Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137382e302f32332d3234203d3e20383334.roa
File:                     3134372e3132352e3137382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          j8RFjnBQLJI2b3dG3xndUQdL7Mivqy0qPdKahQEEbrU=
Subject key identifier:   F8:28:29:53:20:5E:AE:F6:A0:7B:84:3B:17:42:F1:B1:71:27:6C:11
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       7FBE01C5B86F5FC8B3B3CD30EF6C63DBDA11B253
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137382e302f32332d3234203d3e20383334.roa
Signing time:             Thu 28 May 2026 06:05:33 +0000
ROA not before:           Thu 28 May 2026 06:00:33 +0000
ROA not after:            Thu 27 May 2027 06:05:33 +0000
asID:                     834
IP address blocks:        147.125.178.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:be:01:c5:b8:6f:5f:c8:b3:b3:cd:30:ef:6c:63:db:da:11:b2:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: May 28 06:00:33 2026 GMT
            Not After : May 27 06:05:33 2027 GMT
        Subject: CN=F8282953205EAEF6A07B843B1742F1B171276C11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e9:87:0f:e7:f8:48:d2:d6:5c:e4:98:e3:e2:
                    6b:0c:4b:e1:eb:00:40:5f:e2:a8:0f:17:a3:64:5e:
                    42:27:c8:99:84:bc:ba:4e:26:e3:b6:78:64:03:01:
                    0b:4e:fa:23:86:d4:5a:2a:cc:7f:e8:de:7e:21:ad:
                    1f:8f:b1:76:99:55:cd:f6:e8:b2:f2:c7:8f:c1:d4:
                    49:5a:f8:f8:7d:8f:de:55:6d:e0:45:21:0e:bb:e8:
                    bc:88:36:08:a4:e0:90:58:5e:4e:d8:4e:c3:5f:d5:
                    40:f9:6e:07:a4:62:03:3e:1e:01:47:17:dd:c8:68:
                    9a:1c:b4:0d:66:0e:8f:3e:1d:8e:2e:5a:49:95:dd:
                    60:8e:d5:d4:5c:62:dd:49:19:4b:67:36:f1:60:d5:
                    64:9d:24:16:52:a5:9d:66:8e:a1:6a:0e:2c:3a:e2:
                    2a:40:d8:73:ae:80:e0:d7:aa:48:5e:65:df:24:d6:
                    00:de:a8:64:60:ed:30:4b:ff:15:16:92:44:d5:46:
                    62:7f:7e:3e:87:fe:69:f7:50:e0:33:f9:b2:e0:73:
                    1e:71:ab:3c:db:71:e6:e2:e7:46:95:06:be:1f:cc:
                    fd:fd:b2:64:34:ae:e1:5e:e3:ad:b5:6b:0e:a1:2b:
                    44:88:87:bd:e9:5a:c2:9c:d1:9e:e9:f2:1b:92:48:
                    b9:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:28:29:53:20:5E:AE:F6:A0:7B:84:3B:17:42:F1:B1:71:27:6C:11
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:3a:3d:69:4d:41:1d:7d:3f:63:b3:d3:4b:67:2c:33:37:da:
         6e:20:a5:77:fa:4e:83:f4:e0:ed:bf:e2:e4:91:b1:89:28:ef:
         eb:4b:82:7d:49:cf:77:55:dd:d0:e0:e4:6e:1e:60:9f:e8:fb:
         56:3f:73:1d:40:6c:e0:26:2b:3a:1d:42:fd:7a:90:20:4c:4c:
         a1:35:f9:d3:da:90:f2:79:50:00:74:3d:99:9d:51:60:58:4b:
         2b:08:40:42:66:82:af:d0:23:8c:db:d1:61:61:f4:4c:25:b0:
         2e:14:a5:bf:b6:8e:f2:57:43:48:25:c2:87:3d:68:98:7a:f4:
         2a:a2:2a:dc:d7:42:f5:d0:13:55:b7:eb:f7:cf:ef:6b:94:dd:
         0e:6b:48:63:92:18:6f:48:dc:5b:c8:89:c9:94:47:9a:7a:90:
         fa:96:1e:de:83:ca:6b:ad:4a:83:f5:a7:91:46:e5:1c:98:a2:
         49:59:d1:de:9c:ca:57:f8:f4:e4:6f:6e:7f:78:79:68:a2:bd:
         e4:3c:ec:07:d1:c2:56:df:6c:a1:05:46:fb:50:87:3f:a1:2b:
         c3:79:f8:51:30:2e:8a:6f:e0:94:66:20:9f:05:b9:31:f3:83:
         79:2b:4e:38:9e:af:b1:26:ba:e7:01:1f:9a:66:4c:ea:2e:0e:
         d9:a8:8d:52
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUf74BxbhvX8izs80w72xj29oRslMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA1MjgwNjAwMzNaFw0yNzA1MjcwNjA1MzNaMDMxMTAvBgNV
BAMTKEY4MjgyOTUzMjA1RUFFRjZBMDdCODQzQjE3NDJGMUIxNzEyNzZDMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCR6YcP5/hI0tZc5Jjj4msMS+Hr
AEBf4qgPF6NkXkInyJmEvLpOJuO2eGQDAQtO+iOG1FoqzH/o3n4hrR+PsXaZVc32
6LLyx4/B1Ela+Ph9j95VbeBFIQ676LyINgik4JBYXk7YTsNf1UD5bgekYgM+HgFH
F93IaJoctA1mDo8+HY4uWkmV3WCO1dRcYt1JGUtnNvFg1WSdJBZSpZ1mjqFqDiw6
4ipA2HOugODXqkheZd8k1gDeqGRg7TBL/xUWkkTVRmJ/fj6H/mn3UOAz+bLgcx5x
qzzbcebi50aVBr4fzP39smQ0ruFe4621aw6hK0SIh73pWsKc0Z7p8huSSLnbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+CgpUyBervage4Q7F0LxsXEnbBEwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzczODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZN9
sjANBgkqhkiG9w0BAQsFAAOCAQEAdDo9aU1BHX0/Y7PTS2csMzfabiCld/pOg/Tg
7b/i5JGxiSjv60uCfUnPd1Xd0ODkbh5gn+j7Vj9zHUBs4CYrOh1C/XqQIExMoTX5
09qQ8nlQAHQ9mZ1RYFhLKwhAQmaCr9AjjNvRYWH0TCWwLhSlv7aO8ldDSCXChz1o
mHr0KqIq3NdC9dATVbfr98/va5TdDmtIY5IYb0jcW8iJyZRHmnqQ+pYe3oPKa61K
g/WnkUblHJiiSVnR3pzKV/j05G9uf3h5aKK95DzsB9HCVt9soQVG+1CHP6Erw3n4
UTAuim/glGYgnwW5MfODeStOOJ6vsSa65wEfmmZM6i4O2aiNUg==
-----END CERTIFICATE-----