Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e302e302f31392d3234203d3e2032393134.roa
File:                     3231372e3231362e302e302f31392d3234203d3e2032393134.roa (raw, json)
Hash identifier:          RbMYrgtjdtjIu7akwmcEcB0QijCQWNywhPpcjYfSo0k=
Subject key identifier:   4E:16:9D:A2:02:BB:DB:B5:B1:DF:23:73:D1:E2:A0:FC:F6:6E:FA:BA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       7F959EB777B4580F27EF555FAFCB2FA291E676C6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e302e302f31392d3234203d3e2032393134.roa
Signing time:             Thu 07 Aug 2025 07:51:05 +0000
ROA not before:           Thu 07 Aug 2025 07:46:05 +0000
ROA not after:            Thu 06 Aug 2026 07:51:05 +0000
asID:                     2914
IP address blocks:        217.216.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 03:22:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:95:9e:b7:77:b4:58:0f:27:ef:55:5f:af:cb:2f:a2:91:e6:76:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug  7 07:46:05 2025 GMT
            Not After : Aug  6 07:51:05 2026 GMT
        Subject: CN=4E169DA202BBDBB5B1DF2373D1E2A0FCF66EFABA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:3f:61:e8:87:b1:56:f3:ed:2c:5b:e6:e7:95:
                    87:7a:82:45:65:8d:50:da:51:ec:f9:00:4f:d6:4a:
                    ff:e0:2f:10:83:c8:4c:2d:81:b9:77:ad:d8:48:90:
                    57:ba:75:41:33:81:d3:71:16:16:e8:e6:95:b2:d1:
                    e6:50:ff:e9:b6:95:88:ed:40:18:65:7a:ea:85:ea:
                    30:01:da:26:86:8a:88:c4:73:81:8d:0a:5e:fb:11:
                    b0:8f:f4:66:bf:c6:28:b7:ba:82:d4:83:1b:69:ea:
                    54:14:fd:11:77:1b:3d:44:d6:d5:4b:96:11:80:d2:
                    33:c1:7a:f8:bb:ed:91:43:9f:d9:97:ae:71:45:c6:
                    40:fa:84:e3:ab:77:2e:26:33:87:e7:97:0c:d4:89:
                    49:e2:a1:59:5f:15:ae:4f:a1:ab:55:62:9f:b9:7c:
                    30:fc:c9:a2:a2:f9:f5:6c:03:e4:9c:57:1f:01:80:
                    4e:9d:12:70:d1:3e:c3:65:0e:4b:36:f4:5a:5a:53:
                    e4:e4:73:93:56:5e:f9:de:f3:b9:a9:af:fd:7c:38:
                    69:32:cc:3f:16:19:12:99:ea:e3:e2:af:40:8b:00:
                    41:65:e9:a1:d0:0c:19:51:9d:e9:12:b5:4a:10:af:
                    12:23:cd:8d:e1:bc:b3:60:e7:39:c0:3e:3f:fe:5e:
                    81:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:16:9D:A2:02:BB:DB:B5:B1:DF:23:73:D1:E2:A0:FC:F6:6E:FA:BA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e302e302f31392d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6f:e3:47:00:6f:96:5a:29:f9:2d:86:5f:06:30:5e:df:c3:e8:
         ae:d9:8f:f6:3b:ef:36:01:48:eb:e4:45:ff:1b:18:4c:6a:11:
         2b:df:32:c0:4e:13:7a:da:ee:0b:c0:89:5c:d6:32:c4:85:8a:
         ff:e9:1b:45:f2:03:e8:0d:99:e4:9e:cf:19:61:2a:6c:82:0f:
         72:98:47:da:d1:84:b6:40:99:63:5d:5f:19:42:4c:e2:c3:39:
         41:54:e6:90:fd:7f:70:40:6b:f4:19:8e:d3:78:be:62:4c:05:
         4e:70:8c:8b:40:e7:6c:99:67:c3:28:e3:46:2c:83:f4:e3:96:
         31:3f:96:43:81:3f:0b:42:1f:a2:78:e6:98:90:10:fd:92:20:
         2d:eb:71:0b:cd:2f:2b:89:fd:74:50:0b:f8:0f:9e:61:d3:14:
         fa:fa:86:23:70:f0:88:86:f1:93:c4:fa:de:6c:f6:36:05:af:
         37:5d:c3:e8:69:e8:67:9b:a7:03:bf:cd:94:a4:40:e3:3f:0c:
         fb:4d:b4:c3:78:47:a9:83:30:95:95:97:84:2e:f8:fa:58:ac:
         51:33:cc:0e:10:19:ef:e1:82:86:f2:84:a7:76:86:0c:5f:68:
         e2:6b:23:ba:42:1f:99:95:c1:71:21:8c:32:c0:70:9f:c0:93:
         32:f0:f6:13
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUf5Wet3e0WA8n71Vfr8svopHmdsYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MDcwNzQ2MDVaFw0yNjA4MDYwNzUxMDVaMDMxMTAvBgNV
BAMTKDRFMTY5REEyMDJCQkRCQjVCMURGMjM3M0QxRTJBMEZDRjY2RUZBQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwP2Hoh7FW8+0sW+bnlYd6gkVl
jVDaUez5AE/WSv/gLxCDyEwtgbl3rdhIkFe6dUEzgdNxFhbo5pWy0eZQ/+m2lYjt
QBhleuqF6jAB2iaGiojEc4GNCl77EbCP9Ga/xii3uoLUgxtp6lQU/RF3Gz1E1tVL
lhGA0jPBevi77ZFDn9mXrnFFxkD6hOOrdy4mM4fnlwzUiUnioVlfFa5PoatVYp+5
fDD8yaKi+fVsA+ScVx8BgE6dEnDRPsNlDks29FpaU+Tkc5NWXvne87mpr/18OGky
zD8WGRKZ6uPir0CLAEFl6aHQDBlRnekStUoQrxIjzY3hvLNg5znAPj/+XoHNAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUThadogK727Wx3yNz0eKg/PZu+rowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMw
MmUzMDJmMzEzOTJkMzIzNDIwM2QzZTIwMzIzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAXZ2AAw
DQYJKoZIhvcNAQELBQADggEBAG/jRwBvllop+S2GXwYwXt/D6K7Zj/Y77zYBSOvk
Rf8bGExqESvfMsBOE3ra7gvAiVzWMsSFiv/pG0XyA+gNmeSezxlhKmyCD3KYR9rR
hLZAmWNdXxlCTOLDOUFU5pD9f3BAa/QZjtN4vmJMBU5wjItA52yZZ8Mo40Ysg/Tj
ljE/lkOBPwtCH6J45piQEP2SIC3rcQvNLyuJ/XRQC/gPnmHTFPr6hiNw8IiG8ZPE
+t5s9jYFrzddw+hp6GebpwO/zZSkQOM/DPtNtMN4R6mDMJWVl4Qu+PpYrFEzzA4Q
Ge/hgobyhKd2hgxfaOJrI7pCH5mVwXEhjDLAcJ/AkzLw9hM=
-----END CERTIFICATE-----