Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3231312e302f32342d3234203d3e20383334.roa
File:                     3231372e3231362e3231312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          uWpvabj+cyl2ddYkwTPmnprsitGYghArtHeH33FA4Ic=
Subject key identifier:   60:B1:1A:B8:16:72:AC:E8:35:7D:9D:CA:0D:DB:D9:21:F0:D1:4E:96
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1C606E9B40646771DFCEABD13EC672CB2C601BE9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3231312e302f32342d3234203d3e20383334.roa
Signing time:             Fri 29 May 2026 05:00:08 +0000
ROA not before:           Fri 29 May 2026 04:55:08 +0000
ROA not after:            Fri 28 May 2027 05:00:08 +0000
asID:                     834
IP address blocks:        217.216.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:60:6e:9b:40:64:67:71:df:ce:ab:d1:3e:c6:72:cb:2c:60:1b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 29 04:55:08 2026 GMT
            Not After : May 28 05:00:08 2027 GMT
        Subject: CN=60B11AB81672ACE8357D9DCA0DDBD921F0D14E96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:30:a4:0f:0d:33:98:3d:cc:dc:7d:8e:ea:d6:
                    6e:1b:2e:a6:3d:d6:05:87:3c:a5:4d:b6:98:59:93:
                    1f:e7:63:48:a5:3d:5f:84:2f:40:01:b9:58:4a:87:
                    ae:8d:4e:4d:05:4b:96:55:91:91:3d:76:48:5a:21:
                    0e:e0:35:59:c4:5d:2d:c2:a8:e1:71:15:f0:5d:24:
                    ce:f3:06:a1:0b:6b:a2:09:d4:04:65:33:4f:70:4d:
                    5f:51:c3:a6:31:fe:fa:e6:64:0d:6f:72:23:fb:c4:
                    77:70:d5:09:7b:15:b1:e0:dd:ad:62:b1:ea:a4:ef:
                    f3:eb:33:52:13:2c:f0:28:9e:ef:b3:6c:fc:de:56:
                    e2:a9:77:05:6e:e0:57:3b:8e:5b:1d:66:33:0f:a8:
                    a5:37:97:78:7a:7a:6b:1f:f7:a4:d5:67:f9:8c:db:
                    18:32:8f:2d:e8:26:bb:ef:a8:a0:7e:b9:fe:87:d4:
                    d2:fc:77:84:b4:fb:8e:2f:d5:79:e0:5c:89:e2:a6:
                    bf:f8:44:55:17:54:1b:8d:f5:4b:01:64:6c:f4:7c:
                    24:ce:80:5d:44:2c:d4:b0:8c:42:50:15:75:b7:3a:
                    96:24:0b:47:02:13:4a:49:bc:b1:b0:76:5d:9a:9d:
                    56:6e:44:71:24:34:b2:44:09:42:d1:4b:ca:0d:f9:
                    ad:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:B1:1A:B8:16:72:AC:E8:35:7D:9D:CA:0D:DB:D9:21:F0:D1:4E:96
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3231312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:4e:90:2c:b3:cf:30:e2:ec:a3:9e:8c:47:2a:7b:83:b0:4c:
         be:1a:c9:1f:88:93:d2:03:96:86:7b:17:7b:43:44:15:3d:fa:
         aa:be:ac:9a:36:ce:77:74:59:d9:f9:b3:4a:13:3d:de:dd:39:
         65:0e:9f:14:c7:74:f2:b4:39:7e:1f:da:95:70:b3:55:72:7a:
         a0:8e:35:18:1b:1b:2d:d1:ac:43:bb:b7:2d:b6:bc:b4:06:fa:
         44:a4:52:3e:7d:26:d7:02:dc:d2:32:0e:c1:1e:ee:ed:b4:18:
         6a:44:02:f9:e0:c4:93:92:a5:77:5c:be:61:b6:90:ed:16:7d:
         13:e3:6e:ef:a6:f8:5a:ab:15:cf:e8:c1:3c:29:c3:b5:10:a4:
         4e:81:27:39:8d:4b:44:27:90:f6:ba:81:fd:57:32:cd:35:93:
         0d:02:11:00:0e:c4:67:33:3d:1d:0f:8f:c1:ac:f1:5f:2b:f4:
         27:b6:dd:75:9f:43:84:f1:4b:f7:af:96:62:c6:af:b3:43:90:
         5a:05:39:14:54:35:37:8d:fc:30:38:1f:33:86:ce:2e:0f:74:
         88:51:60:5c:01:69:21:b5:c2:18:b7:2f:2d:3c:26:06:06:b2:
         3c:77:58:54:65:95:04:c3:b5:39:82:a5:c0:3a:24:46:73:fc:
         00:02:b8:0d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHGBum0BkZ3HfzqvRPsZyyyxgG+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjkwNDU1MDhaFw0yNzA1MjgwNTAwMDhaMDMxMTAvBgNV
BAMTKDYwQjExQUI4MTY3MkFDRTgzNTdEOURDQTBEREJEOTIxRjBEMTRFOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsMKQPDTOYPczcfY7q1m4bLqY9
1gWHPKVNtphZkx/nY0ilPV+EL0ABuVhKh66NTk0FS5ZVkZE9dkhaIQ7gNVnEXS3C
qOFxFfBdJM7zBqELa6IJ1ARlM09wTV9Rw6Yx/vrmZA1vciP7xHdw1Ql7FbHg3a1i
seqk7/PrM1ITLPAonu+zbPzeVuKpdwVu4Fc7jlsdZjMPqKU3l3h6emsf96TVZ/mM
2xgyjy3oJrvvqKB+uf6H1NL8d4S0+44v1XngXInipr/4RFUXVBuN9UsBZGz0fCTO
gF1ELNSwjEJQFXW3OpYkC0cCE0pJvLGwdl2anVZuRHEkNLJECULRS8oN+a2TAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYLEauBZyrOg1fZ3KDdvZIfDRTpYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzEzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnY
0zANBgkqhkiG9w0BAQsFAAOCAQEAjE6QLLPPMOLso56MRyp7g7BMvhrJH4iT0gOW
hnsXe0NEFT36qr6smjbOd3RZ2fmzShM93t05ZQ6fFMd08rQ5fh/alXCzVXJ6oI41
GBsbLdGsQ7u3Lba8tAb6RKRSPn0m1wLc0jIOwR7u7bQYakQC+eDEk5Kld1y+YbaQ
7RZ9E+Nu76b4WqsVz+jBPCnDtRCkToEnOY1LRCeQ9rqB/VcyzTWTDQIRAA7EZzM9
HQ+PwazxXyv0J7bddZ9DhPFL96+WYsavs0OQWgU5FFQ1N438MDgfM4bOLg90iFFg
XAFpIbXCGLcvLTwmBgayPHdYVGWVBMO1OYKlwDokRnP8AAK4DQ==
-----END CERTIFICATE-----