Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137312e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3137312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Cb0/wpUdhLtzOSwl28od6eapSm14D+rqzAnZDkOuw/8=
Subject key identifier:   12:DE:A9:95:26:EF:6F:4F:85:16:29:23:65:75:F7:DF:BC:F6:93:23
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       6792B41C147FD1A8ED83CBCA1AEE338382FFDCC4
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137312e302f32342d3234203d3e20383334.roa
Signing time:             Mon 08 Jun 2026 13:58:28 +0000
ROA not before:           Mon 08 Jun 2026 13:53:28 +0000
ROA not after:            Mon 07 Jun 2027 13:58:28 +0000
asID:                     834
IP address blocks:        147.125.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:92:b4:1c:14:7f:d1:a8:ed:83:cb:ca:1a:ee:33:83:82:ff:dc:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun  8 13:53:28 2026 GMT
            Not After : Jun  7 13:58:28 2027 GMT
        Subject: CN=12DEA99526EF6F4F851629236575F7DFBCF69323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:bd:12:6a:98:f9:fa:c2:e9:fa:5e:bc:ef:8a:
                    c9:0b:8a:de:35:93:b3:09:8a:95:8b:a5:1c:31:81:
                    5e:82:89:1b:a3:d0:9f:e5:ae:fd:1b:11:b3:f3:47:
                    11:5d:e3:dc:89:4a:08:b3:3c:7a:03:2c:be:e3:9f:
                    ad:60:e0:c0:3f:f2:2a:d3:f7:bf:95:b2:4c:eb:40:
                    77:5c:5c:50:20:35:5f:a9:ef:1c:5e:4b:9e:9a:b3:
                    2d:65:66:c1:71:18:6c:a0:ae:51:6d:35:49:d5:92:
                    eb:7d:7e:87:e1:44:da:ae:ee:9f:5e:e4:ee:50:14:
                    a6:86:d5:d2:fd:22:91:2b:e5:21:31:8b:9f:9a:ab:
                    00:de:30:29:b7:91:f1:c0:b0:b1:6d:87:e6:0a:3d:
                    72:2a:93:1a:3d:fc:42:a7:b2:e1:7c:80:7f:2d:34:
                    4e:66:46:c8:15:96:f3:99:48:ae:07:3c:5f:72:d5:
                    77:22:56:3c:8a:69:55:92:06:a4:c2:37:74:f4:cc:
                    e0:a0:fb:44:26:cc:4d:36:4c:7f:27:8f:a6:28:55:
                    90:2c:44:c8:f0:7a:ac:be:11:7d:d9:fd:ff:46:b4:
                    09:ac:e3:75:4c:70:4b:30:3f:e5:b0:5a:f7:b0:a6:
                    2a:60:15:74:d3:b1:ba:16:a6:5f:65:51:73:94:2e:
                    ed:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DE:A9:95:26:EF:6F:4F:85:16:29:23:65:75:F7:DF:BC:F6:93:23
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:62:4e:1d:a6:9b:73:dc:7e:9c:aa:cc:40:69:5c:7c:3e:4e:
         33:8e:83:4e:dd:38:5c:5d:52:1f:94:f4:06:a4:b1:c3:e3:86:
         e3:9f:c9:a2:53:1e:e0:10:23:25:a3:4b:19:9f:ae:32:25:1b:
         be:d1:1a:e4:08:19:02:37:cc:4a:b1:67:00:0a:99:fd:71:2b:
         70:13:11:08:21:11:87:d3:70:f1:73:0d:7b:34:8e:50:e7:21:
         e6:8f:de:7d:8b:28:a2:8c:7e:00:0a:02:70:95:01:8d:9b:7d:
         67:31:b3:55:b0:25:b1:bc:d4:c2:04:e9:6a:17:a5:34:6d:81:
         4a:df:fc:3c:02:ad:cc:72:3b:3c:68:4b:15:45:47:90:cb:02:
         8f:3a:7a:e3:43:d8:18:b2:13:de:26:84:bd:a7:d4:c6:96:ae:
         a0:40:2e:e4:1a:db:30:69:b4:c8:b0:ab:d2:b5:50:13:d0:69:
         55:60:94:71:70:bc:c1:7b:e0:d3:2c:35:d7:07:e0:3a:f1:ea:
         d7:44:b8:8e:90:59:c8:a8:a2:ff:2e:61:5a:07:6d:15:a5:41:
         77:db:03:f2:7d:b3:b6:28:1b:b1:10:0c:c8:77:16:e5:72:4e:
         25:5a:d8:0a:39:01:5f:00:7e:5f:5b:48:fc:fa:65:62:44:01:
         82:a6:98:f9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZ5K0HBR/0ajtg8vKGu4zg4L/3MQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MDgxMzUzMjhaFw0yNzA2MDcxMzU4MjhaMDMxMTAvBgNV
BAMTKDEyREVBOTk1MjZFRjZGNEY4NTE2MjkyMzY1NzVGN0RGQkNGNjkzMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6vRJqmPn6wun6XrzviskLit41
k7MJipWLpRwxgV6CiRuj0J/lrv0bEbPzRxFd49yJSgizPHoDLL7jn61g4MA/8irT
97+VskzrQHdcXFAgNV+p7xxeS56asy1lZsFxGGygrlFtNUnVkut9fofhRNqu7p9e
5O5QFKaG1dL9IpEr5SExi5+aqwDeMCm3kfHAsLFth+YKPXIqkxo9/EKnsuF8gH8t
NE5mRsgVlvOZSK4HPF9y1XciVjyKaVWSBqTCN3T0zOCg+0QmzE02TH8nj6YoVZAs
RMjweqy+EX3Z/f9GtAms43VMcEswP+WwWvewpipgFXTTsboWpl9lUXOULu3bAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUEt6plSbvb0+FFikjZXX337z2kyMwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzczMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
qzANBgkqhkiG9w0BAQsFAAOCAQEAB2JOHaabc9x+nKrMQGlcfD5OM46DTt04XF1S
H5T0BqSxw+OG45/JolMe4BAjJaNLGZ+uMiUbvtEa5AgZAjfMSrFnAAqZ/XErcBMR
CCERh9Nw8XMNezSOUOch5o/efYsooox+AAoCcJUBjZt9ZzGzVbAlsbzUwgTpahel
NG2BSt/8PAKtzHI7PGhLFUVHkMsCjzp640PYGLIT3iaEvafUxpauoEAu5BrbMGm0
yLCr0rVQE9BpVWCUcXC8wXvg0yw11wfgOvHq10S4jpBZyKii/y5hWgdtFaVBd9sD
8n2ztigbsRAMyHcW5XJOJVrYCjkBXwB+X1tI/PplYkQBgqaY+Q==
-----END CERTIFICATE-----