Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32382e302f32342d3234203d3e2039333034.roa
File:                     3231372e3231372e32382e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          1zzK2Me2bW1rEv3hbJeZC/Tnv62dU2pGHgE55sWzZIg=
Subject key identifier:   59:26:93:62:36:79:08:2A:67:8D:04:3D:74:5F:A3:22:E6:AA:82:D1
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4E1D244C6CB1872BCEA88897C239645D0D7850BC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32382e302f32342d3234203d3e2039333034.roa
Signing time:             Wed 24 Sep 2025 09:44:10 +0000
ROA not before:           Wed 24 Sep 2025 09:39:10 +0000
ROA not after:            Wed 23 Sep 2026 09:44:10 +0000
asID:                     9304
IP address blocks:        217.217.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:1d:24:4c:6c:b1:87:2b:ce:a8:88:97:c2:39:64:5d:0d:78:50:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 24 09:39:10 2025 GMT
            Not After : Sep 23 09:44:10 2026 GMT
        Subject: CN=592693623679082A678D043D745FA322E6AA82D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:11:1c:56:74:d2:af:ba:80:6c:27:62:b7:ac:
                    10:ef:2d:e2:f1:13:b5:50:9c:f8:4d:13:8d:e7:cb:
                    6b:c6:5c:2d:02:7d:87:a3:cb:f1:3a:41:0d:93:1f:
                    fe:57:f7:a2:a2:e5:8c:f0:d1:fd:32:cd:48:7f:74:
                    30:cb:c7:1c:a6:bf:96:4c:2e:e3:31:b1:ba:8b:c1:
                    a0:0c:98:7e:91:61:0e:c0:27:47:9b:e8:03:63:4f:
                    85:d5:c6:bd:6a:df:76:ec:11:23:54:26:85:15:ea:
                    0a:c2:2f:47:60:4f:e5:df:58:90:10:75:21:64:57:
                    30:98:16:04:cc:4d:2e:f8:0a:ed:2c:d0:42:19:17:
                    aa:03:2b:e0:9b:0a:90:60:e2:ab:0d:f4:e4:78:c5:
                    01:63:05:bf:34:f0:d9:3e:da:9a:08:fd:fd:1c:d4:
                    86:fe:44:72:9b:4c:f8:89:87:7f:ec:1d:8b:78:50:
                    e4:b3:05:91:95:21:39:a4:9e:bb:81:e1:a7:6c:02:
                    b8:f7:23:57:c4:f8:5a:d9:47:71:d1:56:38:40:2e:
                    ac:62:bd:bf:c9:8a:6f:ca:ea:ca:b6:95:3d:aa:08:
                    7d:81:29:fe:83:92:59:00:4f:7b:0c:91:8c:4b:67:
                    dd:61:7e:47:26:46:76:52:f5:88:00:3e:7f:9c:91:
                    bd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:26:93:62:36:79:08:2A:67:8D:04:3D:74:5F:A3:22:E6:AA:82:D1
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e32382e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:0e:19:18:38:20:50:21:5d:32:85:32:28:aa:71:ac:e5:d2:
         15:4c:50:bb:70:6e:0f:c0:65:c2:66:13:5b:c8:f8:89:fe:d0:
         c7:18:a4:3e:7b:92:64:83:56:55:b0:13:75:94:cc:a4:d7:ff:
         22:7e:7a:42:86:f5:bb:21:d2:a9:b3:95:58:d0:ff:bd:1b:a4:
         d2:d4:74:b6:0f:6f:02:51:bb:35:d0:41:fb:bc:6c:65:be:59:
         d7:8d:39:27:90:c5:80:ed:7a:ba:f8:94:97:e7:e4:38:65:f5:
         9d:7a:24:6e:e0:ec:6d:58:47:42:84:72:d2:2f:b1:15:5c:80:
         0d:28:5e:ca:d4:25:05:8a:57:e9:6b:8d:2b:91:81:71:e6:6c:
         75:a5:6a:c0:05:09:29:25:a9:57:23:ab:e7:39:3b:78:85:f9:
         dd:c1:84:b0:4e:b5:b2:0f:14:b5:0e:37:e2:76:a6:bb:7b:5c:
         5c:30:01:b6:7e:e1:40:60:a5:99:48:e4:cc:b6:ec:7e:65:7f:
         94:1d:8b:90:b9:bb:63:0f:f8:d0:6e:f5:90:e2:7e:b8:4c:bd:
         e3:8e:11:7d:d8:67:7c:de:80:ce:ad:aa:6a:95:df:a1:41:10:
         05:58:98:e4:99:ec:82:87:bd:26:ff:54:2c:9d:ab:ed:3f:59:
         8f:6b:d6:b7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTh0kTGyxhyvOqIiXwjlkXQ14ULwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MjQwOTM5MTBaFw0yNjA5MjMwOTQ0MTBaMDMxMTAvBgNV
BAMTKDU5MjY5MzYyMzY3OTA4MkE2NzhEMDQzRDc0NUZBMzIyRTZBQTgyRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5ERxWdNKvuoBsJ2K3rBDvLeLx
E7VQnPhNE43ny2vGXC0CfYejy/E6QQ2TH/5X96Ki5Yzw0f0yzUh/dDDLxxymv5ZM
LuMxsbqLwaAMmH6RYQ7AJ0eb6ANjT4XVxr1q33bsESNUJoUV6grCL0dgT+XfWJAQ
dSFkVzCYFgTMTS74Cu0s0EIZF6oDK+CbCpBg4qsN9OR4xQFjBb808Nk+2poI/f0c
1Ib+RHKbTPiJh3/sHYt4UOSzBZGVITmknruB4adsArj3I1fE+FrZR3HRVjhALqxi
vb/Jim/K6sq2lT2qCH2BKf6DklkAT3sMkYxLZ91hfkcmRnZS9YgAPn+ckb1jAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWSaTYjZ5CCpnjQQ9dF+jIuaqgtEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnZ
HDANBgkqhkiG9w0BAQsFAAOCAQEAJA4ZGDggUCFdMoUyKKpxrOXSFUxQu3BuD8Bl
wmYTW8j4if7QxxikPnuSZINWVbATdZTMpNf/In56Qob1uyHSqbOVWND/vRuk0tR0
tg9vAlG7NdBB+7xsZb5Z1405J5DFgO16uviUl+fkOGX1nXokbuDsbVhHQoRy0i+x
FVyADSheytQlBYpX6WuNK5GBceZsdaVqwAUJKSWpVyOr5zk7eIX53cGEsE61sg8U
tQ434namu3tcXDABtn7hQGClmUjkzLbsfmV/lB2LkLm7Yw/40G71kOJ+uEy9444R
fdhnfN6Azq2qapXfoUEQBViY5Jnsgoe9Jv9ULJ2r7T9Zj2vWtw==
-----END CERTIFICATE-----