Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e33322e302f32322d3234203d3e20383334.roa
File:                     3231372e3231372e33322e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          HKd8viKPIELQ0l+r9V2jxGpQqi35mVstlvB4L75p0Fs=
Subject key identifier:   4C:C6:B4:83:0B:10:58:C2:F1:D0:FE:36:BE:7E:ED:1C:FB:D2:33:B6
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0A9F3EC86543787B9A21C92A0E9539C64DFF411A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e33322e302f32322d3234203d3e20383334.roa
Signing time:             Mon 27 Oct 2025 12:17:28 +0000
ROA not before:           Mon 27 Oct 2025 12:12:28 +0000
ROA not after:            Mon 26 Oct 2026 12:17:28 +0000
asID:                     834
IP address blocks:        217.217.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:9f:3e:c8:65:43:78:7b:9a:21:c9:2a:0e:95:39:c6:4d:ff:41:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 27 12:12:28 2025 GMT
            Not After : Oct 26 12:17:28 2026 GMT
        Subject: CN=4CC6B4830B1058C2F1D0FE36BE7EED1CFBD233B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:08:2a:0d:94:e9:06:88:e1:77:f5:fc:24:aa:
                    fc:5c:49:f2:fe:1f:2f:53:0e:d1:58:d5:cc:cb:95:
                    74:e9:4d:21:02:fb:7e:aa:4e:47:67:c6:49:a1:c5:
                    9c:a7:1e:e9:50:eb:19:3c:a8:89:7d:76:ea:df:5e:
                    5a:6d:e9:09:89:44:01:17:bd:e1:d5:6d:9e:d3:d4:
                    08:c8:e2:03:69:04:82:5b:ff:5b:99:38:4f:00:ef:
                    89:87:96:22:0c:46:75:25:dd:69:de:10:50:cb:4d:
                    02:52:5c:c0:56:dc:d6:55:3d:bf:74:ae:8a:57:80:
                    6b:16:15:66:5d:00:fc:38:e4:5c:c8:b8:9a:ec:d8:
                    28:81:dd:19:b4:50:29:4b:19:72:04:5d:04:9d:5e:
                    47:06:58:b5:0e:62:d2:41:92:b5:c6:ea:ba:57:73:
                    72:63:ab:14:24:a7:de:2c:38:f2:51:c6:31:37:82:
                    d2:15:1d:36:9b:32:82:9c:8d:ca:a3:30:86:1c:fb:
                    2c:91:34:54:b4:a2:29:26:c8:8c:6f:52:17:af:97:
                    ec:dd:09:92:ec:fa:d9:d3:71:b2:89:c5:38:77:53:
                    71:61:ea:a3:9e:cc:51:e8:88:c0:de:0e:50:73:2e:
                    e3:24:53:31:2d:0e:1c:6d:e5:0c:71:e0:85:d6:b8:
                    ca:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C6:B4:83:0B:10:58:C2:F1:D0:FE:36:BE:7E:ED:1C:FB:D2:33:B6
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e33322e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.217.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:cb:7d:6f:0e:0f:32:17:5a:4a:2e:0e:35:15:c9:df:af:e7:
         be:e7:4e:6d:b2:6b:81:d3:e7:bd:ea:c9:a8:f2:c5:10:19:4f:
         17:e5:77:eb:60:f3:2e:80:88:09:36:17:02:72:a9:7d:30:00:
         a1:ca:57:00:ef:6e:80:90:1c:4d:44:e5:09:d6:92:2f:a8:22:
         19:67:97:4c:82:ca:fe:26:83:89:87:01:8f:38:b7:9e:4d:72:
         ae:9b:f6:0a:dc:86:52:51:75:1c:2a:f2:3c:78:36:8a:5f:1e:
         9e:a2:c4:8b:eb:25:63:d5:e6:95:85:26:85:87:25:17:52:49:
         ff:94:d8:85:47:4a:b1:32:cb:7d:13:95:79:36:7b:d2:f9:b0:
         52:19:a4:af:80:10:2a:02:18:61:c6:47:6c:59:f3:0d:5e:5b:
         8b:51:e8:91:c6:00:95:a8:59:29:04:32:51:d0:8a:75:09:93:
         f0:c4:26:b1:59:a3:8c:04:fb:16:d9:cc:38:14:ad:96:80:23:
         f9:30:6d:6b:67:a5:3e:85:57:6d:e3:57:10:d9:97:59:c0:e9:
         08:dd:b4:57:8a:58:69:d7:e7:79:c6:9a:d6:43:e9:4b:26:cb:
         2f:75:de:8a:04:31:b4:80:0c:de:74:6e:97:1f:14:46:53:b2:
         87:04:ca:5b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCp8+yGVDeHuaIckqDpU5xk3/QRowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMjcxMjEyMjhaFw0yNjEwMjYxMjE3MjhaMDMxMTAvBgNV
BAMTKDRDQzZCNDgzMEIxMDU4QzJGMUQwRkUzNkJFN0VFRDFDRkJEMjMzQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgCCoNlOkGiOF39fwkqvxcSfL+
Hy9TDtFY1czLlXTpTSEC+36qTkdnxkmhxZynHulQ6xk8qIl9durfXlpt6QmJRAEX
veHVbZ7T1AjI4gNpBIJb/1uZOE8A74mHliIMRnUl3WneEFDLTQJSXMBW3NZVPb90
ropXgGsWFWZdAPw45FzIuJrs2CiB3Rm0UClLGXIEXQSdXkcGWLUOYtJBkrXG6rpX
c3JjqxQkp94sOPJRxjE3gtIVHTabMoKcjcqjMIYc+yyRNFS0oikmyIxvUhevl+zd
CZLs+tnTcbKJxTh3U3Fh6qOezFHoiMDeDlBzLuMkUzEtDhxt5Qxx4IXWuMrbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUTMa0gwsQWMLx0P42vn7tHPvSM7YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMz
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALZ2SAw
DQYJKoZIhvcNAQELBQADggEBAJnLfW8ODzIXWkouDjUVyd+v577nTm2ya4HT573q
yajyxRAZTxfld+tg8y6AiAk2FwJyqX0wAKHKVwDvboCQHE1E5QnWki+oIhlnl0yC
yv4mg4mHAY84t55Ncq6b9grchlJRdRwq8jx4NopfHp6ixIvrJWPV5pWFJoWHJRdS
Sf+U2IVHSrEyy30TlXk2e9L5sFIZpK+AECoCGGHGR2xZ8w1eW4tR6JHGAJWoWSkE
MlHQinUJk/DEJrFZo4wE+xbZzDgUrZaAI/kwbWtnpT6FV23jVxDZl1nA6QjdtFeK
WGnX53nGmtZD6Usmyy913ooEMbSADN50bpcfFEZTsocEyls=
-----END CERTIFICATE-----