Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137362e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3137362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          tC2V3WtJsKfCh6OZDe3j2ryTkE1d06JlM6cRKSKdRnY=
Subject key identifier:   34:47:A0:76:B1:71:1C:26:42:F3:23:B6:64:22:A0:00:D1:0E:CB:97
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       2E606FA43FF35554F60B5597D8BA611AF315E275
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137362e302f32342d3234203d3e20383334.roa
Signing time:             Thu 28 May 2026 06:05:33 +0000
ROA not before:           Thu 28 May 2026 06:00:33 +0000
ROA not after:            Thu 27 May 2027 06:05:33 +0000
asID:                     834
IP address blocks:        147.125.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:60:6f:a4:3f:f3:55:54:f6:0b:55:97:d8:ba:61:1a:f3:15:e2:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: May 28 06:00:33 2026 GMT
            Not After : May 27 06:05:33 2027 GMT
        Subject: CN=3447A076B1711C2642F323B66422A000D10ECB97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:12:02:03:cb:59:c8:b8:85:77:8e:0b:12:d5:
                    cf:8a:5d:79:9d:db:34:1c:a4:4d:f4:91:08:35:e8:
                    f4:2f:5c:73:ea:95:b5:ab:56:c0:8c:b2:5d:a3:12:
                    1e:1f:3c:b1:d4:76:93:c3:e5:c5:e6:56:1a:6e:0c:
                    14:f4:c2:0a:7b:b6:c5:31:71:5f:80:2d:f4:7d:eb:
                    14:eb:69:eb:7e:66:6e:0c:f9:ba:d0:aa:13:67:63:
                    4d:ce:0f:c4:89:74:e2:de:3b:b5:4d:09:43:36:8b:
                    02:a8:3c:24:1c:1b:31:82:0e:e2:df:38:a7:4f:14:
                    f6:d3:ae:f1:96:21:b1:d6:a0:c2:25:98:d8:f9:de:
                    5b:49:3e:ee:f8:e7:8f:51:2b:55:1d:cf:2a:b0:9c:
                    58:46:d0:98:ba:75:ff:5e:ab:ce:78:c5:03:9d:8e:
                    9e:a9:c8:4f:fa:ab:4c:4b:77:8a:67:3e:a3:e2:14:
                    85:26:ed:83:8d:e6:a4:2b:c2:05:20:b5:d6:49:b5:
                    4a:c7:a9:3e:a5:e6:ba:de:9a:05:bc:f4:0a:99:11:
                    f0:f2:a6:d0:23:9c:0d:d9:29:fd:e8:91:bb:0b:66:
                    c2:36:83:2e:81:f9:06:d5:26:72:6d:76:6e:9d:94:
                    d5:a3:07:70:99:50:67:f5:c8:10:e2:88:bb:95:57:
                    dc:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:47:A0:76:B1:71:1C:26:42:F3:23:B6:64:22:A0:00:D1:0E:CB:97
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:a1:95:e7:db:7a:31:75:d6:f9:db:fa:fa:a2:82:3d:5a:be:
         44:1e:3a:37:79:e3:b6:b7:5d:39:c8:b3:98:2d:1c:f4:33:58:
         d4:e5:33:53:c5:71:5c:8a:d6:6e:87:dc:66:7b:0b:dd:95:1d:
         fb:47:21:04:07:f5:05:b9:04:84:0d:1b:04:cb:df:45:41:cf:
         63:6b:95:36:3b:ce:ad:07:6e:5e:9b:a1:cd:e7:ee:c7:e8:ff:
         23:a9:cd:b4:a2:7f:72:39:82:7c:5e:56:32:3c:6d:80:00:bc:
         38:d3:f9:a5:6c:dc:ad:59:a4:a7:0c:71:dd:65:ca:b8:7c:b9:
         02:ea:26:76:89:1f:2a:17:fd:ec:95:33:a2:a8:73:c5:c8:2e:
         e1:cd:9e:d8:ad:95:06:ae:89:d3:79:cf:3e:2c:24:a3:1f:a2:
         51:45:3c:b6:dc:fa:6f:a1:23:31:a3:b9:5b:f9:2f:6e:b2:d9:
         04:6d:10:22:58:30:63:6a:3e:df:e9:18:23:a6:86:14:90:36:
         df:37:27:fb:00:67:37:d4:ba:83:9f:ca:38:56:ce:76:a1:3a:
         d0:62:7a:ba:8c:56:b6:2e:53:01:94:42:84:e0:44:d1:b9:44:
         87:25:f8:f3:aa:58:d0:8c:72:82:b2:60:0d:53:c7:00:ba:c4:
         0c:e1:d2:f0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULmBvpD/zVVT2C1WX2LphGvMV4nUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA1MjgwNjAwMzNaFw0yNzA1MjcwNjA1MzNaMDMxMTAvBgNV
BAMTKDM0NDdBMDc2QjE3MTFDMjY0MkYzMjNCNjY0MjJBMDAwRDEwRUNCOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1EgIDy1nIuIV3jgsS1c+KXXmd
2zQcpE30kQg16PQvXHPqlbWrVsCMsl2jEh4fPLHUdpPD5cXmVhpuDBT0wgp7tsUx
cV+ALfR96xTraet+Zm4M+brQqhNnY03OD8SJdOLeO7VNCUM2iwKoPCQcGzGCDuLf
OKdPFPbTrvGWIbHWoMIlmNj53ltJPu74549RK1UdzyqwnFhG0Ji6df9eq854xQOd
jp6pyE/6q0xLd4pnPqPiFIUm7YON5qQrwgUgtdZJtUrHqT6l5rremgW89AqZEfDy
ptAjnA3ZKf3okbsLZsI2gy6B+QbVJnJtdm6dlNWjB3CZUGf1yBDiiLuVV9zNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUNEegdrFxHCZC8yO2ZCKgANEOy5cwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzczNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
sDANBgkqhkiG9w0BAQsFAAOCAQEAVaGV59t6MXXW+dv6+qKCPVq+RB46N3njtrdd
OcizmC0c9DNY1OUzU8VxXIrWbofcZnsL3ZUd+0chBAf1BbkEhA0bBMvfRUHPY2uV
NjvOrQduXpuhzefux+j/I6nNtKJ/cjmCfF5WMjxtgAC8ONP5pWzcrVmkpwxx3WXK
uHy5AuomdokfKhf97JUzoqhzxcgu4c2e2K2VBq6J03nPPiwkox+iUUU8ttz6b6Ej
MaO5W/kvbrLZBG0QIlgwY2o+3+kYI6aGFJA23zcn+wBnN9S6g5/KOFbOdqE60GJ6
uoxWti5TAZRChOBE0blEhyX486pY0IxygrJgDVPHALrEDOHS8A==
-----END CERTIFICATE-----