Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230332e302f32342d3234203d3e20383334.roa
File:                     3231372e3231362e3230332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          2fWmjW6wsfpITrvI6ikwM27jDCw1HkFBt9xWvOeUjxs=
Subject key identifier:   09:B8:49:08:53:8D:55:87:B7:D3:52:30:2E:07:56:B4:81:10:6F:D1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1D7F47A220D511ED079DB710789B28F119AD03CC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230332e302f32342d3234203d3e20383334.roa
Signing time:             Mon 18 May 2026 10:11:37 +0000
ROA not before:           Mon 18 May 2026 10:06:37 +0000
ROA not after:            Mon 17 May 2027 10:11:37 +0000
asID:                     834
IP address blocks:        217.216.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:7f:47:a2:20:d5:11:ed:07:9d:b7:10:78:9b:28:f1:19:ad:03:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 18 10:06:37 2026 GMT
            Not After : May 17 10:11:37 2027 GMT
        Subject: CN=09B84908538D5587B7D352302E0756B481106FD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:24:6d:7d:8a:6a:27:5f:6a:90:3e:e4:2b:46:
                    24:27:76:37:0a:4e:4e:21:c5:2c:cc:b1:16:8f:76:
                    6a:1c:97:30:f5:95:20:5e:78:5a:d7:46:0a:c8:0d:
                    28:92:36:17:c5:3d:a2:78:be:74:e8:3a:a3:ed:aa:
                    61:f1:90:ba:2d:b1:70:28:a3:b2:c1:81:bf:30:86:
                    2b:a4:28:30:77:64:29:62:1d:30:d5:e0:a4:68:38:
                    73:2d:be:fb:84:a0:bf:16:0b:fc:c8:c1:13:94:2c:
                    fb:ee:cc:5d:4b:13:a3:dc:f0:78:5e:9c:d8:41:f8:
                    ee:bc:8e:ce:14:d6:e6:92:c1:7a:41:06:7b:41:92:
                    a8:6c:4f:58:c1:9f:73:1c:68:a5:c8:d5:03:23:23:
                    7d:b7:17:43:fa:f5:c7:06:b4:45:17:93:ec:00:30:
                    58:eb:bf:45:07:76:49:4f:87:99:68:7c:40:6f:6d:
                    34:29:f4:3e:c1:59:39:ea:d5:bf:0d:36:20:0a:5e:
                    0a:9d:67:36:12:d2:fa:f2:f6:48:a9:d4:a3:e1:74:
                    ca:3a:d0:dd:ef:c5:ef:01:03:bb:7d:b5:f6:6c:6f:
                    60:c7:ae:96:4f:04:4e:18:f7:a3:05:74:98:3f:4e:
                    b3:a1:93:78:3e:c1:24:47:63:9b:e6:2e:fc:d0:36:
                    c4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:B8:49:08:53:8D:55:87:B7:D3:52:30:2E:07:56:B4:81:10:6F:D1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:a8:5a:f0:11:7c:39:ef:6d:48:44:bf:60:5c:4b:a9:b9:ff:
         63:f6:78:91:95:78:bf:ba:e9:c0:4f:80:5f:12:a6:69:ec:bc:
         7d:31:b2:d6:d2:09:df:1f:17:03:60:88:d9:c5:08:1e:c4:31:
         d5:51:1a:04:22:1f:c3:a6:7c:95:60:de:4c:ac:9d:ae:f6:12:
         e5:63:33:4e:b4:27:d0:18:89:05:66:35:7a:cc:36:32:ce:21:
         e1:88:80:e4:f6:ed:59:47:5b:e1:73:d3:46:a3:e9:6c:5a:8e:
         c2:22:5a:62:d3:c4:e4:89:63:00:9e:3c:f4:74:6a:60:4a:c6:
         30:1b:71:28:57:ff:85:86:f0:75:6b:b2:27:a6:ab:41:57:6e:
         17:fe:64:1c:4b:56:dc:e9:45:77:3a:be:59:15:8e:15:c6:a6:
         1c:18:63:b2:db:8b:21:bc:b0:ed:dd:82:97:30:86:61:0d:76:
         02:a5:aa:36:ec:e9:ca:3b:c3:22:f9:b5:eb:14:3e:88:8b:9f:
         90:77:8b:1f:22:50:e5:d8:23:59:3c:e6:9b:d1:be:14:d9:7b:
         4e:19:2e:6c:ed:6a:f3:c9:66:2a:55:a4:5e:e9:15:c3:a1:7e:
         b0:ac:83:ac:45:07:d6:64:03:fd:e0:51:22:db:e5:e6:42:99:
         60:38:95:83
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHX9HoiDVEe0HnbcQeJso8RmtA8wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MTgxMDA2MzdaFw0yNzA1MTcxMDExMzdaMDMxMTAvBgNV
BAMTKDA5Qjg0OTA4NTM4RDU1ODdCN0QzNTIzMDJFMDc1NkI0ODExMDZGRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8JG19imonX2qQPuQrRiQndjcK
Tk4hxSzMsRaPdmoclzD1lSBeeFrXRgrIDSiSNhfFPaJ4vnToOqPtqmHxkLotsXAo
o7LBgb8whiukKDB3ZCliHTDV4KRoOHMtvvuEoL8WC/zIwROULPvuzF1LE6Pc8Hhe
nNhB+O68js4U1uaSwXpBBntBkqhsT1jBn3McaKXI1QMjI323F0P69ccGtEUXk+wA
MFjrv0UHdklPh5lofEBvbTQp9D7BWTnq1b8NNiAKXgqdZzYS0vry9kip1KPhdMo6
0N3vxe8BA7t9tfZsb2DHrpZPBE4Y96MFdJg/TrOhk3g+wSRHY5vmLvzQNsRbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCbhJCFONVYe301IwLgdWtIEQb9EwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzAzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnY
yzANBgkqhkiG9w0BAQsFAAOCAQEAZaha8BF8Oe9tSES/YFxLqbn/Y/Z4kZV4v7rp
wE+AXxKmaey8fTGy1tIJ3x8XA2CI2cUIHsQx1VEaBCIfw6Z8lWDeTKydrvYS5WMz
TrQn0BiJBWY1esw2Ms4h4YiA5PbtWUdb4XPTRqPpbFqOwiJaYtPE5IljAJ489HRq
YErGMBtxKFf/hYbwdWuyJ6arQVduF/5kHEtW3OlFdzq+WRWOFcamHBhjstuLIbyw
7d2ClzCGYQ12AqWqNuzpyjvDIvm16xQ+iIufkHeLHyJQ5dgjWTzmm9G+FNl7Thku
bO1q88lmKlWkXukVw6F+sKyDrEUH1mQD/eBRItvl5kKZYDiVgw==
-----END CERTIFICATE-----