Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3136302e302f32322d3234203d3e20383334.roa
File:                     3134372e3132352e3136302e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          669uAGrxbuYFZulaic8EIRdL32kPPlQbBgM4yA3ymww=
Subject key identifier:   70:90:B7:8F:76:C2:B5:A0:6E:EC:D3:3D:22:E2:70:F3:07:9F:9A:65
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       7268797FCCF82CFD03A903F16CE798F4AAE54D74
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3136302e302f32322d3234203d3e20383334.roa
Signing time:             Sat 06 Jun 2026 01:34:18 +0000
ROA not before:           Sat 06 Jun 2026 01:29:18 +0000
ROA not after:            Sat 05 Jun 2027 01:34:18 +0000
asID:                     834
IP address blocks:        147.125.160.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:68:79:7f:cc:f8:2c:fd:03:a9:03:f1:6c:e7:98:f4:aa:e5:4d:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun  6 01:29:18 2026 GMT
            Not After : Jun  5 01:34:18 2027 GMT
        Subject: CN=7090B78F76C2B5A06EECD33D22E270F3079F9A65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:af:9c:44:64:34:89:d5:16:00:d0:1c:d2:76:
                    94:7f:cf:eb:da:36:23:6e:c6:ac:8a:d3:fd:f9:3a:
                    54:8a:1f:35:d4:71:6c:17:60:d4:79:03:b1:28:4b:
                    16:b7:67:6f:2c:8b:d8:87:1e:d7:31:51:4c:9e:42:
                    45:c7:e2:ef:d1:7e:b8:6e:18:c2:4c:dc:42:a7:07:
                    a3:1c:7c:11:de:3c:44:16:57:ae:96:1b:08:18:0c:
                    9d:d2:ad:3b:37:8b:5a:0c:ee:4c:9b:e2:f7:d1:54:
                    36:7f:4a:04:03:49:ab:a6:13:56:95:48:bd:ae:24:
                    9c:b8:97:2f:93:c2:85:92:f2:d7:97:e3:a0:0f:c7:
                    00:32:4e:46:90:c7:9e:22:ca:93:e1:72:78:4d:b0:
                    cb:58:42:24:5b:db:2d:ce:ad:94:06:31:08:59:9b:
                    74:a3:e8:4a:7f:04:25:e5:98:3e:d0:c4:9e:69:6f:
                    7a:29:79:c8:8f:c6:b3:8d:12:76:61:ea:52:39:c4:
                    61:14:08:76:a5:45:aa:25:62:cf:02:b6:4b:7e:7a:
                    9e:19:29:e8:6b:76:89:c2:24:4d:9c:cd:f7:b1:8a:
                    19:2c:57:4d:60:11:fe:f4:11:82:0c:a0:96:d4:75:
                    0c:0c:05:ce:85:c4:11:3f:be:a9:27:82:8b:67:11:
                    7f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:90:B7:8F:76:C2:B5:A0:6E:EC:D3:3D:22:E2:70:F3:07:9F:9A:65
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3136302e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:72:54:5b:f6:a6:b2:21:16:23:53:f3:4a:a3:0d:84:3a:d7:
         86:6d:88:5a:c7:b2:7f:49:1a:93:6b:72:8b:b0:7a:3f:f0:1e:
         ca:9c:3e:00:f3:61:a2:c9:80:08:20:8e:4e:22:bb:75:68:3e:
         dc:c0:d8:61:a8:93:21:1b:a2:a6:d3:40:b4:51:df:af:9c:b5:
         4f:99:78:c4:3d:89:60:a8:ec:e4:f5:ff:8c:76:41:60:ca:e8:
         56:2a:2a:ec:b2:aa:92:f7:bb:e6:bf:2c:10:38:6b:32:89:30:
         11:57:4f:86:cc:24:44:e1:cc:e0:9b:f9:a8:68:1f:eb:73:c9:
         ae:df:d4:65:b8:7d:77:bb:33:4c:f7:a2:c1:0e:6b:de:71:50:
         52:83:d9:d8:dc:8c:2f:69:17:ff:98:aa:12:ad:c5:e4:7f:2f:
         cf:a1:fb:dd:e4:91:16:b0:78:b5:1e:08:f3:c3:34:42:61:fe:
         52:3a:10:65:94:0c:2e:85:27:6e:3e:0d:32:eb:fa:82:31:72:
         9b:6b:6a:08:8e:ae:43:86:4a:ba:b4:00:b9:39:d5:b4:17:8c:
         96:a4:0f:12:98:57:b6:3b:c2:3d:e8:ab:f4:e0:e6:37:8a:4c:
         a4:74:b6:93:37:9f:41:92:76:e9:15:e2:4e:c1:6b:30:0e:e6:
         dd:d9:3d:ef
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcmh5f8z4LP0DqQPxbOeY9KrlTXQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MDYwMTI5MThaFw0yNzA2MDUwMTM0MThaMDMxMTAvBgNV
BAMTKDcwOTBCNzhGNzZDMkI1QTA2RUVDRDMzRDIyRTI3MEYzMDc5RjlBNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCor5xEZDSJ1RYA0BzSdpR/z+va
NiNuxqyK0/35OlSKHzXUcWwXYNR5A7EoSxa3Z28si9iHHtcxUUyeQkXH4u/Rfrhu
GMJM3EKnB6McfBHePEQWV66WGwgYDJ3SrTs3i1oM7kyb4vfRVDZ/SgQDSaumE1aV
SL2uJJy4ly+TwoWS8teX46APxwAyTkaQx54iypPhcnhNsMtYQiRb2y3OrZQGMQhZ
m3Sj6Ep/BCXlmD7QxJ5pb3opeciPxrONEnZh6lI5xGEUCHalRaolYs8Ctkt+ep4Z
KehrdonCJE2czfexihksV01gEf70EYIMoJbUdQwMBc6FxBE/vqkngotnEX8dAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcJC3j3bCtaBu7NM9IuJw8wefmmUwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzYzMDJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApN9
oDANBgkqhkiG9w0BAQsFAAOCAQEAd3JUW/amsiEWI1PzSqMNhDrXhm2IWseyf0ka
k2tyi7B6P/Aeypw+APNhosmACCCOTiK7dWg+3MDYYaiTIRuiptNAtFHfr5y1T5l4
xD2JYKjs5PX/jHZBYMroVioq7LKqkve75r8sEDhrMokwEVdPhswkROHM4Jv5qGgf
63PJrt/UZbh9d7szTPeiwQ5r3nFQUoPZ2NyML2kX/5iqEq3F5H8vz6H73eSRFrB4
tR4I88M0QmH+UjoQZZQMLoUnbj4NMuv6gjFym2tqCI6uQ4ZKurQAuTnVtBeMlqQP
EphXtjvCPeir9ODmN4pMpHS2kzefQZJ26RXiTsFrMA7m3dk97w==
-----END CERTIFICATE-----