Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e302e302f32342d3234203d3e2039333034.roa
File:                     3231372e32352e302e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          k5yt2ARsJzVvN+rqHsG78WoVyciVL8kFYaOJznIZOwM=
Subject key identifier:   5D:73:8D:77:FC:40:E1:EC:64:64:2F:55:48:1A:E1:79:E7:99:89:16
Certificate issuer:       /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial:       656CDB80619B789CFBED73D6B9B8DD14004467DF
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e302e302f32342d3234203d3e2039333034.roa
Signing time:             Fri 05 Jun 2026 06:29:29 +0000
ROA not before:           Fri 05 Jun 2026 06:24:29 +0000
ROA not after:            Fri 04 Jun 2027 06:29:29 +0000
asID:                     9304
IP address blocks:        217.25.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:35:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:6c:db:80:61:9b:78:9c:fb:ed:73:d6:b9:b8:dd:14:00:44:67:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
        Validity
            Not Before: Jun  5 06:24:29 2026 GMT
            Not After : Jun  4 06:29:29 2027 GMT
        Subject: CN=5D738D77FC40E1EC64642F55481AE179E7998916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:02:40:02:96:a0:04:58:31:ab:67:ba:1e:ec:
                    4f:d7:43:37:d6:ef:57:c7:aa:5c:20:69:d4:15:de:
                    7d:dd:23:72:ce:5b:09:91:66:5f:82:90:c9:9c:cd:
                    88:9a:b2:a4:b6:57:8a:81:8d:00:65:ea:fc:b1:05:
                    a5:3f:db:89:fc:44:b1:13:b0:8e:9e:7a:25:1e:1e:
                    ac:f3:aa:62:5e:82:2c:ac:53:ae:11:04:70:07:69:
                    cc:23:dd:bd:12:7c:77:8f:71:12:2e:55:13:91:84:
                    9c:86:fb:9a:51:bc:a4:21:7a:5a:f9:64:86:e7:05:
                    f3:4c:68:1f:7f:8e:13:94:d9:1d:65:51:7c:a5:91:
                    19:3e:84:4b:5d:c1:06:17:1c:1b:bd:cb:85:b7:98:
                    5a:69:77:09:67:1a:74:cd:a5:40:38:a1:32:12:b7:
                    f0:73:55:09:e5:ef:65:39:f3:71:16:9e:31:b9:42:
                    94:10:d5:c9:af:c9:e5:06:9d:6c:9b:17:86:1a:eb:
                    21:94:bb:46:24:69:64:a3:ca:dd:b2:20:e3:ab:a7:
                    30:d4:1e:a7:ef:dc:91:60:e1:d6:f5:5c:e6:6e:c5:
                    46:f2:e3:0b:e2:02:c7:01:4a:44:d3:8e:46:53:ec:
                    cc:4b:a3:85:3b:cd:cb:3e:1a:d6:fe:76:64:ec:09:
                    5b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:73:8D:77:FC:40:E1:EC:64:64:2F:55:48:1A:E1:79:E7:99:89:16
            X509v3 Authority Key Identifier:
                keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e302e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:31:1f:bc:37:e7:d8:a8:9a:83:a4:19:a6:b6:5d:83:1e:4c:
         4c:08:e4:c1:66:a2:c2:fc:ef:5f:b3:30:1e:c0:d4:bb:3f:0c:
         48:56:08:3a:cb:a7:1b:96:5b:3d:ec:68:35:dd:ae:ea:3c:1e:
         93:62:13:13:3d:5a:fc:e1:b1:7f:ce:1f:06:8b:43:d0:66:fc:
         6c:d8:98:4b:08:7a:48:7e:fd:60:3a:c1:72:bf:44:60:5d:be:
         3a:7c:90:13:8f:46:b7:99:10:80:f0:30:da:0f:1c:76:3d:97:
         ca:b7:34:cb:2c:2b:11:10:63:77:c4:4d:4c:5b:e5:72:f5:82:
         9b:56:27:fb:eb:ce:9d:d0:47:40:8f:dc:31:4b:4e:8e:fa:ca:
         47:d8:3a:0b:bc:de:4b:06:04:fe:2f:04:99:b5:fe:65:b9:be:
         06:bf:73:35:65:85:30:e8:36:a1:02:d3:11:40:ee:bb:b8:12:
         1d:13:07:af:40:0a:1f:f3:f8:a7:42:db:f5:89:8b:ed:d6:ce:
         28:39:40:3d:4e:35:69:95:41:b2:ff:85:3e:50:91:70:0d:d8:
         75:81:15:f7:7a:64:c1:30:b4:b9:3c:69:f7:0a:4d:55:3d:fc:
         48:69:7d:42:a9:93:47:93:1d:d1:53:fc:32:52:d4:da:49:d1:
         b8:5e:60:72
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUZWzbgGGbeJz77XPWubjdFABEZ98wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA2MDUwNjI0MjlaFw0yNzA2MDQwNjI5MjlaMDMxMTAvBgNV
BAMTKDVENzM4RDc3RkM0MEUxRUM2NDY0MkY1NTQ4MUFFMTc5RTc5OTg5MTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnAkAClqAEWDGrZ7oe7E/XQzfW
71fHqlwgadQV3n3dI3LOWwmRZl+CkMmczYiasqS2V4qBjQBl6vyxBaU/24n8RLET
sI6eeiUeHqzzqmJegiysU64RBHAHacwj3b0SfHePcRIuVRORhJyG+5pRvKQhelr5
ZIbnBfNMaB9/jhOU2R1lUXylkRk+hEtdwQYXHBu9y4W3mFppdwlnGnTNpUA4oTIS
t/BzVQnl72U583EWnjG5QpQQ1cmvyeUGnWybF4Ya6yGUu0YkaWSjyt2yIOOrpzDU
Hqfv3JFg4db1XOZuxUby4wviAscBSkTTjkZT7MxLo4U7zcs+Gtb+dmTsCVstAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUXXONd/xA4exkZC9VSBrheeeZiRYwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzMzMDM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RkAMA0G
CSqGSIb3DQEBCwUAA4IBAQAbMR+8N+fYqJqDpBmmtl2DHkxMCOTBZqLC/O9fszAe
wNS7PwxIVgg6y6cblls97Gg13a7qPB6TYhMTPVr84bF/zh8Gi0PQZvxs2JhLCHpI
fv1gOsFyv0RgXb46fJATj0a3mRCA8DDaDxx2PZfKtzTLLCsREGN3xE1MW+Vy9YKb
Vif7686d0EdAj9wxS06O+spH2DoLvN5LBgT+LwSZtf5lub4Gv3M1ZYUw6DahAtMR
QO67uBIdEwevQAof8/inQtv1iYvt1s4oOUA9TjVplUGy/4U+UJFwDdh1gRX3emTB
MLS5PGn3Ck1VPfxIaX1CqZNHkx3RU/wyUtTaSdG4XmBy
-----END CERTIFICATE-----