Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139322e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3139322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          6B2OLzKTk/OXvj3crGX34imJQDDUD1EWfJh7fj0bkPY=
Subject key identifier:   BC:5E:2C:F6:A1:1C:9D:AD:C8:F5:AC:90:AE:56:B4:53:3B:6A:06:86
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       2C38E5CF75EB8260ECAE6CD24A95FDA2EF5E6850
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139322e302f32342d3234203d3e20383334.roa
Signing time:             Mon 08 Jun 2026 03:57:20 +0000
ROA not before:           Mon 08 Jun 2026 03:52:20 +0000
ROA not after:            Mon 07 Jun 2027 03:57:20 +0000
asID:                     834
IP address blocks:        147.125.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:38:e5:cf:75:eb:82:60:ec:ae:6c:d2:4a:95:fd:a2:ef:5e:68:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun  8 03:52:20 2026 GMT
            Not After : Jun  7 03:57:20 2027 GMT
        Subject: CN=BC5E2CF6A11C9DADC8F5AC90AE56B4533B6A0686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bf:7e:cc:32:65:b5:d9:45:3e:05:52:d5:ff:
                    d4:9f:7f:39:10:6a:5b:66:17:31:0c:4f:99:48:70:
                    39:62:10:49:a3:20:49:0a:78:34:2e:5e:17:39:9b:
                    bb:76:70:2a:40:ae:87:8e:e1:d4:5c:a7:07:c5:20:
                    3b:2c:0d:4b:26:c6:19:7c:0f:0b:55:cd:e2:da:94:
                    f3:21:01:2c:e6:15:2a:5b:a4:60:7a:68:67:fe:2c:
                    da:3b:99:03:c5:bb:e1:18:f0:46:c3:b9:b6:44:cd:
                    d8:ae:56:fd:a8:5b:c7:64:84:bd:79:16:6c:83:28:
                    c7:ca:04:d4:0f:85:0d:06:4e:d3:67:5f:ba:a9:9a:
                    7d:b6:db:73:84:d7:23:48:f2:66:29:97:1a:95:d9:
                    a4:66:a0:41:3e:ca:4a:2d:5d:8a:11:44:55:33:c8:
                    6a:de:0d:88:cd:37:07:88:6b:63:14:34:10:87:34:
                    f2:e6:de:e5:e4:94:8f:e3:ea:3d:25:93:08:54:78:
                    af:ff:fc:7b:5d:31:fd:74:08:ec:18:66:06:50:76:
                    3a:c7:d6:6c:34:74:e6:03:df:f9:c6:00:09:03:c3:
                    5c:ed:5c:de:31:06:63:f0:eb:b9:eb:47:51:a8:80:
                    e9:ca:f8:41:37:0f:b9:2a:12:db:cb:36:7e:c6:c2:
                    d9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:5E:2C:F6:A1:1C:9D:AD:C8:F5:AC:90:AE:56:B4:53:3B:6A:06:86
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:49:5c:64:9e:6c:6b:8e:ec:ff:14:1b:5e:34:0e:07:1c:99:
         f1:18:ef:ec:2a:8b:b9:1c:18:73:e2:e2:a0:90:c7:8b:56:2e:
         23:50:d9:f2:c3:29:6e:2b:5d:83:ce:ee:71:61:a0:38:9e:50:
         cd:ca:68:2c:f7:1b:9c:c4:cd:94:23:aa:cb:59:99:fc:5e:55:
         df:ab:2c:13:88:a3:9b:a9:95:27:f4:28:82:9e:d2:83:77:a7:
         da:c3:f1:23:7e:46:bb:9d:27:3c:6f:4c:5d:c2:01:27:bb:a1:
         7c:e9:c5:bd:b9:01:9c:3b:e0:17:f0:a3:bb:c5:4f:01:32:e6:
         fc:2d:88:34:1c:99:30:02:af:d5:43:48:4d:e8:e7:f6:e2:b7:
         f0:0b:87:8f:c8:bc:fb:d2:35:11:2f:7c:91:d6:c3:ab:af:ed:
         3b:a9:0e:30:50:66:0c:4b:98:e2:81:11:e4:c8:1b:fc:c6:ad:
         8f:35:6c:0e:fa:d9:25:23:eb:92:7e:c5:96:e8:c0:7c:16:e5:
         16:2f:e4:0d:08:de:56:f1:fe:65:d2:2d:00:cd:32:85:59:d2:
         ef:16:a1:bb:f0:23:f1:36:29:59:73:fc:d6:00:ed:2e:0f:d9:
         46:35:33:55:29:66:08:10:2b:d4:aa:0c:66:cc:e7:40:e4:f8:
         a4:f9:a0:d4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULDjlz3XrgmDsrmzSSpX9ou9eaFAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MDgwMzUyMjBaFw0yNzA2MDcwMzU3MjBaMDMxMTAvBgNV
BAMTKEJDNUUyQ0Y2QTExQzlEQURDOEY1QUM5MEFFNTZCNDUzM0I2QTA2ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwv37MMmW12UU+BVLV/9SffzkQ
altmFzEMT5lIcDliEEmjIEkKeDQuXhc5m7t2cCpAroeO4dRcpwfFIDssDUsmxhl8
DwtVzeLalPMhASzmFSpbpGB6aGf+LNo7mQPFu+EY8EbDubZEzdiuVv2oW8dkhL15
FmyDKMfKBNQPhQ0GTtNnX7qpmn2223OE1yNI8mYplxqV2aRmoEE+ykotXYoRRFUz
yGreDYjNNweIa2MUNBCHNPLm3uXklI/j6j0lkwhUeK///HtdMf10COwYZgZQdjrH
1mw0dOYD3/nGAAkDw1ztXN4xBmPw67nrR1GogOnK+EE3D7kqEtvLNn7GwtlvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvF4s9qEcna3I9ayQrla0UztqBoYwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzkzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
wDANBgkqhkiG9w0BAQsFAAOCAQEAdElcZJ5sa47s/xQbXjQOBxyZ8Rjv7CqLuRwY
c+LioJDHi1YuI1DZ8sMpbitdg87ucWGgOJ5QzcpoLPcbnMTNlCOqy1mZ/F5V36ss
E4ijm6mVJ/Qogp7Sg3en2sPxI35Gu50nPG9MXcIBJ7uhfOnFvbkBnDvgF/Cju8VP
ATLm/C2INByZMAKv1UNITejn9uK38AuHj8i8+9I1ES98kdbDq6/tO6kOMFBmDEuY
4oER5Mgb/MatjzVsDvrZJSPrkn7FlujAfBblFi/kDQjeVvH+ZdItAM0yhVnS7xah
u/Aj8TYpWXP81gDtLg/ZRjUzVSlmCBAr1KoMZsznQOT4pPmg1A==
-----END CERTIFICATE-----