Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137322e302f32322d3234203d3e20383334.roa
File:                     3134372e3132352e3137322e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          yFeJ+/TNsXh2JeR+gLJ/EFDAzyIO9260Re0zW4bODos=
Subject key identifier:   F6:1B:8C:C0:76:EF:40:0B:4D:40:4B:78:E2:EC:CE:22:A2:01:7A:FF
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       359ACD8D207D81C5EBE9123A233F6527E095C600
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137322e302f32322d3234203d3e20383334.roa
Signing time:             Mon 08 Jun 2026 13:58:28 +0000
ROA not before:           Mon 08 Jun 2026 13:53:28 +0000
ROA not after:            Mon 07 Jun 2027 13:58:28 +0000
asID:                     834
IP address blocks:        147.125.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:9a:cd:8d:20:7d:81:c5:eb:e9:12:3a:23:3f:65:27:e0:95:c6:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun  8 13:53:28 2026 GMT
            Not After : Jun  7 13:58:28 2027 GMT
        Subject: CN=F61B8CC076EF400B4D404B78E2ECCE22A2017AFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fc:e9:07:44:83:e4:4e:ed:d8:b5:d0:eb:b9:
                    d1:ff:3c:7f:f7:22:5a:f3:53:04:20:3d:d6:1f:c0:
                    9b:f5:f7:24:4e:80:b9:fa:3b:67:6a:d0:01:8e:3f:
                    78:e4:6d:34:68:11:5a:e7:7d:05:89:5c:83:b1:1b:
                    0b:be:c5:14:66:62:11:84:49:70:e6:33:08:bf:34:
                    96:8a:12:5e:50:3d:68:f4:21:bf:39:97:2a:98:82:
                    db:8a:86:c9:69:87:40:d2:73:8c:45:9d:7e:3d:22:
                    5e:59:e4:dd:3e:78:cf:dd:05:64:61:54:0f:c3:67:
                    8f:2e:42:3d:30:e4:07:ec:6d:cf:04:67:10:f5:ad:
                    ff:a1:a3:7d:e6:d8:1e:dd:67:d2:d1:c0:60:61:e0:
                    0a:80:a6:d9:0f:75:00:4a:f3:4a:42:6a:1f:90:23:
                    b5:86:f5:eb:00:b6:fd:74:48:dd:de:e5:cc:f2:22:
                    88:ed:5c:1c:35:36:0a:9c:f8:69:f7:6a:d0:72:78:
                    86:ef:47:c6:ac:bf:d3:e6:c0:03:0b:73:18:8d:23:
                    d8:2b:ae:90:51:fd:b6:9d:c3:77:71:72:c4:45:fa:
                    91:b3:95:f3:ef:0e:3c:9c:43:1b:f7:de:be:a6:10:
                    a7:53:28:c6:b5:09:1a:65:80:5e:ed:0c:56:b1:e6:
                    4c:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1B:8C:C0:76:EF:40:0B:4D:40:4B:78:E2:EC:CE:22:A2:01:7A:FF
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137322e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:2e:4a:aa:ea:11:b7:b2:97:32:4c:9d:34:84:ed:ef:87:bd:
         92:0e:76:4c:cf:21:4e:6d:4e:04:a1:5e:65:86:b2:03:66:72:
         c6:ec:fd:ca:e8:ed:e2:5f:66:00:5f:a3:65:b7:f1:f8:4a:38:
         f0:ba:e4:9b:64:32:14:90:7c:ed:84:64:24:f3:cc:6f:62:8a:
         d0:76:40:1d:6a:77:46:ca:1d:3d:42:ab:cb:78:b9:c8:65:ed:
         94:c8:0b:7d:c7:1b:45:c5:87:d3:98:ae:a1:9d:6d:a8:fe:27:
         fb:c8:47:d6:2a:88:37:74:ae:c9:e3:85:b6:0c:76:2e:9a:73:
         fc:ab:12:c7:61:39:3d:91:e9:ca:1c:3c:1f:2f:00:27:e9:09:
         38:b4:26:bc:6a:00:23:9b:7c:b6:99:98:d7:53:3e:9a:a0:13:
         cd:12:cc:2d:91:69:f6:60:b3:90:5a:50:65:31:af:b0:f6:6d:
         d4:f8:46:9a:ae:b9:a2:5e:cd:62:e6:d3:5d:0e:42:24:63:e9:
         10:7d:34:35:e5:22:d0:3d:af:2b:5e:f6:73:64:ec:b0:eb:26:
         b0:90:57:3e:16:39:f8:e3:74:e8:aa:24:bc:05:a4:c4:52:81:
         e3:db:34:d8:33:39:8c:8e:20:0b:71:0b:28:2b:b4:3b:30:8c:
         55:c5:86:42
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNZrNjSB9gcXr6RI6Iz9lJ+CVxgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MDgxMzUzMjhaFw0yNzA2MDcxMzU4MjhaMDMxMTAvBgNV
BAMTKEY2MUI4Q0MwNzZFRjQwMEI0RDQwNEI3OEUyRUNDRTIyQTIwMTdBRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB/OkHRIPkTu3YtdDrudH/PH/3
IlrzUwQgPdYfwJv19yROgLn6O2dq0AGOP3jkbTRoEVrnfQWJXIOxGwu+xRRmYhGE
SXDmMwi/NJaKEl5QPWj0Ib85lyqYgtuKhslph0DSc4xFnX49Il5Z5N0+eM/dBWRh
VA/DZ48uQj0w5Afsbc8EZxD1rf+ho33m2B7dZ9LRwGBh4AqAptkPdQBK80pCah+Q
I7WG9esAtv10SN3e5czyIojtXBw1Ngqc+Gn3atByeIbvR8asv9PmwAMLcxiNI9gr
rpBR/badw3dxcsRF+pGzlfPvDjycQxv33r6mEKdTKMa1CRplgF7tDFax5kwhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9huMwHbvQAtNQEt44uzOIqIBev8wHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzczMjJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApN9
rDANBgkqhkiG9w0BAQsFAAOCAQEACy5KquoRt7KXMkydNITt74e9kg52TM8hTm1O
BKFeZYayA2Zyxuz9yujt4l9mAF+jZbfx+Eo48Lrkm2QyFJB87YRkJPPMb2KK0HZA
HWp3RsodPUKry3i5yGXtlMgLfccbRcWH05iuoZ1tqP4n+8hH1iqIN3SuyeOFtgx2
Lppz/KsSx2E5PZHpyhw8Hy8AJ+kJOLQmvGoAI5t8tpmY11M+mqATzRLMLZFp9mCz
kFpQZTGvsPZt1PhGmq65ol7NYubTXQ5CJGPpEH00NeUi0D2vK172c2TssOsmsJBX
PhY5+ON06KokvAWkxFKB49s02DM5jI4gC3ELKCu0OzCMVcWGQg==
-----END CERTIFICATE-----