Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3138382e302f32332d3234203d3e20383334.roa
File:                     3134372e3132352e3138382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          rL0mBV10Gx1nKcRczcVT8Rp9M7aYCgvwN+431IzcAjw=
Subject key identifier:   E5:AC:F3:8C:B7:0D:82:5D:9B:0E:43:BA:A0:15:3D:BF:24:6E:5F:5D
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       3F935B483B77FBB153040AF27C8981F654D94F44
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3138382e302f32332d3234203d3e20383334.roa
Signing time:             Thu 28 May 2026 05:01:43 +0000
ROA not before:           Thu 28 May 2026 04:56:43 +0000
ROA not after:            Thu 27 May 2027 05:01:43 +0000
asID:                     834
IP address blocks:        147.125.188.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:93:5b:48:3b:77:fb:b1:53:04:0a:f2:7c:89:81:f6:54:d9:4f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: May 28 04:56:43 2026 GMT
            Not After : May 27 05:01:43 2027 GMT
        Subject: CN=E5ACF38CB70D825D9B0E43BAA0153DBF246E5F5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:68:e9:0b:c9:32:a5:e1:24:30:9f:d9:e3:4a:
                    66:c9:11:e2:20:4d:e7:a7:27:24:82:ed:a5:7f:7a:
                    9e:fd:de:9e:7a:c7:b5:82:02:08:62:16:a4:b6:e0:
                    a5:26:03:e7:b8:65:b9:f5:15:44:6c:24:e2:12:66:
                    18:92:9e:fb:30:8f:9c:6c:32:da:50:d7:3e:46:c9:
                    8a:41:8d:c0:fb:58:66:f6:cf:12:71:90:f9:31:7d:
                    15:4b:09:34:86:87:36:5f:9a:ae:4b:07:ea:39:77:
                    24:23:a2:64:23:8a:0c:04:e6:fb:9b:e1:a4:ec:d5:
                    e0:fe:01:fa:3e:a9:01:0a:af:84:cc:c8:57:cd:74:
                    1d:17:d7:af:e8:50:49:e2:e2:38:f8:0b:d1:ae:91:
                    6e:13:14:f8:e2:08:cc:49:78:76:d1:86:66:d7:dd:
                    2c:1e:68:29:11:62:e5:74:0e:b8:0a:a7:3f:90:52:
                    2b:ea:35:d2:d6:80:52:4e:f3:cc:a5:2e:13:b3:9b:
                    ce:11:8d:d9:77:9b:8a:02:c1:dd:c1:3d:13:dc:35:
                    13:03:ff:c6:d1:88:49:d7:b3:44:08:a9:37:8d:4e:
                    c6:02:a3:89:99:b4:1b:ae:ea:94:0e:54:21:32:6e:
                    36:a4:1c:18:ca:42:16:25:1d:f6:b5:fb:38:aa:5f:
                    12:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AC:F3:8C:B7:0D:82:5D:9B:0E:43:BA:A0:15:3D:BF:24:6E:5F:5D
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3138382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:7b:2f:ae:6e:03:b7:25:82:2c:a0:d8:1c:f4:5b:b3:00:0f:
         ac:2b:ec:b4:17:27:56:dd:4e:51:50:24:8d:71:3b:1b:72:58:
         0d:b4:93:07:7f:01:4f:de:ac:33:5c:dd:51:cc:78:4d:8c:d5:
         fc:ba:46:e8:56:8f:b1:04:6b:41:b3:d9:4e:39:42:f7:bb:2f:
         72:c1:b5:db:53:2f:b5:3c:01:ee:7a:0b:9a:b9:13:fe:cc:c8:
         31:53:87:55:52:e7:41:2f:e4:02:fe:6e:71:87:96:30:49:52:
         e8:c3:3d:47:07:2c:72:ca:cf:5e:72:29:49:e8:59:f6:f5:d4:
         95:84:23:ee:e2:6d:ab:57:96:43:1d:0c:37:c5:25:ea:ef:14:
         42:bb:e9:69:fd:e0:31:c8:bf:43:4a:c8:8b:0c:95:84:57:1c:
         b3:bc:af:4f:32:d2:64:7f:b7:e5:83:e2:8d:68:f4:99:ab:06:
         6d:32:2c:55:0a:e6:71:e3:7b:01:13:f6:06:35:7f:7c:c0:41:
         9d:3f:0b:37:ca:f7:b6:b4:9a:58:cb:3c:ab:cd:b3:f9:0f:7f:
         b2:31:e7:b5:09:af:59:eb:22:b6:39:ad:d9:45:9b:26:5c:0a:
         7f:5d:30:6b:ca:0a:fb:54:75:d1:f5:3e:93:46:8d:4c:f7:1b:
         eb:65:7e:a4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP5NbSDt3+7FTBAryfImB9lTZT0QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA1MjgwNDU2NDNaFw0yNzA1MjcwNTAxNDNaMDMxMTAvBgNV
BAMTKEU1QUNGMzhDQjcwRDgyNUQ5QjBFNDNCQUEwMTUzREJGMjQ2RTVGNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxaOkLyTKl4SQwn9njSmbJEeIg
TeenJySC7aV/ep793p56x7WCAghiFqS24KUmA+e4Zbn1FURsJOISZhiSnvswj5xs
MtpQ1z5GyYpBjcD7WGb2zxJxkPkxfRVLCTSGhzZfmq5LB+o5dyQjomQjigwE5vub
4aTs1eD+Afo+qQEKr4TMyFfNdB0X16/oUEni4jj4C9GukW4TFPjiCMxJeHbRhmbX
3SweaCkRYuV0DrgKpz+QUivqNdLWgFJO88ylLhOzm84Rjdl3m4oCwd3BPRPcNRMD
/8bRiEnXs0QIqTeNTsYCo4mZtBuu6pQOVCEybjakHBjKQhYlHfa1+ziqXxK3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5azzjLcNgl2bDkO6oBU9vyRuX10wHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzgzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZN9
vDANBgkqhkiG9w0BAQsFAAOCAQEATHsvrm4DtyWCLKDYHPRbswAPrCvstBcnVt1O
UVAkjXE7G3JYDbSTB38BT96sM1zdUcx4TYzV/LpG6FaPsQRrQbPZTjlC97svcsG1
21MvtTwB7noLmrkT/szIMVOHVVLnQS/kAv5ucYeWMElS6MM9RwcscsrPXnIpSehZ
9vXUlYQj7uJtq1eWQx0MN8Ul6u8UQrvpaf3gMci/Q0rIiwyVhFccs7yvTzLSZH+3
5YPijWj0masGbTIsVQrmceN7ARP2BjV/fMBBnT8LN8r3trSaWMs8q82z+Q9/sjHn
tQmvWesitjmt2UWbJlwKf10wa8oK+1R10fU+k0aNTPcb62V+pA==
-----END CERTIFICATE-----