Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139382e302f32332d3234203d3e20383334.roa
File:                     3134372e3132352e3139382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          RBNtUpwROStkIwVmKDyoM5gLPEn9Ol2WcGQw/2s5kIs=
Subject key identifier:   39:44:C6:CF:73:66:E4:79:D4:13:C2:33:64:B4:70:B6:7F:4E:D3:DB
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       0B0D88BCBA7DDC8895696119C3A4642D8F03ABFF
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139382e302f32332d3234203d3e20383334.roa
Signing time:             Thu 04 Jun 2026 12:30:15 +0000
ROA not before:           Thu 04 Jun 2026 12:25:15 +0000
ROA not after:            Thu 03 Jun 2027 12:30:15 +0000
asID:                     834
IP address blocks:        147.125.198.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:0d:88:bc:ba:7d:dc:88:95:69:61:19:c3:a4:64:2d:8f:03:ab:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun  4 12:25:15 2026 GMT
            Not After : Jun  3 12:30:15 2027 GMT
        Subject: CN=3944C6CF7366E479D413C23364B470B67F4ED3DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:87:42:87:81:20:73:c9:3d:5d:a4:75:b6:78:
                    ba:8e:34:ed:bd:63:27:3f:88:63:bb:75:89:ab:3d:
                    29:be:6d:3d:33:9c:0c:31:6e:54:5f:44:c9:76:fb:
                    aa:83:e9:65:30:37:91:f9:9d:3c:5d:11:73:cd:6d:
                    82:cc:e8:90:9c:4a:69:dd:b8:51:c9:bb:e3:ae:15:
                    09:4d:4d:b5:54:de:c7:c0:c0:e2:fb:f0:17:93:97:
                    a7:c8:95:4c:be:e6:de:65:41:18:e3:84:3b:64:17:
                    a6:9d:81:cb:bf:b1:12:30:9d:f8:a1:a1:03:51:df:
                    c1:d5:3a:6a:61:83:3e:bd:0f:b2:1b:61:88:60:a7:
                    db:1b:79:5f:9f:5a:0d:0c:3f:bb:c6:33:78:bc:d1:
                    0e:cd:d4:ec:21:ad:3d:30:80:dd:1e:92:dd:af:7c:
                    4c:ef:d6:77:7f:01:8a:51:5e:64:26:33:11:36:3b:
                    58:0d:8a:df:b7:19:fa:74:22:18:0d:5d:38:99:d7:
                    da:27:3b:49:fa:dc:f6:d2:78:06:2e:a0:97:04:4d:
                    b0:cb:e2:47:cb:99:59:7e:55:3e:d7:3c:3d:22:51:
                    4f:0d:66:cb:1e:7f:85:b2:3c:b4:52:a4:ca:d8:37:
                    e2:47:58:ab:0b:ed:15:e8:19:fc:6a:89:1d:19:0e:
                    e1:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:44:C6:CF:73:66:E4:79:D4:13:C2:33:64:B4:70:B6:7F:4E:D3:DB
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:38:e5:74:ba:52:41:40:f4:c1:22:0d:d9:d0:4f:38:a5:f4:
         78:54:09:fa:6d:91:fc:82:e4:35:5e:7b:de:ba:09:0c:16:77:
         8c:76:a4:f9:33:8f:22:0e:a5:09:4b:68:57:76:a7:b6:97:b6:
         09:1f:72:02:aa:2e:11:66:3c:4c:31:54:3a:9a:76:fb:9e:42:
         87:7a:3d:e7:2b:aa:48:74:58:69:69:0c:0b:74:f9:b8:e8:97:
         fa:30:e3:8b:56:74:70:ad:8e:92:44:19:1c:63:97:31:77:4c:
         23:89:ae:c2:3d:90:56:2f:7e:0c:b1:c8:bf:6b:a7:c1:65:b2:
         23:a3:21:ba:be:7f:42:d1:ff:85:1e:98:5b:bb:73:ad:15:5e:
         69:85:20:99:e1:45:a2:f5:cf:84:24:5c:49:1d:30:29:86:be:
         4b:41:6d:0d:49:60:4a:19:eb:1f:6d:8e:9c:aa:28:3e:4b:ef:
         1f:51:ac:2a:b6:71:be:71:84:e0:c6:df:4b:da:3f:29:bf:a9:
         53:02:97:a2:c2:89:bb:06:6f:a0:1e:27:6a:90:cf:c9:b7:d7:
         af:3e:1a:5d:5d:94:f5:3d:86:3b:1c:2b:dd:8b:f1:2f:02:3c:
         da:fc:ef:50:a5:cc:59:0e:b1:9f:f3:a3:32:2f:8b:e7:6f:35:
         cf:ff:5c:f5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCw2IvLp93IiVaWEZw6RkLY8Dq/8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MDQxMjI1MTVaFw0yNzA2MDMxMjMwMTVaMDMxMTAvBgNV
BAMTKDM5NDRDNkNGNzM2NkU0NzlENDEzQzIzMzY0QjQ3MEI2N0Y0RUQzREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxh0KHgSBzyT1dpHW2eLqONO29
Yyc/iGO7dYmrPSm+bT0znAwxblRfRMl2+6qD6WUwN5H5nTxdEXPNbYLM6JCcSmnd
uFHJu+OuFQlNTbVU3sfAwOL78BeTl6fIlUy+5t5lQRjjhDtkF6adgcu/sRIwnfih
oQNR38HVOmphgz69D7IbYYhgp9sbeV+fWg0MP7vGM3i80Q7N1OwhrT0wgN0ekt2v
fEzv1nd/AYpRXmQmMxE2O1gNit+3Gfp0IhgNXTiZ19onO0n63PbSeAYuoJcETbDL
4kfLmVl+VT7XPD0iUU8NZssef4WyPLRSpMrYN+JHWKsL7RXoGfxqiR0ZDuGDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUOUTGz3Nm5HnUE8IzZLRwtn9O09swHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzkzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZN9
xjANBgkqhkiG9w0BAQsFAAOCAQEAVDjldLpSQUD0wSIN2dBPOKX0eFQJ+m2R/ILk
NV573roJDBZ3jHak+TOPIg6lCUtoV3antpe2CR9yAqouEWY8TDFUOpp2+55Ch3o9
5yuqSHRYaWkMC3T5uOiX+jDji1Z0cK2OkkQZHGOXMXdMI4muwj2QVi9+DLHIv2un
wWWyI6Mhur5/QtH/hR6YW7tzrRVeaYUgmeFFovXPhCRcSR0wKYa+S0FtDUlgShnr
H22OnKooPkvvH1GsKrZxvnGE4MbfS9o/Kb+pUwKXosKJuwZvoB4napDPybfXrz4a
XV2U9T2GOxwr3YvxLwI82vzvUKXMWQ6xn/OjMi+L5281z/9c9Q==
-----END CERTIFICATE-----