Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3231302e302f32342d3234203d3e20383334.roa
File:                     3231372e3231362e3231302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          VB6Ac1HXzxT1T/oKdg6fW+e1phjjDcDLQ4Pnv+Schn4=
Subject key identifier:   87:0C:10:7A:83:B4:95:97:BD:AD:FF:5E:19:03:35:27:BC:9D:13:F2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3586B36844355F95CD09708BC7332C59566FEAC1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3231302e302f32342d3234203d3e20383334.roa
Signing time:             Mon 01 Jun 2026 12:43:35 +0000
ROA not before:           Mon 01 Jun 2026 12:38:35 +0000
ROA not after:            Mon 31 May 2027 12:43:35 +0000
asID:                     834
IP address blocks:        217.216.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:86:b3:68:44:35:5f:95:cd:09:70:8b:c7:33:2c:59:56:6f:ea:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  1 12:38:35 2026 GMT
            Not After : May 31 12:43:35 2027 GMT
        Subject: CN=870C107A83B49597BDADFF5E19033527BC9D13F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:fb:76:22:14:9e:76:8b:31:76:59:41:d0:a0:
                    8c:07:1f:b5:42:f7:06:eb:8d:a8:e0:23:e4:cf:07:
                    de:63:f1:81:fd:02:00:a0:60:d5:05:d6:1c:83:4b:
                    9e:4a:4d:93:c7:fa:00:bb:79:8d:14:55:14:5f:6c:
                    fa:73:1d:d4:3a:c9:e2:d6:b1:d7:55:93:f4:82:6f:
                    ab:a7:21:bb:1c:a4:06:53:05:d4:54:eb:c0:b5:a6:
                    0a:07:4d:9c:fd:a6:09:3d:18:80:b8:5a:06:b0:21:
                    db:52:e8:72:e0:dd:6e:f2:0a:be:7f:fc:b9:61:d3:
                    92:b9:a6:54:a0:b1:1d:a3:85:21:9f:f4:fb:50:72:
                    23:ac:a4:4c:16:25:ca:21:68:57:58:5b:03:28:59:
                    ab:58:a3:0d:93:91:ef:50:61:1a:29:6f:8d:be:ed:
                    14:57:d9:96:39:70:ed:e5:93:a0:d5:cb:51:61:e3:
                    7c:07:6a:fc:45:99:7f:30:c8:18:6d:9a:cf:7d:c8:
                    f1:a1:e2:eb:0b:2a:61:bd:b8:05:48:c8:45:53:39:
                    32:5b:5f:86:63:0e:87:79:e2:0a:40:53:e7:b9:cd:
                    c1:0a:8b:18:d2:9b:e7:eb:0f:4f:6a:ec:20:ba:84:
                    95:65:5f:08:5d:99:52:08:30:57:ba:1e:da:9b:af:
                    3b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:0C:10:7A:83:B4:95:97:BD:AD:FF:5E:19:03:35:27:BC:9D:13:F2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3231302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:36:7c:01:02:57:9c:ba:63:0e:3b:a0:3c:4d:7c:73:e0:44:
         44:81:d7:ca:35:63:2f:dc:c8:c1:10:65:68:60:9f:ca:37:c8:
         4f:0a:53:df:79:58:eb:a8:be:59:d7:8b:5b:2e:0a:18:19:d6:
         31:fc:36:82:c7:b6:c4:ea:00:0a:07:4f:23:78:ef:7c:0f:c5:
         0b:97:c9:2e:81:7e:cf:ec:67:d8:a3:96:13:2b:1e:7d:39:c9:
         f0:1c:21:bf:49:9c:5c:45:d6:0f:d4:39:76:5e:a3:54:7d:66:
         28:01:66:3e:90:55:09:62:56:32:64:30:2b:ac:1e:9e:0b:2e:
         6a:76:ac:1c:59:4a:e8:8d:8c:72:1f:56:3d:c7:b9:7b:97:f4:
         03:e3:43:47:67:a4:2e:f8:9a:f8:43:b3:5f:26:14:8f:c6:6e:
         de:d2:c1:e7:a6:e1:2e:1f:c5:18:82:1a:bf:1b:db:bd:3d:32:
         e0:7d:ec:b9:c7:ca:14:0c:8e:5d:11:f0:7d:a2:7d:14:aa:1f:
         4b:4c:a8:33:cd:43:68:e3:55:99:ee:b8:bb:8e:13:1c:8d:91:
         8e:88:35:7a:32:01:e6:ce:d8:56:51:4b:db:39:64:83:51:29:
         cf:ac:54:e5:bb:4c:c1:3a:91:fb:1f:20:04:8f:40:40:20:01:
         17:54:23:6d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNYazaEQ1X5XNCXCLxzMsWVZv6sEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MDExMjM4MzVaFw0yNzA1MzExMjQzMzVaMDMxMTAvBgNV
BAMTKDg3MEMxMDdBODNCNDk1OTdCREFERkY1RTE5MDMzNTI3QkM5RDEzRjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDk+3YiFJ52izF2WUHQoIwHH7VC
9wbrjajgI+TPB95j8YH9AgCgYNUF1hyDS55KTZPH+gC7eY0UVRRfbPpzHdQ6yeLW
sddVk/SCb6unIbscpAZTBdRU68C1pgoHTZz9pgk9GIC4WgawIdtS6HLg3W7yCr5/
/Llh05K5plSgsR2jhSGf9PtQciOspEwWJcohaFdYWwMoWatYow2Tke9QYRopb42+
7RRX2ZY5cO3lk6DVy1Fh43wHavxFmX8wyBhtms99yPGh4usLKmG9uAVIyEVTOTJb
X4ZjDod54gpAU+e5zcEKixjSm+frD09q7CC6hJVlXwhdmVIIMFe6HtqbrzsJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUhwwQeoO0lZe9rf9eGQM1J7ydE/IwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzEzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnY
0jANBgkqhkiG9w0BAQsFAAOCAQEAZTZ8AQJXnLpjDjugPE18c+BERIHXyjVjL9zI
wRBlaGCfyjfITwpT33lY66i+WdeLWy4KGBnWMfw2gse2xOoACgdPI3jvfA/FC5fJ
LoF+z+xn2KOWEysefTnJ8Bwhv0mcXEXWD9Q5dl6jVH1mKAFmPpBVCWJWMmQwK6we
ngsuanasHFlK6I2Mch9WPce5e5f0A+NDR2ekLvia+EOzXyYUj8Zu3tLB56bhLh/F
GIIavxvbvT0y4H3sucfKFAyOXRHwfaJ9FKofS0yoM81DaONVme64u44THI2Rjog1
ejIB5s7YVlFL2zlkg1Epz6xU5btMwTqR+x8gBI9AQCABF1QjbQ==
-----END CERTIFICATE-----