Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e38352e32342e302f32322d3234203d3e203437353833.roa
File:                     3231322e38352e32342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          hpKdRBme2ngrJ/jiXSFwcHLeTkhwYrqInOz4YNjQ9N4=
Subject key identifier:   D1:A2:45:9A:A1:B6:02:9D:DE:06:A9:25:76:95:B2:54:BD:70:B2:7F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1CC288BF87EC52C398F598DF528962655D680243
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e38352e32342e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 30 Jan 2026 12:23:12 +0000
ROA not before:           Fri 30 Jan 2026 12:18:12 +0000
ROA not after:            Fri 29 Jan 2027 12:23:12 +0000
asID:                     47583
IP address blocks:        212.85.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:c2:88:bf:87:ec:52:c3:98:f5:98:df:52:89:62:65:5d:68:02:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 30 12:18:12 2026 GMT
            Not After : Jan 29 12:23:12 2027 GMT
        Subject: CN=D1A2459AA1B6029DDE06A9257695B254BD70B27F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fa:10:85:f1:d3:69:76:78:be:ed:4e:ea:e8:
                    88:e7:15:73:c1:9a:32:a7:77:97:67:d5:d7:0f:0f:
                    4a:ed:40:5c:dc:3b:29:0d:37:68:44:93:7a:06:f4:
                    82:88:2f:f7:a2:2e:16:e4:ff:9e:e3:9a:16:52:d5:
                    98:91:e9:eb:6c:56:e0:b9:85:70:4b:f4:9e:e2:29:
                    b3:b5:43:be:1e:15:b9:b1:0a:77:b7:a3:07:b9:31:
                    37:ae:27:74:3a:34:85:34:88:7f:df:0a:14:da:8d:
                    5a:22:5b:e3:6e:37:19:f1:e4:21:29:72:a8:b5:cb:
                    10:57:68:04:dc:ca:34:d6:70:5d:62:f7:c7:87:6f:
                    bb:39:e2:d0:55:fd:59:d7:56:31:49:07:5c:f9:07:
                    f5:6d:6a:17:2c:37:1d:4a:19:90:5c:ff:57:ea:f6:
                    57:b5:82:19:60:dd:b1:3d:71:c1:82:f5:fe:94:d3:
                    2a:a8:b0:f5:9d:c3:ea:32:57:08:90:35:dc:c6:d7:
                    a4:8b:79:dd:47:0d:31:6f:14:f4:d5:ff:17:6d:df:
                    6a:d6:9a:67:f6:2f:6d:91:fd:c9:0a:85:ab:6c:4f:
                    24:ed:f0:59:81:00:be:5c:14:12:47:46:05:94:20:
                    e3:1f:db:66:60:7c:cd:95:cf:e7:85:50:e4:e3:c7:
                    89:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:A2:45:9A:A1:B6:02:9D:DE:06:A9:25:76:95:B2:54:BD:70:B2:7F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231322e38352e32342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.85.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:65:10:a9:48:b5:60:f8:bf:a4:ed:78:3e:30:31:36:b1:3a:
         48:d1:c2:b0:5a:4e:4a:32:5c:9b:3c:61:f5:07:c5:3b:9a:37:
         c6:fa:dc:7a:e7:54:a0:44:3d:f0:5b:74:d2:4f:8c:11:ee:6f:
         1e:b5:25:6a:83:5d:75:d4:b6:c2:75:e3:32:9f:b5:91:53:62:
         ba:12:81:fa:06:9f:7b:cc:2b:25:67:49:9e:94:13:43:6a:8e:
         2c:90:82:d1:09:0c:6a:8f:fd:99:a0:7e:fc:98:17:96:8e:9c:
         91:88:11:75:67:51:63:35:11:21:82:47:c5:14:84:fc:fe:dd:
         c4:1e:6d:64:37:91:ca:15:b2:0a:72:29:a1:76:94:0a:23:18:
         d6:e6:8e:4f:8d:05:b3:58:35:12:ec:02:40:3c:65:b4:e5:59:
         75:80:e0:4d:cd:ac:cf:50:4f:9a:41:2d:38:b6:f6:36:56:62:
         99:02:4f:4e:92:84:98:43:27:66:8e:5b:cb:f0:30:55:6a:02:
         c9:61:ae:48:1c:dd:f3:48:bb:72:12:95:73:d7:e4:13:b8:f2:
         90:a6:fe:55:5a:90:61:42:b5:d9:cc:8a:4f:c7:ad:70:00:50:
         3f:42:69:b3:44:71:30:fa:94:26:24:60:b8:f9:42:38:69:58:
         f3:13:35:41
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHMKIv4fsUsOY9ZjfUoliZV1oAkMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAxMzAxMjE4MTJaFw0yNzAxMjkxMjIzMTJaMDMxMTAvBgNV
BAMTKEQxQTI0NTlBQTFCNjAyOURERTA2QTkyNTc2OTVCMjU0QkQ3MEIyN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW+hCF8dNpdni+7U7q6IjnFXPB
mjKnd5dn1dcPD0rtQFzcOykNN2hEk3oG9IKIL/eiLhbk/57jmhZS1ZiR6etsVuC5
hXBL9J7iKbO1Q74eFbmxCne3owe5MTeuJ3Q6NIU0iH/fChTajVoiW+NuNxnx5CEp
cqi1yxBXaATcyjTWcF1i98eHb7s54tBV/VnXVjFJB1z5B/VtahcsNx1KGZBc/1fq
9le1ghlg3bE9ccGC9f6U0yqosPWdw+oyVwiQNdzG16SLed1HDTFvFPTV/xdt32rW
mmf2L22R/ckKhatsTyTt8FmBAL5cFBJHRgWUIOMf22ZgfM2Vz+eFUOTjx4llAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0aJFmqG2Ap3eBqkldpWyVL1wsn8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTMyMmUzODM1MmUzMjM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtRV
GDANBgkqhkiG9w0BAQsFAAOCAQEAjGUQqUi1YPi/pO14PjAxNrE6SNHCsFpOSjJc
mzxh9QfFO5o3xvrceudUoEQ98Ft00k+MEe5vHrUlaoNdddS2wnXjMp+1kVNiuhKB
+gafe8wrJWdJnpQTQ2qOLJCC0QkMao/9maB+/JgXlo6ckYgRdWdRYzURIYJHxRSE
/P7dxB5tZDeRyhWyCnIpoXaUCiMY1uaOT40Fs1g1EuwCQDxltOVZdYDgTc2sz1BP
mkEtOLb2NlZimQJPTpKEmEMnZo5by/AwVWoCyWGuSBzd80i7chKVc9fkE7jykKb+
VVqQYUK12cyKT8etcABQP0Jps0RxMPqUJiRguPlCOGlY8xM1QQ==
-----END CERTIFICATE-----