Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e38352e32382e302f32332d3234203d3e203437353833.roa
File:                     3231322e38352e32382e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          Ktx+rFf+MO6NaaZ2QJtWeF34xGUg3Ml5D08G+ywiCVo=
Subject key identifier:   52:48:12:7D:F1:B5:1B:28:4F:99:36:0B:0E:51:EB:63:E3:0E:0A:4D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0A5D4E7C14DCF789B2B1F0D44DD0BBEE637E34A0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e38352e32382e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 10 Mar 2025 15:46:46 +0000
ROA not before:           Mon 10 Mar 2025 15:41:46 +0000
ROA not after:            Mon 09 Mar 2026 15:46:46 +0000
asID:                     47583
IP address blocks:        212.85.28.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:5d:4e:7c:14:dc:f7:89:b2:b1:f0:d4:4d:d0:bb:ee:63:7e:34:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 10 15:41:46 2025 GMT
            Not After : Mar  9 15:46:46 2026 GMT
        Subject: CN=5248127DF1B51B284F99360B0E51EB63E30E0A4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:1c:b2:f5:dc:e0:eb:99:52:f8:8e:14:31:57:
                    06:4b:85:31:5c:65:ee:84:ee:ab:99:91:f3:8e:d9:
                    21:a8:de:a6:81:1c:01:d2:e9:78:cd:56:21:a0:89:
                    cc:18:80:11:33:7e:b4:bf:c9:4f:78:72:c5:8b:de:
                    98:f6:a2:76:68:b8:2a:8b:40:c5:44:87:72:c7:12:
                    8b:89:41:21:47:c0:43:0f:37:5a:6a:03:b4:1d:f9:
                    76:2a:f0:2a:16:94:2a:23:aa:74:76:30:01:18:1d:
                    5f:c9:4d:85:54:79:83:38:30:dd:27:e3:17:ae:60:
                    5a:54:a1:ec:89:c2:2c:f1:31:40:02:b1:9e:fb:8f:
                    1c:ea:e5:e9:e6:34:00:f8:a9:74:bf:66:88:ed:aa:
                    a2:7c:ea:ff:32:31:79:1a:d7:1a:18:a4:40:81:8c:
                    18:30:ff:56:07:8e:af:ff:39:f8:37:6b:9b:8b:6c:
                    70:9c:06:e5:2e:24:74:c7:07:d7:21:21:07:98:06:
                    cc:79:de:bd:01:3a:23:c4:d3:55:3f:a6:fc:99:91:
                    10:6f:10:06:be:36:a4:29:97:49:a4:58:e9:21:21:
                    f7:62:9e:f7:2a:ed:aa:ce:e0:6e:51:15:2a:7f:da:
                    39:db:9b:96:ef:63:b9:c8:c7:61:10:e8:58:9f:bd:
                    a8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:48:12:7D:F1:B5:1B:28:4F:99:36:0B:0E:51:EB:63:E3:0E:0A:4D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e38352e32382e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.85.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:99:70:39:60:10:e4:50:55:76:5d:31:2d:9f:4e:56:fa:9c:
         5b:78:f8:6d:4b:80:ab:d6:d4:d8:88:18:2c:bc:b8:44:c2:6c:
         87:8a:2a:6f:5d:c3:88:fd:e2:73:ef:ff:dd:44:f8:b7:f5:0a:
         55:94:2a:3b:a2:18:12:5e:2f:19:15:40:4c:38:d9:e6:1f:75:
         49:17:7e:78:dd:7e:55:82:df:67:cd:90:4a:3f:bd:db:01:b5:
         86:4b:d2:66:2a:61:da:2a:6f:c5:96:0b:4a:4d:9f:87:22:5a:
         d8:be:af:34:30:db:1c:89:6b:55:2d:c8:0f:8e:79:c3:70:09:
         89:3f:47:3e:58:1d:7c:6c:31:75:cf:d2:37:64:49:68:3d:64:
         e1:64:90:15:6d:7c:c7:02:ae:33:3c:62:76:77:b7:13:11:8c:
         02:7f:1e:8b:86:d6:3a:ef:a4:53:e2:44:9b:05:e8:88:6f:f6:
         6d:02:7e:01:0f:23:d5:88:cc:12:ef:28:c2:93:5e:2d:5c:bc:
         ab:86:49:7f:1f:90:88:3e:02:28:0c:17:e4:82:e9:f5:f9:02:
         c2:b0:07:52:16:27:39:db:0e:ea:99:1a:e3:7d:4f:b7:07:03:
         03:79:df:53:49:d4:85:1d:26:1c:93:1d:f3:b7:83:67:1b:56:
         48:cf:e0:64
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCl1OfBTc94mysfDUTdC77mN+NKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAzMTAxNTQxNDZaFw0yNjAzMDkxNTQ2NDZaMDMxMTAvBgNV
BAMTKDUyNDgxMjdERjFCNTFCMjg0Rjk5MzYwQjBFNTFFQjYzRTMwRTBBNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyHLL13ODrmVL4jhQxVwZLhTFc
Ze6E7quZkfOO2SGo3qaBHAHS6XjNViGgicwYgBEzfrS/yU94csWL3pj2onZouCqL
QMVEh3LHEouJQSFHwEMPN1pqA7Qd+XYq8CoWlCojqnR2MAEYHV/JTYVUeYM4MN0n
4xeuYFpUoeyJwizxMUACsZ77jxzq5enmNAD4qXS/ZojtqqJ86v8yMXka1xoYpECB
jBgw/1YHjq//Ofg3a5uLbHCcBuUuJHTHB9chIQeYBsx53r0BOiPE01U/pvyZkRBv
EAa+NqQpl0mkWOkhIfdinvcq7arO4G5RFSp/2jnbm5bvY7nIx2EQ6FifvajdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUkgSffG1GyhPmTYLDlHrY+MOCk0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTMyMmUzODM1MmUzMjM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAdRV
HDANBgkqhkiG9w0BAQsFAAOCAQEATZlwOWAQ5FBVdl0xLZ9OVvqcW3j4bUuAq9bU
2IgYLLy4RMJsh4oqb13DiP3ic+//3UT4t/UKVZQqO6IYEl4vGRVATDjZ5h91SRd+
eN1+VYLfZ82QSj+92wG1hkvSZiph2ipvxZYLSk2fhyJa2L6vNDDbHIlrVS3ID455
w3AJiT9HPlgdfGwxdc/SN2RJaD1k4WSQFW18xwKuMzxidne3ExGMAn8ei4bWOu+k
U+JEmwXoiG/2bQJ+AQ8j1YjMEu8owpNeLVy8q4ZJfx+QiD4CKAwX5ILp9fkCwrAH
UhYnOdsO6pka431PtwcDA3nfU0nUhR0mHJMd87eDZxtWSM/gZA==
-----END CERTIFICATE-----