Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230332e302f32342d3234203d3e20383334.roa
File:                     3231372e3231362e3230332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          OtKq20AMGXUeOo2B5RMn8GdKsGwZ6K+XRcaXxBJF32U=
Subject key identifier:   B5:68:B7:E4:C3:32:6A:4E:18:F1:7C:8E:B6:8E:E6:74:75:2E:25:1A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0C65E4B803C0E9732BEA98C7D5A4CB2AA86479EA
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230332e302f32342d3234203d3e20383334.roa
Signing time:             Thu 05 Mar 2026 08:20:22 +0000
ROA not before:           Thu 05 Mar 2026 08:15:22 +0000
ROA not after:            Thu 04 Mar 2027 08:20:22 +0000
asID:                     834
IP address blocks:        217.216.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:65:e4:b8:03:c0:e9:73:2b:ea:98:c7:d5:a4:cb:2a:a8:64:79:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar  5 08:15:22 2026 GMT
            Not After : Mar  4 08:20:22 2027 GMT
        Subject: CN=B568B7E4C3326A4E18F17C8EB68EE674752E251A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:66:05:c6:07:f0:df:34:10:f9:81:83:cb:1e:
                    35:77:3a:95:3e:04:0c:cc:4a:1d:36:cc:7f:3d:5b:
                    5d:85:b6:b8:ae:91:5e:41:1c:61:09:55:f8:93:7f:
                    bb:45:fa:c0:a0:92:40:ae:14:bc:b0:d3:36:a5:77:
                    fc:7c:2d:01:49:ef:ae:84:ca:54:5e:c6:c3:2d:5a:
                    5c:ef:70:e3:ec:96:1c:66:65:68:7f:20:78:1e:86:
                    70:9f:8b:39:29:50:61:6d:1e:05:d2:9c:56:1d:a6:
                    78:32:3c:13:25:b2:26:03:16:eb:40:49:3d:11:37:
                    29:c8:98:2c:a7:9b:50:64:cd:9c:e6:c0:8d:ef:a6:
                    9b:0f:07:ac:ae:20:98:de:44:94:e6:0f:cb:be:da:
                    78:26:50:3a:66:6b:36:98:68:e1:ac:59:d9:dc:df:
                    12:67:12:37:04:9a:eb:c7:8d:0a:23:75:1b:20:a8:
                    05:73:47:15:6b:15:c4:e0:75:16:d7:08:9b:12:5a:
                    8c:f8:51:52:f4:fc:65:0c:ec:fa:2f:54:dd:d5:22:
                    a6:f1:08:94:50:4e:f8:64:a6:98:2c:d8:83:92:7d:
                    93:50:e5:ae:02:21:03:c8:e9:87:73:5c:3c:10:4d:
                    1d:e9:06:23:62:6b:e8:44:7e:10:25:8b:13:0a:a6:
                    fa:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:68:B7:E4:C3:32:6A:4E:18:F1:7C:8E:B6:8E:E6:74:75:2E:25:1A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:0b:89:a3:aa:bd:3c:b0:07:16:97:26:1c:1b:50:b3:95:92:
         17:68:c3:21:5b:3a:3d:90:3b:9e:6f:8c:d1:2b:e7:1c:57:32:
         45:4f:f6:da:62:1a:a1:5e:50:f7:86:de:b2:a1:09:06:94:8c:
         bf:35:d5:8b:c8:a5:93:01:8b:4b:58:2b:93:6e:0b:86:2f:be:
         d4:4d:f6:90:f8:5c:8c:ba:e4:3c:de:87:bd:04:bb:bc:2a:f5:
         a7:d8:0b:6f:1d:d4:80:33:e9:22:f2:e6:bd:a7:67:9e:84:8a:
         4c:e8:c5:73:cf:ab:d0:29:63:46:4f:8f:55:9c:83:44:87:62:
         d4:9b:ec:28:84:dd:74:9e:04:6f:cc:ee:00:f8:82:9c:43:45:
         d3:fe:6c:b4:e6:94:3e:e3:60:72:a1:e5:5e:51:22:ba:f1:17:
         84:21:ea:de:0c:d9:1a:de:35:33:59:71:aa:6f:79:10:35:ab:
         e9:4b:ad:2a:b1:fe:41:9a:19:da:74:d8:a9:6c:59:21:c2:d4:
         e1:90:b2:0b:7c:0b:94:2c:11:67:95:07:98:9b:9a:21:2a:7e:
         37:76:ed:34:a7:ac:73:02:54:b8:7f:d1:08:49:47:db:19:b0:
         38:eb:e2:b4:15:f2:e3:2e:43:83:0f:1e:ee:bc:a5:e8:6c:ae:
         4d:32:96:bf
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDGXkuAPA6XMr6pjH1aTLKqhkeeowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMDUwODE1MjJaFw0yNzAzMDQwODIwMjJaMDMxMTAvBgNV
BAMTKEI1NjhCN0U0QzMzMjZBNEUxOEYxN0M4RUI2OEVFNjc0NzUyRTI1MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNZgXGB/DfNBD5gYPLHjV3OpU+
BAzMSh02zH89W12FtriukV5BHGEJVfiTf7tF+sCgkkCuFLyw0zald/x8LQFJ766E
ylRexsMtWlzvcOPslhxmZWh/IHgehnCfizkpUGFtHgXSnFYdpngyPBMlsiYDFutA
ST0RNynImCynm1BkzZzmwI3vppsPB6yuIJjeRJTmD8u+2ngmUDpmazaYaOGsWdnc
3xJnEjcEmuvHjQojdRsgqAVzRxVrFcTgdRbXCJsSWoz4UVL0/GUM7PovVN3VIqbx
CJRQTvhkppgs2IOSfZNQ5a4CIQPI6YdzXDwQTR3pBiNia+hEfhAlixMKpvqZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUtWi35MMyak4Y8XyOto7mdHUuJRowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzAzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnY
yzANBgkqhkiG9w0BAQsFAAOCAQEAaAuJo6q9PLAHFpcmHBtQs5WSF2jDIVs6PZA7
nm+M0SvnHFcyRU/22mIaoV5Q94besqEJBpSMvzXVi8ilkwGLS1grk24Lhi++1E32
kPhcjLrkPN6HvQS7vCr1p9gLbx3UgDPpIvLmvadnnoSKTOjFc8+r0CljRk+PVZyD
RIdi1JvsKITddJ4Eb8zuAPiCnENF0/5stOaUPuNgcqHlXlEiuvEXhCHq3gzZGt41
M1lxqm95EDWr6UutKrH+QZoZ2nTYqWxZIcLU4ZCyC3wLlCwRZ5UHmJuaISp+N3bt
NKescwJUuH/RCElH2xmwOOvitBXy4y5Dgw8e7ryl6GyuTTKWvw==
-----END CERTIFICATE-----