Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139352e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3139352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          6Rd4m6kbYaUX/hVT61nWOtZ5T1cLwv1Mmy3OSURKeoY=
Subject key identifier:   47:07:C9:C2:EF:30:22:40:39:09:79:10:38:93:E2:86:5A:61:B7:04
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       61BEBBF46D3CEBE2FABE9A23A1752EB0600A7FE2
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139352e302f32342d3234203d3e20383334.roa
Signing time:             Wed 03 Jun 2026 12:40:10 +0000
ROA not before:           Wed 03 Jun 2026 12:35:10 +0000
ROA not after:            Wed 02 Jun 2027 12:40:10 +0000
asID:                     834
IP address blocks:        147.125.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:be:bb:f4:6d:3c:eb:e2:fa:be:9a:23:a1:75:2e:b0:60:0a:7f:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun  3 12:35:10 2026 GMT
            Not After : Jun  2 12:40:10 2027 GMT
        Subject: CN=4707C9C2EF302240390979103893E2865A61B704
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:77:79:c9:69:4b:4b:03:c6:06:16:32:44:bc:
                    7e:a8:8b:c0:db:cf:4d:fc:45:9d:aa:01:6a:9c:34:
                    c5:31:be:d7:56:40:88:29:7f:08:34:10:6b:4f:c9:
                    9a:1f:33:6d:01:77:02:70:5a:f3:db:23:c6:77:06:
                    62:75:70:fc:d8:a4:cb:27:37:a3:fa:a9:1a:8a:41:
                    e2:b6:cf:e7:e4:0a:c8:7a:2f:12:85:24:6a:08:3b:
                    ac:28:6f:2e:b1:08:ee:0c:49:f3:07:f7:73:ba:54:
                    e2:db:ea:52:1e:b8:b4:d1:d3:9f:9c:2f:85:b2:e9:
                    85:79:e0:b0:c4:cf:69:4d:3b:f2:06:04:6a:eb:a0:
                    5b:6e:fe:e2:3d:53:f5:ff:77:23:b5:e1:c2:50:fc:
                    2c:47:a6:e9:87:7c:f0:f5:a6:0e:22:ce:c7:90:25:
                    cf:3c:dd:10:da:c9:b9:70:65:9e:1c:2a:a7:65:5c:
                    34:5f:ec:55:b6:ba:8c:c2:51:d3:71:9f:31:57:ae:
                    7d:81:bc:78:76:5c:02:6a:46:22:a2:98:91:c6:15:
                    28:7b:00:64:7c:7b:00:1b:bc:bd:e7:7a:8d:ba:65:
                    a1:da:bd:51:c9:f3:55:b6:d0:95:1e:0a:f1:c2:1a:
                    37:4c:3b:91:c7:9d:a9:6b:0a:88:22:81:1b:8c:20:
                    03:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:07:C9:C2:EF:30:22:40:39:09:79:10:38:93:E2:86:5A:61:B7:04
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:42:30:17:ae:43:40:f5:4f:27:76:af:77:52:e4:ce:64:21:
         d5:74:b4:73:59:91:73:d6:ff:ba:41:8c:24:a7:a6:11:4e:a6:
         75:52:76:d8:2f:01:46:e0:3d:65:92:0d:bf:59:36:36:e2:95:
         1a:ff:5a:6b:13:2c:45:38:d7:ec:1e:cb:6e:23:18:84:aa:f5:
         f0:2a:f6:1d:7e:6f:01:96:a9:35:5a:2a:b2:05:3b:b7:44:54:
         ba:af:61:b3:47:64:3d:57:3b:06:41:eb:b1:50:b0:70:6e:ac:
         84:07:fb:57:3a:75:cc:1f:24:9c:16:44:88:dc:a5:9f:cc:54:
         70:f8:28:ea:0d:8e:59:53:ca:de:98:cc:fb:e8:20:a2:24:03:
         c6:fb:51:1e:35:7c:89:40:3d:c4:2f:ad:5d:11:3e:0b:7e:c8:
         7f:fe:bd:05:78:ed:be:af:93:9b:7d:4b:01:5d:06:04:06:74:
         e6:19:6c:af:98:05:1a:fc:a4:9e:27:da:3b:12:f2:d1:d4:7f:
         20:7a:04:70:e4:46:cd:a8:b4:75:89:02:d2:e6:2f:71:57:71:
         20:db:6b:50:4f:b9:56:fb:58:ac:2e:c8:55:44:fc:72:f5:00:
         ca:e5:8a:2e:f4:66:ed:ed:e4:ec:80:6a:ef:0a:d9:78:d4:a9:
         d9:fc:fc:d6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYb679G086+L6vpojoXUusGAKf+IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MDMxMjM1MTBaFw0yNzA2MDIxMjQwMTBaMDMxMTAvBgNV
BAMTKDQ3MDdDOUMyRUYzMDIyNDAzOTA5NzkxMDM4OTNFMjg2NUE2MUI3MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcd3nJaUtLA8YGFjJEvH6oi8Db
z038RZ2qAWqcNMUxvtdWQIgpfwg0EGtPyZofM20BdwJwWvPbI8Z3BmJ1cPzYpMsn
N6P6qRqKQeK2z+fkCsh6LxKFJGoIO6woby6xCO4MSfMH93O6VOLb6lIeuLTR05+c
L4Wy6YV54LDEz2lNO/IGBGrroFtu/uI9U/X/dyO14cJQ/CxHpumHfPD1pg4izseQ
Jc883RDayblwZZ4cKqdlXDRf7FW2uozCUdNxnzFXrn2BvHh2XAJqRiKimJHGFSh7
AGR8ewAbvL3neo26ZaHavVHJ81W20JUeCvHCGjdMO5HHnalrCogigRuMIAORAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURwfJwu8wIkA5CXkQOJPihlphtwQwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzkzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
wzANBgkqhkiG9w0BAQsFAAOCAQEAkEIwF65DQPVPJ3avd1LkzmQh1XS0c1mRc9b/
ukGMJKemEU6mdVJ22C8BRuA9ZZINv1k2NuKVGv9aaxMsRTjX7B7LbiMYhKr18Cr2
HX5vAZapNVoqsgU7t0RUuq9hs0dkPVc7BkHrsVCwcG6shAf7Vzp1zB8knBZEiNyl
n8xUcPgo6g2OWVPK3pjM++ggoiQDxvtRHjV8iUA9xC+tXRE+C37If/69BXjtvq+T
m31LAV0GBAZ05hlsr5gFGvyknifaOxLy0dR/IHoEcORGzai0dYkC0uYvcVdxINtr
UE+5VvtYrC7IVUT8cvUAyuWKLvRm7e3k7IBq7wrZeNSp2fz81g==
-----END CERTIFICATE-----