Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230312e302f32342d3234203d3e20383334.roa
File:                     3231372e3231362e3230312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          vSVuFJWDs39YHYAsKAQjNeL/9osgMxOphl0h2k1iyTs=
Subject key identifier:   0B:2F:94:92:80:E6:E2:27:D3:0A:19:A7:97:88:1C:2E:E0:47:87:E9
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       111E20421AA234868F3875083B81787B5DEF6C3F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230312e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 11:42:53 +0000
ROA not before:           Mon 02 Mar 2026 11:37:53 +0000
ROA not after:            Mon 01 Mar 2027 11:42:53 +0000
asID:                     834
IP address blocks:        217.216.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:1e:20:42:1a:a2:34:86:8f:38:75:08:3b:81:78:7b:5d:ef:6c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  2 11:37:53 2026 GMT
            Not After : Mar  1 11:42:53 2027 GMT
        Subject: CN=0B2F949280E6E227D30A19A797881C2EE04787E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:94:d4:56:37:cf:30:43:c6:8f:57:c6:34:f5:
                    2b:d1:78:21:da:f2:db:77:28:d1:fb:7e:57:09:02:
                    d9:b9:d9:23:e2:30:b7:b9:bf:37:00:d8:ed:3b:c5:
                    72:4f:d6:eb:f1:2e:0f:ef:81:a0:c2:a1:90:d8:4e:
                    17:ee:50:a6:fb:91:4e:1d:0b:4e:65:80:3a:ee:31:
                    76:fb:59:a3:5f:50:8c:01:bf:46:1c:00:9a:c0:64:
                    66:04:55:d2:38:40:b6:c4:d8:b9:58:11:53:cb:f0:
                    0d:91:8d:67:fb:7a:4f:b1:62:10:49:05:ae:38:11:
                    ec:c4:c1:b1:b0:c2:3c:e4:8d:b7:96:60:02:8b:46:
                    09:ea:b6:79:b2:e6:9f:61:cc:97:42:32:4b:94:e6:
                    0d:ad:c8:c0:72:1e:7d:7a:12:83:68:d7:b4:8c:46:
                    c9:b3:86:e4:55:af:d5:fa:99:48:f0:62:ae:e7:6c:
                    2e:cf:5c:d6:35:cf:ec:f6:b4:b0:a6:f5:b1:cb:73:
                    77:ef:2d:52:3c:c7:fb:1c:28:68:7c:41:06:c0:13:
                    1e:75:e2:3f:fd:58:55:82:eb:8b:c2:0f:c4:34:d7:
                    f2:1d:39:83:44:c5:29:f8:6d:3c:15:54:93:fa:a1:
                    3b:ce:de:d3:01:07:10:3d:50:f0:e6:59:3e:20:1b:
                    62:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2F:94:92:80:E6:E2:27:D3:0A:19:A7:97:88:1C:2E:E0:47:87:E9
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:6f:34:67:17:cc:b6:ea:3f:13:d2:1b:90:68:60:15:e5:3b:
         31:7f:1c:ba:8d:6c:d0:48:83:b5:b8:f0:e8:b6:d9:58:b6:3b:
         8c:78:77:f3:10:fe:06:4d:54:c7:9e:b3:f2:3d:fa:9a:d4:53:
         5a:a6:99:3b:dc:79:4c:50:98:e8:d3:45:2e:b1:33:7e:80:2c:
         d8:a2:a3:88:58:b3:1c:67:91:8d:e5:7a:ae:9a:6e:fc:b6:55:
         71:89:33:c0:6c:d4:1e:f6:a9:57:22:64:73:c8:0f:13:90:49:
         bd:1b:38:2d:f3:5c:ad:07:06:cd:77:94:5e:20:25:13:0e:9c:
         9d:c6:e1:f9:6d:3b:a2:70:7f:ec:f4:d6:3a:9f:e7:b9:26:16:
         5f:6b:db:6f:ab:25:e6:3b:e5:ab:89:a9:ff:a3:88:9e:09:13:
         f7:d1:d0:10:cf:b1:8f:36:7b:a0:8a:c8:a9:ba:cb:ba:3e:35:
         72:5e:ce:60:73:d7:ec:f3:b5:cb:d6:f2:b5:41:3c:3f:2c:69:
         b4:36:50:98:2c:b1:e4:06:25:c3:5b:d1:15:2b:95:c7:fe:e8:
         48:87:93:6b:1e:d1:0b:42:bd:f1:60:fc:04:b5:b5:71:81:11:
         d8:99:9b:09:7a:4f:e3:8e:1e:06:f7:c8:ee:58:58:d4:e4:f1:
         4b:e9:81:a6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUER4gQhqiNIaPOHUIO4F4e13vbD8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMDIxMTM3NTNaFw0yNzAzMDExMTQyNTNaMDMxMTAvBgNV
BAMTKDBCMkY5NDkyODBFNkUyMjdEMzBBMTlBNzk3ODgxQzJFRTA0Nzg3RTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOlNRWN88wQ8aPV8Y09SvReCHa
8tt3KNH7flcJAtm52SPiMLe5vzcA2O07xXJP1uvxLg/vgaDCoZDYThfuUKb7kU4d
C05lgDruMXb7WaNfUIwBv0YcAJrAZGYEVdI4QLbE2LlYEVPL8A2RjWf7ek+xYhBJ
Ba44EezEwbGwwjzkjbeWYAKLRgnqtnmy5p9hzJdCMkuU5g2tyMByHn16EoNo17SM
RsmzhuRVr9X6mUjwYq7nbC7PXNY1z+z2tLCm9bHLc3fvLVI8x/scKGh8QQbAEx51
4j/9WFWC64vCD8Q01/IdOYNExSn4bTwVVJP6oTvO3tMBBxA9UPDmWT4gG2JXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCy+UkoDm4ifTChmnl4gcLuBHh+kwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzAzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnY
yTANBgkqhkiG9w0BAQsFAAOCAQEAI280ZxfMtuo/E9IbkGhgFeU7MX8cuo1s0EiD
tbjw6LbZWLY7jHh38xD+Bk1Ux56z8j36mtRTWqaZO9x5TFCY6NNFLrEzfoAs2KKj
iFizHGeRjeV6rppu/LZVcYkzwGzUHvapVyJkc8gPE5BJvRs4LfNcrQcGzXeUXiAl
Ew6cncbh+W07onB/7PTWOp/nuSYWX2vbb6sl5jvlq4mp/6OIngkT99HQEM+xjzZ7
oIrIqbrLuj41cl7OYHPX7PO1y9bytUE8PyxptDZQmCyx5AYlw1vRFSuVx/7oSIeT
ax7RC0K98WD8BLW1cYER2JmbCXpP444eBvfI7lhY1OTxS+mBpg==
-----END CERTIFICATE-----