Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3136382e302f32332d3234203d3e20383334.roa
File:                     3134372e3132352e3136382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          zerf2K4seZ6EhyK71ojffm+BULYOiVL3axGQgK7FBgc=
Subject key identifier:   92:57:8D:6A:A1:EE:F4:10:3C:74:4E:13:94:F6:72:A9:66:7A:B3:FC
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       5C9CB93D68CA4C1356876DAEC9EB353FA1D21160
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3136382e302f32332d3234203d3e20383334.roa
Signing time:             Mon 08 Jun 2026 13:58:28 +0000
ROA not before:           Mon 08 Jun 2026 13:53:28 +0000
ROA not after:            Mon 07 Jun 2027 13:58:28 +0000
asID:                     834
IP address blocks:        147.125.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:9c:b9:3d:68:ca:4c:13:56:87:6d:ae:c9:eb:35:3f:a1:d2:11:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun  8 13:53:28 2026 GMT
            Not After : Jun  7 13:58:28 2027 GMT
        Subject: CN=92578D6AA1EEF4103C744E1394F672A9667AB3FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1c:f3:c1:ea:90:20:a8:95:0f:c6:52:9b:df:
                    e5:c9:ba:46:58:e9:60:c1:23:f7:ac:94:be:28:bb:
                    fc:ec:4c:33:bd:34:cf:99:7b:ea:63:a3:dd:46:6c:
                    f1:c1:c1:ae:08:d1:5a:d5:93:09:1a:7b:63:b0:e0:
                    c2:9a:49:47:9d:fb:d0:d6:f7:47:3a:fa:3c:14:e7:
                    fb:de:87:e8:e2:48:2b:d0:fb:9f:93:fe:92:20:fa:
                    49:d6:91:90:d0:47:ae:51:bd:65:11:42:35:8b:2c:
                    24:e8:f5:2c:d3:47:a2:bc:1f:21:55:bb:64:ca:2d:
                    3f:14:74:d1:3b:f2:c6:00:80:0d:b7:45:8c:9d:2a:
                    a6:8f:cc:0d:81:48:e1:73:48:3b:c6:d6:52:fa:bc:
                    41:24:81:ea:08:6a:9c:d7:fc:af:6a:f7:82:99:b0:
                    db:28:bd:da:bd:6a:29:a8:49:c2:1b:cd:c8:32:68:
                    67:f3:d9:34:c3:27:fb:57:57:da:5d:50:5c:ea:c3:
                    31:cf:ba:52:7c:08:9e:e9:cf:d7:f3:30:e2:5b:c5:
                    60:a3:3e:6d:f9:db:8d:a7:3b:ea:08:b3:83:46:43:
                    a8:85:c8:6d:65:3c:53:d5:86:c8:90:6c:b8:f9:15:
                    73:d3:9f:91:ea:73:da:64:fc:f6:40:ec:48:b4:5e:
                    dd:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:57:8D:6A:A1:EE:F4:10:3C:74:4E:13:94:F6:72:A9:66:7A:B3:FC
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3136382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:0a:ab:c5:31:6b:ca:43:34:a2:98:0f:36:42:73:70:f9:a3:
         29:b1:48:9c:1a:21:85:53:8b:75:f5:32:44:7b:12:18:cf:69:
         56:86:f2:84:95:ab:54:df:8a:4d:e7:aa:df:e2:35:1d:a4:53:
         b8:c1:2d:2d:1c:25:aa:76:d6:a2:6e:23:fe:0f:13:77:c7:61:
         e5:e2:bb:bd:df:6b:44:ab:88:4b:5b:cc:a3:ee:38:aa:30:4b:
         54:fd:44:5d:7f:f3:1b:57:4f:65:16:fe:9c:d6:f4:90:5f:b0:
         29:83:3f:ae:26:d6:db:91:ef:68:8a:24:ec:b1:5f:2f:d1:69:
         e3:88:6a:3c:2a:00:cf:3b:66:01:58:cf:bf:9d:d6:9d:bb:2e:
         27:85:02:72:b0:24:52:20:92:3b:dd:db:4c:a7:24:fd:5f:48:
         64:48:c1:ec:c8:96:0a:36:a0:3a:bc:69:89:c7:37:6a:05:3f:
         f6:12:3e:af:98:b6:58:3d:03:e2:e2:e6:2d:2b:6c:9f:13:5b:
         f8:f4:30:86:4c:85:5a:62:fb:69:11:bf:61:14:92:63:8b:ea:
         92:d5:75:34:c7:d0:9e:ae:d5:e6:a1:5b:c0:52:d2:c0:46:e5:
         ee:8e:5d:01:bf:3c:97:8b:28:4b:d6:2c:03:bb:51:da:10:94:
         e3:73:4c:dc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXJy5PWjKTBNWh22uyes1P6HSEWAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MDgxMzUzMjhaFw0yNzA2MDcxMzU4MjhaMDMxMTAvBgNV
BAMTKDkyNTc4RDZBQTFFRUY0MTAzQzc0NEUxMzk0RjY3MkE5NjY3QUIzRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSHPPB6pAgqJUPxlKb3+XJukZY
6WDBI/eslL4ou/zsTDO9NM+Ze+pjo91GbPHBwa4I0VrVkwkae2Ow4MKaSUed+9DW
90c6+jwU5/veh+jiSCvQ+5+T/pIg+knWkZDQR65RvWURQjWLLCTo9SzTR6K8HyFV
u2TKLT8UdNE78sYAgA23RYydKqaPzA2BSOFzSDvG1lL6vEEkgeoIapzX/K9q94KZ
sNsovdq9aimoScIbzcgyaGfz2TTDJ/tXV9pdUFzqwzHPulJ8CJ7pz9fzMOJbxWCj
Pm35242nO+oIs4NGQ6iFyG1lPFPVhsiQbLj5FXPTn5Hqc9pk/PZA7Ei0Xt2LAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkleNaqHu9BA8dE4TlPZyqWZ6s/wwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzYzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZN9
qDANBgkqhkiG9w0BAQsFAAOCAQEAPwqrxTFrykM0opgPNkJzcPmjKbFInBohhVOL
dfUyRHsSGM9pVobyhJWrVN+KTeeq3+I1HaRTuMEtLRwlqnbWom4j/g8Td8dh5eK7
vd9rRKuIS1vMo+44qjBLVP1EXX/zG1dPZRb+nNb0kF+wKYM/ribW25HvaIok7LFf
L9Fp44hqPCoAzztmAVjPv53WnbsuJ4UCcrAkUiCSO93bTKck/V9IZEjB7MiWCjag
Orxpicc3agU/9hI+r5i2WD0D4uLmLStsnxNb+PQwhkyFWmL7aRG/YRSSY4vqktV1
NMfQnq7V5qFbwFLSwEbl7o5dAb88l4soS9YsA7tR2hCU43NM3A==
-----END CERTIFICATE-----