Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3135302e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3135302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          sU72w18ZVIr/2VsV8rhJASeb8z8Sca2AqZvJFZGB9Lw=
Subject key identifier:   FE:39:3E:10:3A:1D:60:7A:F9:84:2D:12:15:51:9E:7F:AD:96:68:6C
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       0534C2291B210C62DD268499C6B7893C69EDC410
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3135302e302f32342d3234203d3e20383334.roa
Signing time:             Tue 02 Jun 2026 13:20:23 +0000
ROA not before:           Tue 02 Jun 2026 13:15:23 +0000
ROA not after:            Tue 01 Jun 2027 13:20:23 +0000
asID:                     834
IP address blocks:        147.125.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:34:c2:29:1b:21:0c:62:dd:26:84:99:c6:b7:89:3c:69:ed:c4:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun  2 13:15:23 2026 GMT
            Not After : Jun  1 13:20:23 2027 GMT
        Subject: CN=FE393E103A1D607AF9842D1215519E7FAD96686C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:52:21:c6:99:97:40:bb:f1:c6:f0:84:4b:e3:
                    2c:22:78:eb:73:9a:ab:85:fa:ff:12:c6:b4:b4:29:
                    4e:8d:03:f9:93:4f:0e:83:7a:e5:55:a7:7c:7f:06:
                    83:64:f7:93:db:60:7e:d3:c2:f5:d0:fe:be:7f:50:
                    7f:bf:46:29:f6:76:5b:62:46:4b:1f:30:a2:8b:e0:
                    52:08:db:5e:a4:d7:40:ab:13:9d:6f:86:44:80:e7:
                    37:52:22:21:4c:0e:e8:84:01:69:5c:87:ea:77:65:
                    a1:f7:70:7c:b9:4e:ac:33:7e:9c:99:65:52:36:c8:
                    ba:9f:34:2c:f8:7a:f8:a0:a3:31:8a:9a:fe:bd:b5:
                    ed:95:ea:e9:85:31:cc:1a:0a:2b:eb:6f:5a:2c:e0:
                    7f:9f:9b:76:1b:2d:3d:1d:a0:02:48:98:95:1d:6f:
                    b4:d8:d9:42:db:90:fc:f3:c8:cc:a2:ce:e3:53:fc:
                    9a:bd:ff:34:f5:15:c7:2f:86:2e:23:e6:e6:bf:8f:
                    8e:cd:55:eb:62:e1:7c:56:1f:99:4f:cc:57:8d:06:
                    5c:97:64:de:0b:d2:22:e3:cf:43:9d:fc:51:fc:e2:
                    63:d1:49:5d:16:2a:fb:c5:4f:0d:ca:ca:d0:52:d2:
                    40:03:69:47:f6:9c:20:72:3a:10:5c:62:62:82:e7:
                    a4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:39:3E:10:3A:1D:60:7A:F9:84:2D:12:15:51:9E:7F:AD:96:68:6C
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3135302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:4e:d4:6b:5e:c9:e8:75:d4:cc:7c:9e:d5:90:52:78:61:c8:
         1b:d6:73:32:46:50:1b:de:b0:4d:1a:79:94:d1:27:2b:84:cc:
         82:78:2d:74:00:0e:be:77:24:ba:92:a4:5a:78:a7:90:ee:4b:
         66:c3:62:ba:98:0b:9d:80:75:8d:09:18:69:32:32:44:15:3f:
         9b:ef:bb:73:80:0d:36:d0:fb:31:b4:37:26:73:20:56:fa:a5:
         42:fc:37:ef:1b:54:d2:56:19:ea:56:80:13:66:a5:99:32:be:
         bf:e4:37:d1:dc:ca:3b:f6:e7:cc:86:85:34:ec:4d:e4:e4:e3:
         00:17:10:43:9e:fa:71:6c:6d:2e:f3:05:64:73:68:93:c0:f5:
         97:7d:18:38:5d:46:03:38:b3:67:c1:96:a3:d5:31:16:29:3d:
         6d:b9:af:76:7c:71:9d:7e:2e:bd:e3:fd:47:4c:98:0e:54:0e:
         5f:2d:56:0d:a6:af:c1:9c:bb:65:f4:27:8d:47:e3:68:20:7f:
         e1:7b:97:1d:0d:c1:22:d2:9e:8d:71:e3:e0:b7:cc:46:bd:f9:
         6c:30:43:6a:37:47:15:ee:ef:1f:72:32:a1:7e:f0:08:66:2d:
         b4:32:72:19:66:26:df:98:bd:f8:12:ad:8e:d5:34:72:c6:89:
         23:9d:cd:ea
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBTTCKRshDGLdJoSZxreJPGntxBAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MDIxMzE1MjNaFw0yNzA2MDExMzIwMjNaMDMxMTAvBgNV
BAMTKEZFMzkzRTEwM0ExRDYwN0FGOTg0MkQxMjE1NTE5RTdGQUQ5NjY4NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUiHGmZdAu/HG8IRL4ywieOtz
mquF+v8SxrS0KU6NA/mTTw6DeuVVp3x/BoNk95PbYH7TwvXQ/r5/UH+/Rin2dlti
RksfMKKL4FII216k10CrE51vhkSA5zdSIiFMDuiEAWlch+p3ZaH3cHy5TqwzfpyZ
ZVI2yLqfNCz4evigozGKmv69te2V6umFMcwaCivrb1os4H+fm3YbLT0doAJImJUd
b7TY2ULbkPzzyMyizuNT/Jq9/zT1Fccvhi4j5ua/j47NVeti4XxWH5lPzFeNBlyX
ZN4L0iLjz0Od/FH84mPRSV0WKvvFTw3KytBS0kADaUf2nCByOhBcYmKC56RBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU/jk+EDodYHr5hC0SFVGef62WaGwwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzUzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
ljANBgkqhkiG9w0BAQsFAAOCAQEAlE7Ua17J6HXUzHye1ZBSeGHIG9ZzMkZQG96w
TRp5lNEnK4TMgngtdAAOvnckupKkWninkO5LZsNiupgLnYB1jQkYaTIyRBU/m++7
c4ANNtD7MbQ3JnMgVvqlQvw37xtU0lYZ6laAE2almTK+v+Q30dzKO/bnzIaFNOxN
5OTjABcQQ576cWxtLvMFZHNok8D1l30YOF1GAzizZ8GWo9UxFik9bbmvdnxxnX4u
veP9R0yYDlQOXy1WDaavwZy7ZfQnjUfjaCB/4XuXHQ3BItKejXHj4LfMRr35bDBD
ajdHFe7vH3IyoX7wCGYttDJyGWYm35i9+BKtjtU0csaJI53N6g==
-----END CERTIFICATE-----