Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3135362e302f32322d3234203d3e20383334.roa
File:                     3134372e3132352e3135362e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          Agz1qegTiJ5SzBDkwNff0UEo7ip45DfKwBhN/xKdq2k=
Subject key identifier:   3D:7B:FB:C4:AA:0C:F5:19:85:92:72:1C:CD:24:4A:FA:1C:94:C3:83
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       2CB168A0BC220647B3E5303855F3F2F342833E33
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3135362e302f32322d3234203d3e20383334.roa
Signing time:             Wed 05 Nov 2025 14:18:34 +0000
ROA not before:           Wed 05 Nov 2025 14:13:34 +0000
ROA not after:            Wed 04 Nov 2026 14:18:34 +0000
asID:                     834
IP address blocks:        147.125.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 05:37:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:b1:68:a0:bc:22:06:47:b3:e5:30:38:55:f3:f2:f3:42:83:3e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Nov  5 14:13:34 2025 GMT
            Not After : Nov  4 14:18:34 2026 GMT
        Subject: CN=3D7BFBC4AA0CF5198592721CCD244AFA1C94C383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:fa:3e:01:50:b2:45:26:36:da:95:31:18:97:
                    cc:e0:b5:40:1a:63:fa:e9:d1:53:8f:1b:ae:6c:fb:
                    f5:56:eb:61:8c:0e:e3:e3:b6:7a:c8:b1:cf:9b:18:
                    84:50:85:53:6a:52:39:85:48:88:b4:bf:6a:5c:b9:
                    87:14:01:68:2a:45:fd:2a:3a:36:ef:2c:a0:48:fa:
                    6a:8c:8e:54:94:3d:8f:d1:59:92:24:e9:7c:b7:e9:
                    57:a6:f0:c9:27:7b:25:8a:6b:43:fd:e3:9d:aa:9a:
                    52:7c:34:e6:08:58:c7:2f:fc:29:dd:50:9f:1f:66:
                    dc:fe:30:2c:32:55:db:cb:d4:5c:44:e1:03:dd:1e:
                    e6:ef:01:d3:db:71:5f:ad:c0:a6:60:8c:03:b8:d0:
                    20:0e:a8:39:f2:5f:e5:54:94:e0:e2:a7:2b:4d:d7:
                    3b:ba:17:09:43:bf:97:12:56:b0:6e:ce:95:e5:01:
                    48:83:7c:92:81:18:2b:0c:d0:1f:8c:12:a8:cd:44:
                    72:d1:24:17:1f:56:b2:75:55:5f:4a:65:92:7a:8e:
                    3a:7c:51:4b:9d:49:d9:ca:9b:ed:bc:e1:f0:e8:ee:
                    1f:1d:b1:74:c1:a6:e1:60:1a:25:23:6e:74:3a:05:
                    2f:ba:ba:9e:93:c9:69:a8:bc:cf:74:3e:98:fe:07:
                    19:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:7B:FB:C4:AA:0C:F5:19:85:92:72:1C:CD:24:4A:FA:1C:94:C3:83
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3135362e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:a9:eb:29:00:90:11:63:02:bf:d9:20:4f:4a:b6:73:0e:fc:
         54:af:63:7f:1b:f3:5c:e9:08:31:91:0b:a7:1b:01:ba:47:7c:
         3f:e2:2b:5c:f3:85:5e:d2:98:fe:fc:54:26:40:1d:3f:ef:f4:
         95:53:66:24:65:2c:ac:a1:e1:12:6d:1b:b7:49:92:cd:a1:d0:
         74:e9:3f:e2:4c:68:52:be:06:10:61:ec:35:94:8b:61:68:f8:
         76:9b:3c:c9:1b:e1:e5:0a:79:e7:13:15:c0:a0:e4:44:fb:29:
         f9:d7:0e:48:62:c4:91:10:6a:5c:66:3c:62:e1:20:88:1d:6a:
         c5:e5:9e:fa:1a:39:49:25:2c:0e:03:41:61:49:7b:85:f9:01:
         b9:39:ed:c7:20:76:71:a4:f3:ab:a9:72:61:89:6f:73:6c:10:
         92:11:59:3e:52:59:be:24:89:8f:da:4d:50:4d:7b:b8:a4:cd:
         81:ac:de:82:d5:58:d3:73:9e:e7:12:2b:8c:e6:ee:c1:d0:88:
         75:a5:35:f7:be:2a:b9:85:5b:03:df:0d:af:7d:f0:56:57:18:
         08:a0:f0:9a:ca:5e:96:c6:7d:c6:73:82:08:f1:38:5e:50:f7:
         18:7e:13:b2:eb:85:17:bc:fe:8b:d9:dd:d3:37:f8:1a:4c:30:
         f8:34:1b:1c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULLFooLwiBkez5TA4VfPy80KDPjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNTExMDUxNDEzMzRaFw0yNjExMDQxNDE4MzRaMDMxMTAvBgNV
BAMTKDNEN0JGQkM0QUEwQ0Y1MTk4NTkyNzIxQ0NEMjQ0QUZBMUM5NEMzODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ+j4BULJFJjbalTEYl8zgtUAa
Y/rp0VOPG65s+/VW62GMDuPjtnrIsc+bGIRQhVNqUjmFSIi0v2pcuYcUAWgqRf0q
OjbvLKBI+mqMjlSUPY/RWZIk6Xy36Vem8MkneyWKa0P9452qmlJ8NOYIWMcv/Cnd
UJ8fZtz+MCwyVdvL1FxE4QPdHubvAdPbcV+twKZgjAO40CAOqDnyX+VUlODipytN
1zu6FwlDv5cSVrBuzpXlAUiDfJKBGCsM0B+MEqjNRHLRJBcfVrJ1VV9KZZJ6jjp8
UUudSdnKm+284fDo7h8dsXTBpuFgGiUjbnQ6BS+6up6TyWmovM90Ppj+BxkxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPXv7xKoM9RmFknIczSRK+hyUw4MwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzUzNjJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApN9
nDANBgkqhkiG9w0BAQsFAAOCAQEAc6nrKQCQEWMCv9kgT0q2cw78VK9jfxvzXOkI
MZELpxsBukd8P+IrXPOFXtKY/vxUJkAdP+/0lVNmJGUsrKHhEm0bt0mSzaHQdOk/
4kxoUr4GEGHsNZSLYWj4dps8yRvh5Qp55xMVwKDkRPsp+dcOSGLEkRBqXGY8YuEg
iB1qxeWe+ho5SSUsDgNBYUl7hfkBuTntxyB2caTzq6lyYYlvc2wQkhFZPlJZviSJ
j9pNUE17uKTNgazegtVY03Oe5xIrjObuwdCIdaU1974quYVbA98Nr33wVlcYCKDw
mspelsZ9xnOCCPE4XlD3GH4TsuuFF7z+i9nd0zf4Gkww+DQbHA==
-----END CERTIFICATE-----