Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3139382e302f32342d3234203d3e20383334.roa
File:                     3231372e3231362e3139382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Kzs5aaOf050u/MT3Zqe+NgNX5GsiUGgkubGFTwDGS88=
Subject key identifier:   3F:4B:7D:47:1F:35:FD:60:8C:5D:53:AB:07:4D:FF:A9:41:75:71:12
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5EACA448B16B778D5DADC811A5204DF71D005ECE
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3139382e302f32342d3234203d3e20383334.roa
Signing time:             Tue 24 Feb 2026 09:28:23 +0000
ROA not before:           Tue 24 Feb 2026 09:23:23 +0000
ROA not after:            Tue 23 Feb 2027 09:28:23 +0000
asID:                     834
IP address blocks:        217.216.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:ac:a4:48:b1:6b:77:8d:5d:ad:c8:11:a5:20:4d:f7:1d:00:5e:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 24 09:23:23 2026 GMT
            Not After : Feb 23 09:28:23 2027 GMT
        Subject: CN=3F4B7D471F35FD608C5D53AB074DFFA941757112
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e0:27:a1:ca:ed:da:99:b6:02:86:00:59:c9:
                    48:92:79:4b:43:2d:fc:26:01:96:4d:b3:c7:6f:e6:
                    fb:07:ed:5e:13:00:d3:44:16:b9:66:47:93:47:80:
                    99:60:84:c8:ef:f4:ee:7e:99:13:ff:f1:2b:e8:bc:
                    22:b2:1e:97:31:3f:f1:89:b7:ed:3a:8b:51:ec:e7:
                    45:00:96:c4:f9:0b:64:60:e7:a5:66:22:62:f0:87:
                    0e:f9:9f:80:f7:bb:93:eb:fd:4d:ba:04:4d:ba:eb:
                    3d:4e:6a:5b:ed:ac:b3:3d:b0:55:c8:59:0d:18:54:
                    3a:3b:20:8e:c5:a5:63:2a:b6:f9:50:e5:ad:17:34:
                    72:be:ae:2f:24:3d:c6:b9:6f:91:86:26:37:6e:2a:
                    1f:68:9b:82:4d:25:c8:6e:2f:03:80:8b:6c:af:be:
                    6c:67:0e:60:57:3b:4a:17:55:d7:24:82:a6:cd:0f:
                    65:e3:8b:fd:ae:72:03:1a:40:dc:80:b9:af:d6:29:
                    65:9a:ce:f9:dc:a8:c2:84:53:0c:9b:b3:10:39:45:
                    1c:40:47:ff:bb:02:6b:84:8f:35:75:ed:50:34:f9:
                    2a:a5:70:a8:97:c4:3e:f2:29:3e:34:45:ef:aa:48:
                    c7:db:11:6b:7b:98:59:6f:98:80:11:63:6e:03:b3:
                    49:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:4B:7D:47:1F:35:FD:60:8C:5D:53:AB:07:4D:FF:A9:41:75:71:12
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3139382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:d4:1e:98:b7:e8:b1:09:c9:12:b5:97:74:54:74:99:d8:e4:
         23:54:40:cf:f5:9e:7c:0a:ab:24:48:68:11:0d:29:9f:5f:f9:
         bf:54:62:88:63:9c:9b:45:48:4c:ab:2e:e9:61:ce:38:9a:17:
         5b:5b:29:1f:6d:61:00:2b:08:90:d8:ad:1d:ad:8a:4b:4d:93:
         47:d3:90:7e:c3:46:ad:d9:81:03:04:36:c7:d1:07:eb:6b:79:
         5c:14:e7:98:d3:f9:4e:01:58:31:a4:71:68:5a:fb:83:55:f8:
         ab:50:02:aa:15:ab:28:05:0a:f3:01:4e:42:f0:d2:bd:75:be:
         b5:83:39:b2:b5:bc:74:45:57:c0:f7:00:64:78:36:87:4b:a8:
         c0:06:cf:12:51:b6:90:4f:fc:a3:df:c5:34:2e:bd:9a:a6:fa:
         2f:26:df:5f:14:b2:ab:4a:c6:e5:ab:8f:9a:b7:5d:2a:0c:7a:
         40:44:61:e5:c3:1b:db:0b:f3:b1:ae:e2:2e:eb:80:f8:5f:00:
         22:85:1f:a6:8c:68:3b:0c:03:02:96:5a:92:5a:b5:d1:f8:8e:
         47:48:84:80:01:32:c8:c4:59:34:4e:6d:5f:ca:95:e6:85:d5:
         dd:ea:78:25:04:b5:3a:69:85:8a:a9:12:e5:98:81:b9:64:be:
         90:6f:60:62
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXqykSLFrd41drcgRpSBN9x0AXs4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAyMjQwOTIzMjNaFw0yNzAyMjMwOTI4MjNaMDMxMTAvBgNV
BAMTKDNGNEI3RDQ3MUYzNUZENjA4QzVENTNBQjA3NERGRkE5NDE3NTcxMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg4Cehyu3ambYChgBZyUiSeUtD
LfwmAZZNs8dv5vsH7V4TANNEFrlmR5NHgJlghMjv9O5+mRP/8SvovCKyHpcxP/GJ
t+06i1Hs50UAlsT5C2Rg56VmImLwhw75n4D3u5Pr/U26BE266z1OalvtrLM9sFXI
WQ0YVDo7II7FpWMqtvlQ5a0XNHK+ri8kPca5b5GGJjduKh9om4JNJchuLwOAi2yv
vmxnDmBXO0oXVdckgqbND2Xji/2ucgMaQNyAua/WKWWazvncqMKEUwybsxA5RRxA
R/+7AmuEjzV17VA0+SqlcKiXxD7yKT40Re+qSMfbEWt7mFlvmIARY24Ds0khAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUP0t9Rx81/WCMXVOrB03/qUF1cRIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMx
MzkzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnY
xjANBgkqhkiG9w0BAQsFAAOCAQEAhtQemLfosQnJErWXdFR0mdjkI1RAz/WefAqr
JEhoEQ0pn1/5v1RiiGOcm0VITKsu6WHOOJoXW1spH21hACsIkNitHa2KS02TR9OQ
fsNGrdmBAwQ2x9EH62t5XBTnmNP5TgFYMaRxaFr7g1X4q1ACqhWrKAUK8wFOQvDS
vXW+tYM5srW8dEVXwPcAZHg2h0uowAbPElG2kE/8o9/FNC69mqb6LybfXxSyq0rG
5auPmrddKgx6QERh5cMb2wvzsa7iLuuA+F8AIoUfpoxoOwwDApZaklq10fiOR0iE
gAEyyMRZNE5tX8qV5oXV3ep4JQS1OmmFiqkS5ZiBuWS+kG9gYg==
-----END CERTIFICATE-----