwQjUzNTZERTEwOEM0NTY3RDBCQTdGREU5OTU0QThGNUI0M0E3OTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDxpvuuR7oFh9xXKb2mg/orwQH
SLlIF8RGlUYBZXLXa8c5L++YCgYNvDgUA/HkHNFe0yvZnP727W4TasW8mMv9k/4M
OiEen+doyH444ntzLd7X9ACCJCBZdqbZsNyvK+BzaWaLkv7PVZXEp2drjEYsyA37
1QpfKr+0vIDIeUS3HYxhcgNLEUECQU123XGqNpHUL59jC2VPiKqYzBBllao5wHCe
JjVopNDmN3WRhkAM6O/oaseXveXeSxBft6PeD5bqOHGxZQp1WKJwehLbEqCOelvH
8GTTWlbS2ZEiRauidlwYaqen2rn6GXhaexZl7MCq3a/QWuHJTdRl2qTyun8lAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUELU1beEIxFZ9C6f96ZVKj1tDp5YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTMyMmUzNTM2MmUzMzMy
MmUzMDJmMzIzMjJkMzMzMjIwM2QzZTIwMzQzMDMwMzIzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtQ4
IDANBgkqhkiG9w0BAQsFAAOCAQEAanQCDQCPQ+czJ5RnOMW+Q0RSvSl87PFXYgVl
XWwn7QwOTv52yNOwVZfIVNEDhKIxKAENNUePOlhWbQ3sBucyQnZrdAwM+OFSaPi7
uZPKokHPTUUqZsfv5mNgwjk0JP9JjCH1CGfCd6Rhbpc6hUslicB1l4f+RcwWwGu+
R00lgltow6U74vozRT8EC1HMy8dm7ZxkXi8irVeHo0LRn5w27pHipH+6AhhWz4Z6
euQMm28tpItb4VBF/JdBrQX3ETOYncgdq1N4+MroB1agMEcBckhNb29wIy2taLoM
B7VhxOWqnOsCb1SMcEAlOqSGZVGWXwaMkG9mStzgtW+WjbOXeA==
-----END CERTIFICATE-----