Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3132382e302f32302d3234203d3e20383334.roa
File:                     3231372e3231362e3132382e302f32302d3234203d3e20383334.roa (raw, json)
Hash identifier:          PYdSS/8/17GKJ9Y9pZDlGJigoPbOUuXIY+Ix+WxUT/A=
Subject key identifier:   58:A3:15:C6:7F:E2:C2:42:B9:47:BD:33:21:1A:E6:FA:FB:A0:6E:D1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2EFF214D9A9F0A55E42F3991F818DBDC6140E5D0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3132382e302f32302d3234203d3e20383334.roa
Signing time:             Sat 13 Jun 2026 12:27:18 +0000
ROA not before:           Sat 13 Jun 2026 12:22:18 +0000
ROA not after:            Sat 12 Jun 2027 12:27:18 +0000
asID:                     834
IP address blocks:        217.216.128.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ff:21:4d:9a:9f:0a:55:e4:2f:39:91:f8:18:db:dc:61:40:e5:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 12:22:18 2026 GMT
            Not After : Jun 12 12:27:18 2027 GMT
        Subject: CN=58A315C67FE2C242B947BD33211AE6FAFBA06ED1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0c:a0:88:e9:d2:96:6b:83:f1:2f:b3:84:1e:
                    32:4e:dd:6a:1b:29:c3:a6:3c:3b:62:c9:2b:9c:80:
                    99:18:32:11:82:b2:10:76:72:1b:81:f1:ec:fe:2e:
                    df:26:5a:b8:55:a0:40:5f:bc:ae:3a:07:ce:14:a1:
                    d5:8d:b9:8e:0b:13:3b:44:51:31:58:6b:12:16:d5:
                    e2:28:7b:5b:67:40:8e:c5:bb:58:a7:d5:94:8c:a8:
                    c4:b2:ec:fc:9e:db:07:bc:2f:d8:3c:1e:3b:fb:9d:
                    1e:80:73:bd:64:33:6a:f5:6a:4d:ca:9f:aa:be:24:
                    31:4f:01:41:88:ab:66:72:22:72:c1:00:a7:36:e7:
                    cc:73:d0:fb:91:2c:c4:bb:02:1d:d1:c9:cc:1c:31:
                    7b:3d:bf:1a:c1:c0:52:93:b2:a9:2b:6d:6e:6c:0d:
                    d4:32:9d:9c:cb:0e:f5:34:5b:07:0b:17:b1:df:0f:
                    66:45:d8:71:5d:92:71:bc:93:bf:69:b6:d9:ac:7b:
                    3d:6e:01:9f:ef:5d:97:c7:14:f5:7b:84:4d:74:82:
                    4f:a8:7e:f6:cf:26:ba:61:70:1c:a3:5b:73:c4:77:
                    98:0e:ef:07:93:dd:91:60:bf:80:1c:d0:1b:4e:cf:
                    da:88:37:5d:09:81:2c:b9:a6:00:f8:87:fc:29:f6:
                    a6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A3:15:C6:7F:E2:C2:42:B9:47:BD:33:21:1A:E6:FA:FB:A0:6E:D1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3132382e302f32302d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0f:b2:de:46:e4:02:a9:7a:72:72:71:d8:89:aa:c4:53:16:75:
         84:c6:09:f0:f0:c6:a3:22:7a:3f:eb:9e:51:e9:72:8a:8b:02:
         8e:39:19:fa:a4:3c:1e:84:c2:2f:6e:23:58:69:83:03:29:18:
         25:2b:73:de:74:76:66:08:30:73:b8:d7:5f:a9:90:78:c0:84:
         b9:90:ad:15:39:fe:0e:ac:95:c7:6e:aa:02:db:8b:35:f8:ea:
         19:a2:64:5b:20:f5:38:04:46:45:e7:1e:4e:b8:55:f1:25:0b:
         91:d4:00:0d:5d:ca:d1:32:1a:e8:45:08:43:0f:b7:4c:a5:87:
         8e:05:ff:d2:d7:96:d2:4a:cc:35:dc:16:04:d3:26:15:39:a8:
         0a:15:aa:97:59:f9:1d:01:9f:c9:9c:c6:20:20:e0:a1:68:25:
         a4:a5:69:a3:8f:8a:fe:85:3c:0d:72:44:b2:f0:83:3f:8f:47:
         b3:1f:43:06:43:b6:b4:1a:ec:62:f7:d2:d1:ce:b2:60:f6:d7:
         e2:3b:f1:f1:1b:4d:92:92:1a:b4:2e:6f:aa:70:76:99:3a:ae:
         b0:55:a6:2f:e5:d2:5a:73:fd:96:67:1e:1a:11:bf:be:1f:e3:
         21:b0:72:bd:43:4b:f5:d4:0d:18:81:78:13:a5:69:1d:9f:3b:
         e7:97:a6:a1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULv8hTZqfClXkLzmR+Bjb3GFA5dAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MTMxMjIyMThaFw0yNzA2MTIxMjI3MThaMDMxMTAvBgNV
BAMTKDU4QTMxNUM2N0ZFMkMyNDJCOTQ3QkQzMzIxMUFFNkZBRkJBMDZFRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvDKCI6dKWa4PxL7OEHjJO3Wob
KcOmPDtiySucgJkYMhGCshB2chuB8ez+Lt8mWrhVoEBfvK46B84UodWNuY4LEztE
UTFYaxIW1eIoe1tnQI7Fu1in1ZSMqMSy7Pye2we8L9g8Hjv7nR6Ac71kM2r1ak3K
n6q+JDFPAUGIq2ZyInLBAKc258xz0PuRLMS7Ah3RycwcMXs9vxrBwFKTsqkrbW5s
DdQynZzLDvU0WwcLF7HfD2ZF2HFdknG8k79pttmsez1uAZ/vXZfHFPV7hE10gk+o
fvbPJrphcByjW3PEd5gO7weT3ZFgv4Ac0BtOz9qIN10JgSy5pgD4h/wp9qbTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWKMVxn/iwkK5R70zIRrm+vugbtEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMx
MzIzODJlMzAyZjMyMzAyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBNnY
gDANBgkqhkiG9w0BAQsFAAOCAQEAD7LeRuQCqXpycnHYiarEUxZ1hMYJ8PDGoyJ6
P+ueUelyiosCjjkZ+qQ8HoTCL24jWGmDAykYJStz3nR2Zggwc7jXX6mQeMCEuZCt
FTn+DqyVx26qAtuLNfjqGaJkWyD1OARGReceTrhV8SULkdQADV3K0TIa6EUIQw+3
TKWHjgX/0teW0krMNdwWBNMmFTmoChWql1n5HQGfyZzGICDgoWglpKVpo4+K/oU8
DXJEsvCDP49Hsx9DBkO2tBrsYvfS0c6yYPbX4jvx8RtNkpIatC5vqnB2mTqusFWm
L+XSWnP9lmceGhG/vh/jIbByvUNL9dQNGIF4E6VpHZ8755emoQ==
-----END CERTIFICATE-----