Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230342e302f32342d3234203d3e20383334.roa
File:                     3231372e3231362e3230342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          50jD/gkVttHuLTnsLeF+fmkwmSloMZRYL4jexF4dMn4=
Subject key identifier:   A3:32:B3:68:EA:E7:1D:DD:E6:66:9A:B7:D5:C2:B2:6A:43:48:9C:18
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       40ED236A22AF1EDC21159AA36E4E7C07E4FC9577
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230342e302f32342d3234203d3e20383334.roa
Signing time:             Mon 23 Feb 2026 12:13:09 +0000
ROA not before:           Mon 23 Feb 2026 12:08:09 +0000
ROA not after:            Mon 22 Feb 2027 12:13:09 +0000
asID:                     834
IP address blocks:        217.216.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:04:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:ed:23:6a:22:af:1e:dc:21:15:9a:a3:6e:4e:7c:07:e4:fc:95:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 23 12:08:09 2026 GMT
            Not After : Feb 22 12:13:09 2027 GMT
        Subject: CN=A332B368EAE71DDDE6669AB7D5C2B26A43489C18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f6:b7:5f:94:90:be:a4:e1:95:ab:bf:3a:71:
                    b2:0d:93:f1:14:1e:c2:be:59:06:59:6e:0b:98:38:
                    d5:4e:50:ac:86:51:19:68:8c:56:65:97:db:79:f8:
                    26:01:54:41:1c:f7:55:21:83:5c:cb:24:1e:4a:25:
                    72:f2:12:bc:ad:1b:a1:98:01:ea:d0:9c:e4:10:cf:
                    96:ff:52:08:a3:a5:8f:a2:f6:1d:ba:bc:90:a9:29:
                    5a:86:1f:0c:76:f5:a6:d5:1b:a2:50:1e:47:03:42:
                    70:03:bd:3f:66:a8:04:34:77:ea:b8:2f:a1:d0:9f:
                    28:9a:f4:f9:85:b6:b5:e2:f2:4e:d5:98:80:b2:eb:
                    9a:96:c6:45:dd:56:a0:22:35:77:4f:59:e2:00:8d:
                    e1:4e:94:24:36:a4:8a:2b:5b:48:21:cc:bf:a5:9e:
                    0d:b5:5e:07:7f:ef:ad:02:af:04:78:52:21:29:41:
                    3c:9d:c4:8a:40:05:22:4e:1d:dc:b7:da:df:00:12:
                    c1:a0:43:bb:e0:30:f6:fb:39:35:bc:12:34:48:a3:
                    86:a6:d8:04:5b:f8:2d:ef:79:18:69:59:d9:11:9e:
                    e9:6b:88:69:4d:96:68:9d:fb:30:95:1a:f2:b6:29:
                    69:36:ed:b5:22:1e:c4:0d:7c:fa:b7:5c:a6:39:38:
                    fa:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:32:B3:68:EA:E7:1D:DD:E6:66:9A:B7:D5:C2:B2:6A:43:48:9C:18
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.216.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:cd:03:e6:f6:67:b5:1f:2d:c2:26:62:a6:de:a9:08:2e:f8:
         8f:aa:72:2a:c6:1b:c8:f3:e3:e2:5b:c5:a5:a2:85:f9:ab:86:
         cb:1f:30:d6:25:21:78:dc:dc:0a:dc:99:03:70:6a:ba:67:68:
         85:1c:80:42:c7:69:3c:15:51:a9:56:0c:b2:dc:36:3f:14:6c:
         f9:34:d2:c6:3a:6f:d9:73:30:9b:5b:ad:c7:ea:29:19:e0:1b:
         ce:0f:c7:2e:61:5d:fe:e4:a2:2d:8c:f1:66:5b:ab:9f:ff:57:
         18:1f:f2:4d:1c:23:96:49:bf:70:9d:40:02:1a:ab:e9:57:7c:
         ff:19:4d:1b:cd:9b:3a:74:86:26:45:a6:92:2e:58:b4:9f:c8:
         63:e5:d6:3d:83:42:e8:03:20:06:32:91:18:54:a1:79:e7:3f:
         c9:ec:f9:28:67:ed:18:32:91:b1:82:c3:72:9e:95:28:fa:45:
         e3:c3:c6:8c:01:ea:d0:97:c4:ff:ba:5d:43:7a:73:99:d3:74:
         40:5e:ad:91:62:42:b1:5b:36:a9:59:09:a5:7b:59:e6:c6:b2:
         db:b2:4b:b7:a2:c8:b0:d7:00:27:eb:8b:f1:6a:23:ca:ab:33:
         4f:0c:e7:d8:e2:16:10:17:d9:83:0f:8e:a9:21:54:4c:70:24:
         c7:91:81:70
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQO0jaiKvHtwhFZqjbk58B+T8lXcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAyMjMxMjA4MDlaFw0yNzAyMjIxMjEzMDlaMDMxMTAvBgNV
BAMTKEEzMzJCMzY4RUFFNzFERERFNjY2OUFCN0Q1QzJCMjZBNDM0ODlDMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX9rdflJC+pOGVq786cbINk/EU
HsK+WQZZbguYONVOUKyGURlojFZll9t5+CYBVEEc91Uhg1zLJB5KJXLyErytG6GY
AerQnOQQz5b/UgijpY+i9h26vJCpKVqGHwx29abVG6JQHkcDQnADvT9mqAQ0d+q4
L6HQnyia9PmFtrXi8k7VmICy65qWxkXdVqAiNXdPWeIAjeFOlCQ2pIorW0ghzL+l
ng21Xgd/760CrwR4UiEpQTydxIpABSJOHdy32t8AEsGgQ7vgMPb7OTW8EjRIo4am
2ARb+C3veRhpWdkRnulriGlNlmid+zCVGvK2KWk27bUiHsQNfPq3XKY5OPoPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUozKzaOrnHd3mZpq31cKyakNInBgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzAzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANnY
zDANBgkqhkiG9w0BAQsFAAOCAQEAXs0D5vZntR8twiZipt6pCC74j6pyKsYbyPPj
4lvFpaKF+auGyx8w1iUheNzcCtyZA3BqumdohRyAQsdpPBVRqVYMstw2PxRs+TTS
xjpv2XMwm1utx+opGeAbzg/HLmFd/uSiLYzxZlurn/9XGB/yTRwjlkm/cJ1AAhqr
6Vd8/xlNG82bOnSGJkWmki5YtJ/IY+XWPYNC6AMgBjKRGFSheec/yez5KGftGDKR
sYLDcp6VKPpF48PGjAHq0JfE/7pdQ3pzmdN0QF6tkWJCsVs2qVkJpXtZ5say27JL
t6LIsNcAJ+uL8WojyqszTwzn2OIWEBfZgw+OqSFUTHAkx5GBcA==
-----END CERTIFICATE-----