Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133302e302f32332d3234203d3e20383334.roa
File:                     3134372e3132352e3133302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          mcfI0Ib1I9tRHx24fKlI1tek3G/YWju2epp2t9GWLMw=
Subject key identifier:   B7:24:B2:2E:96:A8:F2:35:EA:EF:DC:0F:FE:09:4B:9A:3D:64:8B:FC
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       1DBFDCD0239D2CA2DE9A5A426F7055EF78F0B0CB
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133302e302f32332d3234203d3e20383334.roa
Signing time:             Wed 05 Nov 2025 05:37:47 +0000
ROA not before:           Wed 05 Nov 2025 05:32:47 +0000
ROA not after:            Wed 04 Nov 2026 05:37:47 +0000
asID:                     834
IP address blocks:        147.125.130.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 05:37:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:bf:dc:d0:23:9d:2c:a2:de:9a:5a:42:6f:70:55:ef:78:f0:b0:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Nov  5 05:32:47 2025 GMT
            Not After : Nov  4 05:37:47 2026 GMT
        Subject: CN=B724B22E96A8F235EAEFDC0FFE094B9A3D648BFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8a:8d:5e:74:cf:85:cd:39:f2:79:ca:03:21:
                    b0:8e:26:ac:a8:2d:11:ae:02:0b:2b:5e:6c:57:f1:
                    6d:00:16:43:88:8d:9a:8c:3e:09:96:fc:0c:32:e1:
                    36:20:53:ac:e9:bd:ed:f1:59:3a:bb:cc:0c:aa:79:
                    82:f8:19:06:d4:aa:3f:40:45:89:34:3f:7e:45:40:
                    f6:77:04:c4:a3:b9:49:ee:8e:5f:66:9b:1a:81:e9:
                    92:c2:c1:33:0a:18:96:c2:4b:82:92:cc:14:8d:5d:
                    ce:3e:e5:ad:03:3b:16:e7:24:10:6a:31:98:2d:e5:
                    7d:3a:1d:68:96:f9:1b:ba:fc:ae:c1:14:40:1f:00:
                    b6:fd:f4:7f:d6:61:fc:f7:ad:a9:64:42:b7:a0:43:
                    15:be:ac:6c:c4:57:d2:94:4f:4a:45:27:02:1e:43:
                    3c:84:51:cb:3f:97:8f:8f:61:21:33:d2:a3:af:95:
                    8a:55:03:c4:bb:8a:d5:5e:0d:76:bb:e2:c1:24:e5:
                    0b:40:0e:58:44:0a:f7:6d:72:4f:10:b5:4f:11:4f:
                    6a:5c:d2:b6:7f:ea:90:3a:a5:f4:9f:6f:6f:a4:20:
                    a4:ad:51:d4:91:4a:01:2a:ff:8f:37:ab:d1:cb:f6:
                    c9:7b:d1:98:6f:86:40:63:ec:50:38:ba:8b:44:14:
                    77:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:24:B2:2E:96:A8:F2:35:EA:EF:DC:0F:FE:09:4B:9A:3D:64:8B:FC
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:36:43:25:cb:95:2a:26:37:05:4b:37:1c:fb:5b:0c:ab:43:
         02:cf:b0:91:a0:e1:24:68:35:e2:1a:a0:72:85:df:9b:29:5e:
         24:f4:9d:94:4e:67:80:18:fc:65:2b:af:a8:e1:0f:80:7b:73:
         2a:98:b2:e4:3c:d2:5f:da:e3:fc:aa:f6:87:04:89:16:13:83:
         a3:0a:d8:b1:6f:3d:f1:c6:01:42:04:f2:41:9b:71:57:97:f4:
         8f:c6:20:93:b1:6c:a4:85:46:9d:4d:23:19:30:3c:a0:e8:00:
         a5:0e:c0:1b:56:ef:54:1d:0e:bf:c6:38:34:42:c0:34:32:64:
         c7:60:5e:18:64:7b:33:88:d0:31:43:19:ab:be:e3:77:d4:ba:
         3d:3e:3e:4c:eb:81:49:39:29:68:46:be:72:64:80:ca:3f:b0:
         32:10:e2:60:52:6c:f2:3f:b0:be:ec:d9:b5:c8:d1:38:db:33:
         c6:71:51:33:c9:44:b3:3a:7d:e3:05:4f:af:9c:65:56:fe:0b:
         43:06:7f:48:d8:88:5f:e5:8c:cd:1e:a2:f4:96:de:a0:31:46:
         ef:b3:87:46:04:6a:36:26:35:e4:72:f8:c8:8f:50:0c:1e:17:
         e3:70:4e:64:da:d8:4f:be:1d:69:94:4f:3e:c7:20:fb:df:ea:
         df:32:84:fb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHb/c0COdLKLemlpCb3BV73jwsMswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNTExMDUwNTMyNDdaFw0yNjExMDQwNTM3NDdaMDMxMTAvBgNV
BAMTKEI3MjRCMjJFOTZBOEYyMzVFQUVGREMwRkZFMDk0QjlBM0Q2NDhCRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxio1edM+FzTnyecoDIbCOJqyo
LRGuAgsrXmxX8W0AFkOIjZqMPgmW/Awy4TYgU6zpve3xWTq7zAyqeYL4GQbUqj9A
RYk0P35FQPZ3BMSjuUnujl9mmxqB6ZLCwTMKGJbCS4KSzBSNXc4+5a0DOxbnJBBq
MZgt5X06HWiW+Ru6/K7BFEAfALb99H/WYfz3ralkQregQxW+rGzEV9KUT0pFJwIe
QzyEUcs/l4+PYSEz0qOvlYpVA8S7itVeDXa74sEk5QtADlhECvdtck8QtU8RT2pc
0rZ/6pA6pfSfb2+kIKStUdSRSgEq/483q9HL9sl70ZhvhkBj7FA4uotEFHdvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUtySyLpao8jXq79wP/glLmj1ki/wwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzMzMDJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZN9
gjANBgkqhkiG9w0BAQsFAAOCAQEApzZDJcuVKiY3BUs3HPtbDKtDAs+wkaDhJGg1
4hqgcoXfmyleJPSdlE5ngBj8ZSuvqOEPgHtzKpiy5DzSX9rj/Kr2hwSJFhODowrY
sW898cYBQgTyQZtxV5f0j8Ygk7FspIVGnU0jGTA8oOgApQ7AG1bvVB0Ov8Y4NELA
NDJkx2BeGGR7M4jQMUMZq77jd9S6PT4+TOuBSTkpaEa+cmSAyj+wMhDiYFJs8j+w
vuzZtcjRONszxnFRM8lEszp94wVPr5xlVv4LQwZ/SNiIX+WMzR6i9JbeoDFG77OH
RgRqNiY15HL4yI9QDB4X43BOZNrYT74daZRPPscg+9/q3zKE+w==
-----END CERTIFICATE-----