Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230312e302f32342d3234203d3e20383334.roa
File:                     3231372e3231362e3230312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          CdEn5kAZGUaonXjWzEhrdUifjc4y8/hgDgOlErh0GwM=
Subject key identifier:   7F:88:D3:4A:9B:EB:E6:44:EA:9E:CB:C2:69:FA:A3:8D:08:8B:F7:10
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3D58933FA655AC11EB6CC20BF0C86D716D5A0FF4
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230312e302f32342d3234203d3e20383334.roa
Signing time:             Fri 29 May 2026 04:54:20 +0000
ROA not before:           Fri 29 May 2026 04:49:20 +0000
ROA not after:            Fri 28 May 2027 04:54:20 +0000
asID:                     834
IP address blocks:        217.216.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:58:93:3f:a6:55:ac:11:eb:6c:c2:0b:f0:c8:6d:71:6d:5a:0f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 29 04:49:20 2026 GMT
            Not After : May 28 04:54:20 2027 GMT
        Subject: CN=7F88D34A9BEBE644EA9ECBC269FAA38D088BF710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b5:33:65:e3:b5:f3:47:8f:74:65:db:ca:1d:
                    66:a0:0c:30:6b:3e:f9:5f:92:d7:9c:b6:b7:12:c1:
                    29:96:97:24:44:4e:65:26:c2:ba:e8:7c:66:01:95:
                    9e:ff:29:f4:de:99:16:2d:cf:d9:25:fb:b0:2d:80:
                    bd:8f:33:41:ca:b8:a8:ae:ec:65:40:a1:bc:2a:a8:
                    a4:6b:eb:77:b0:60:de:67:ef:00:f5:6c:31:7b:40:
                    41:52:44:6b:c1:1b:90:bf:48:08:de:07:95:99:08:
                    22:4a:f7:78:6d:57:27:2b:71:a0:a5:34:aa:62:c2:
                    5e:79:02:9b:53:61:39:cf:94:d6:99:b7:9a:2f:9d:
                    ea:63:15:87:68:c1:ee:06:89:3f:e1:ab:29:87:e2:
                    73:57:08:b8:4a:0f:26:d8:e2:bd:1d:20:1d:01:7a:
                    a6:80:61:04:4a:63:6a:76:d9:8c:86:00:c1:89:47:
                    22:0a:a3:f6:35:f4:ae:79:28:02:31:ca:4d:29:08:
                    a8:8f:6c:ca:b4:3d:b2:bc:5a:52:05:5b:b7:c4:14:
                    8c:43:7c:f8:6a:27:06:26:af:49:bc:57:63:c7:fe:
                    5d:68:32:2d:4a:9a:30:5c:24:1b:c5:dd:f2:13:39:
                    19:a5:aa:e3:3d:f3:7b:5f:87:4c:72:b7:95:1e:09:
                    47:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:88:D3:4A:9B:EB:E6:44:EA:9E:CB:C2:69:FA:A3:8D:08:8B:F7:10
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:cb:b4:4d:ba:0c:19:a3:35:23:1c:21:c3:c8:35:47:d2:a8:
         65:ac:c2:32:1b:13:ce:77:ed:63:75:37:60:cb:d5:20:8d:06:
         80:41:cf:75:71:a1:9a:bf:2f:eb:1c:42:3e:8b:ae:64:fa:d2:
         a7:19:06:19:8e:f9:7f:e5:1d:dd:f0:7e:2f:15:0e:e2:0e:9f:
         e6:1e:ce:11:8e:db:ef:a9:3b:22:ec:b8:21:1c:8a:c3:8d:d9:
         70:7d:2e:22:d1:1c:cf:ee:30:04:62:e4:85:83:ce:02:e5:2f:
         28:e5:da:4b:f1:ba:b4:1b:e7:56:b1:76:9a:85:5a:81:ed:41:
         c3:94:82:5f:c7:90:0a:b6:26:93:ce:0d:f0:73:33:98:24:b3:
         51:d9:82:51:61:c3:2c:e6:1d:7f:88:a6:ea:fe:34:c4:85:76:
         ba:b0:4d:9b:20:f2:0c:c2:58:12:d8:86:64:6e:2b:c7:4d:ab:
         39:8b:44:c8:ff:3c:18:ed:aa:7c:09:b7:ac:a8:d6:dc:06:bc:
         e9:2c:03:dd:f7:2a:e0:2c:52:4d:c0:e8:49:9a:9f:24:07:2b:
         c4:e3:19:9f:ec:dc:54:7a:9e:37:bc:40:05:23:38:0c:37:75:
         91:a7:fd:58:65:2f:29:9d:2d:c5:84:d4:87:45:66:e2:b5:4f:
         46:0b:13:83
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPViTP6ZVrBHrbMIL8MhtcW1aD/QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjkwNDQ5MjBaFw0yNzA1MjgwNDU0MjBaMDMxMTAvBgNV
BAMTKDdGODhEMzRBOUJFQkU2NDRFQTlFQ0JDMjY5RkFBMzhEMDg4QkY3MTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYtTNl47XzR490ZdvKHWagDDBr
PvlfktectrcSwSmWlyRETmUmwrrofGYBlZ7/KfTemRYtz9kl+7AtgL2PM0HKuKiu
7GVAobwqqKRr63ewYN5n7wD1bDF7QEFSRGvBG5C/SAjeB5WZCCJK93htVycrcaCl
NKpiwl55AptTYTnPlNaZt5ovnepjFYdowe4GiT/hqymH4nNXCLhKDybY4r0dIB0B
eqaAYQRKY2p22YyGAMGJRyIKo/Y19K55KAIxyk0pCKiPbMq0PbK8WlIFW7fEFIxD
fPhqJwYmr0m8V2PH/l1oMi1KmjBcJBvF3fITORmlquM983tfh0xyt5UeCUeHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUf4jTSpvr5kTqnsvCafqjjQiL9xAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzAzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnY
yTANBgkqhkiG9w0BAQsFAAOCAQEAAsu0TboMGaM1Ixwhw8g1R9KoZazCMhsTznft
Y3U3YMvVII0GgEHPdXGhmr8v6xxCPouuZPrSpxkGGY75f+Ud3fB+LxUO4g6f5h7O
EY7b76k7Iuy4IRyKw43ZcH0uItEcz+4wBGLkhYPOAuUvKOXaS/G6tBvnVrF2moVa
ge1Bw5SCX8eQCrYmk84N8HMzmCSzUdmCUWHDLOYdf4im6v40xIV2urBNmyDyDMJY
EtiGZG4rx02rOYtEyP88GO2qfAm3rKjW3Aa86SwD3fcq4CxSTcDoSZqfJAcrxOMZ
n+zcVHqeN7xABSM4DDd1kaf9WGUvKZ0txYTUh0Vm4rVPRgsTgw==
-----END CERTIFICATE-----