Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3136302e302f32312d3234203d3e20383334.roa
File:                     3231372e3231372e3136302e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          /0Jds6EyDK0iMfWR8sfWiFfeluY1BK1JQ1+WsuT3lmE=
Subject key identifier:   51:9B:BD:CF:70:CF:7D:DE:B2:B9:A4:E9:DA:3A:13:9A:38:7B:88:74
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3DABD404BAE33ACCA56F318840314DF5CEA697D6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3136302e302f32312d3234203d3e20383334.roa
Signing time:             Wed 03 Jun 2026 10:39:43 +0000
ROA not before:           Wed 03 Jun 2026 10:34:43 +0000
ROA not after:            Wed 02 Jun 2027 10:39:43 +0000
asID:                     834
IP address blocks:        217.217.160.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:ab:d4:04:ba:e3:3a:cc:a5:6f:31:88:40:31:4d:f5:ce:a6:97:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun  3 10:34:43 2026 GMT
            Not After : Jun  2 10:39:43 2027 GMT
        Subject: CN=519BBDCF70CF7DDEB2B9A4E9DA3A139A387B8874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:aa:3b:23:6f:b0:cf:3e:c8:cc:2b:b5:58:ae:
                    69:d4:9f:a1:28:d5:5c:45:8c:32:58:e5:94:39:0e:
                    cb:b0:d0:25:5f:69:63:13:50:fb:6e:a4:85:65:fc:
                    c2:a7:01:1b:d3:f4:dd:bf:73:5c:1d:33:75:f2:63:
                    c5:da:56:a5:88:f5:e6:91:80:13:00:80:21:26:42:
                    82:3c:2d:c0:57:8d:67:15:56:16:29:70:23:8f:26:
                    28:da:e0:64:4f:c7:93:90:f8:4f:2a:a9:e3:36:e3:
                    c9:a8:01:79:61:5e:fc:ec:b2:da:f3:a9:f3:29:c1:
                    a0:75:d5:b8:44:47:09:f9:75:33:d4:42:7f:43:72:
                    a5:53:8c:a0:b6:e4:0f:31:78:27:0a:cf:55:e1:49:
                    54:e3:4f:d5:0c:67:ae:dc:82:91:c7:76:24:1c:cc:
                    ff:6a:66:84:5d:58:06:4a:d5:30:ba:d2:08:f6:6c:
                    a3:ac:4f:29:2d:c2:5a:c6:60:09:79:a4:e6:bc:ba:
                    69:a1:40:38:4e:1c:10:ba:3b:4b:bd:67:1f:c7:97:
                    ce:b3:6f:e5:cb:37:8c:f5:e9:4d:b5:2b:f5:62:a4:
                    9e:63:0f:2e:c7:6b:77:53:45:ca:e1:82:eb:7c:25:
                    d5:48:cd:66:8f:48:8d:e3:bf:06:aa:a9:a5:55:34:
                    7b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:9B:BD:CF:70:CF:7D:DE:B2:B9:A4:E9:DA:3A:13:9A:38:7B:88:74
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3136302e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:2f:8e:1f:22:fb:a1:0c:f0:60:79:b2:be:bf:41:30:8a:47:
         ab:d2:42:3d:73:86:4d:75:b6:95:65:bc:e9:52:45:ad:4b:e7:
         ac:ff:eb:74:b7:e3:40:9d:b9:e9:36:fb:34:cd:39:fd:cd:d6:
         18:3a:9f:99:34:72:a1:4d:4d:fe:c2:4d:b4:2b:4b:2b:2d:57:
         29:f3:b4:b6:de:3e:92:9f:12:27:31:93:64:36:0d:a5:90:ec:
         59:71:6d:ed:73:72:74:bf:c5:4c:c5:d6:91:b2:9f:84:58:bd:
         44:3d:27:e7:da:a2:93:fe:21:73:a0:e3:4a:c9:a4:2b:7e:84:
         34:99:61:89:d5:ec:1c:ed:4d:56:40:c0:53:86:3a:75:30:ce:
         74:8e:f5:b9:0e:8e:7f:2e:1f:44:d6:fa:7a:17:67:ff:f7:2a:
         bc:6a:72:6f:15:ab:45:f8:d9:d8:da:8b:8d:ec:3e:86:db:4f:
         c3:4f:9b:10:4d:9a:11:20:b5:f1:a8:4a:f3:ce:da:c6:9a:4a:
         98:c1:9d:96:20:96:83:25:4f:5d:97:87:d9:3b:b2:4a:d9:72:
         aa:fa:71:e7:f4:a7:58:42:28:c3:fb:16:db:a5:da:ee:46:49:
         1c:7c:66:29:d9:24:70:6f:bc:ce:35:77:95:85:2e:22:66:06:
         6b:48:4e:08
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPavUBLrjOsylbzGIQDFN9c6ml9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA2MDMxMDM0NDNaFw0yNzA2MDIxMDM5NDNaMDMxMTAvBgNV
BAMTKDUxOUJCRENGNzBDRjdEREVCMkI5QTRFOURBM0ExMzlBMzg3Qjg4NzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8qjsjb7DPPsjMK7VYrmnUn6Eo
1VxFjDJY5ZQ5Dsuw0CVfaWMTUPtupIVl/MKnARvT9N2/c1wdM3XyY8XaVqWI9eaR
gBMAgCEmQoI8LcBXjWcVVhYpcCOPJija4GRPx5OQ+E8qqeM248moAXlhXvzsstrz
qfMpwaB11bhERwn5dTPUQn9DcqVTjKC25A8xeCcKz1XhSVTjT9UMZ67cgpHHdiQc
zP9qZoRdWAZK1TC60gj2bKOsTyktwlrGYAl5pOa8ummhQDhOHBC6O0u9Zx/Hl86z
b+XLN4z16U21K/VipJ5jDy7Ha3dTRcrhgut8JdVIzWaPSI3jvwaqqaVVNHuxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUZu9z3DPfd6yuaTp2joTmjh7iHQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMx
MzYzMDJlMzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA9nZ
oDANBgkqhkiG9w0BAQsFAAOCAQEACS+OHyL7oQzwYHmyvr9BMIpHq9JCPXOGTXW2
lWW86VJFrUvnrP/rdLfjQJ256Tb7NM05/c3WGDqfmTRyoU1N/sJNtCtLKy1XKfO0
tt4+kp8SJzGTZDYNpZDsWXFt7XNydL/FTMXWkbKfhFi9RD0n59qik/4hc6DjSsmk
K36ENJlhidXsHO1NVkDAU4Y6dTDOdI71uQ6Ofy4fRNb6ehdn//cqvGpybxWrRfjZ
2NqLjew+httPw0+bEE2aESC18ahK887axppKmMGdliCWgyVPXZeH2TuyStlyqvpx
5/SnWEIow/sW26Xa7kZJHHxmKdkkcG+8zjV3lYUuImYGa0hOCA==
-----END CERTIFICATE-----