Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234302e302f32322d3234203d3e20383334.roa
File:                     3134372e3132352e3234302e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          Z9qXJdt8I7nzg59Ua9tldTzhmnGpbrOUGmi4Mo4FLXo=
Subject key identifier:   BD:E6:B1:CA:AE:8B:EA:D0:2F:1B:31:1E:28:A6:78:07:1E:D4:58:30
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       7965B8D5380E7971F13B9501483818C146C50AC6
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234302e302f32322d3234203d3e20383334.roa
Signing time:             Fri 20 Feb 2026 09:08:47 +0000
ROA not before:           Fri 20 Feb 2026 09:03:47 +0000
ROA not after:            Fri 19 Feb 2027 09:08:47 +0000
asID:                     834
IP address blocks:        147.125.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:65:b8:d5:38:0e:79:71:f1:3b:95:01:48:38:18:c1:46:c5:0a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Feb 20 09:03:47 2026 GMT
            Not After : Feb 19 09:08:47 2027 GMT
        Subject: CN=BDE6B1CAAE8BEAD02F1B311E28A678071ED45830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c5:c9:ac:fc:25:c6:f1:fa:43:32:d2:d1:36:
                    10:6d:f4:dc:10:66:1a:76:e7:3e:60:b2:07:96:82:
                    27:13:23:9b:b4:f3:df:73:23:6b:0e:38:cb:92:2c:
                    ac:ba:a1:75:36:71:23:51:c7:f3:32:b7:b0:8c:67:
                    6f:e2:c8:ea:72:bc:f6:b5:41:9a:df:38:e4:e5:43:
                    44:72:7c:95:21:a0:ce:2c:e3:00:57:73:50:1d:84:
                    59:57:44:b3:bd:3e:f6:98:40:09:7d:02:82:d0:3b:
                    a5:e4:4c:9e:68:67:6f:f7:aa:4d:73:6c:c8:62:29:
                    f3:35:9e:8f:70:fe:22:93:98:8a:27:68:97:dc:7d:
                    15:97:34:75:31:69:95:74:40:e0:9b:37:a2:83:a1:
                    00:b8:83:78:1a:9b:78:ca:b9:04:9c:f2:d0:3d:3c:
                    86:21:27:58:62:9e:0b:b2:61:56:3e:bc:de:71:2f:
                    a6:a4:ec:09:8d:01:a4:e5:7d:35:8b:56:f3:c1:e1:
                    f7:ae:7b:f0:77:3d:b1:ea:29:11:a9:09:6d:7b:ce:
                    89:ed:04:cb:10:b1:8c:3c:6c:6e:bb:e5:88:a4:a3:
                    95:57:1d:de:50:b3:72:04:38:50:67:58:72:50:24:
                    ee:69:18:7f:01:22:21:aa:6b:d5:a0:57:48:bd:50:
                    2b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:E6:B1:CA:AE:8B:EA:D0:2F:1B:31:1E:28:A6:78:07:1E:D4:58:30
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234302e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:d6:49:05:5a:61:d5:9b:64:6a:92:61:79:0c:d2:70:8e:85:
         c9:05:7d:fe:52:fd:d8:6b:0e:19:2f:50:cb:19:f6:81:9a:cc:
         78:5c:d9:e6:36:fa:40:64:8b:1e:f7:7d:95:35:85:b0:87:9a:
         fe:81:b1:32:78:f8:09:80:61:f6:59:3a:79:87:5a:eb:64:14:
         7e:a1:8d:1f:ed:49:de:aa:b4:93:eb:da:ab:73:6f:df:16:15:
         ce:4a:cd:42:5a:2a:c5:fc:08:e5:41:ce:8e:da:08:ff:9c:1f:
         26:93:05:29:6c:79:55:58:43:05:b3:8c:d1:77:53:06:3c:ee:
         cc:13:60:4f:6c:54:04:10:42:2d:e4:ca:d9:9e:bf:42:8f:1f:
         29:14:ed:67:05:d8:79:c1:76:b8:f7:a1:e2:6f:a7:b1:06:4a:
         64:c8:4a:d7:06:d5:16:18:03:f2:0b:b8:10:7f:39:69:9a:5d:
         9f:d6:73:90:1e:ba:49:b8:c0:3b:98:43:96:e6:93:68:96:ab:
         e4:06:74:1c:9b:f0:46:4f:95:2a:2a:5f:59:77:94:dd:da:78:
         08:cf:d9:69:2c:66:72:35:1d:e1:f6:43:c1:ea:62:24:d4:a8:
         fa:26:07:f9:33:18:3f:18:bc:79:fc:f6:17:e6:d6:ff:f4:0e:
         73:95:a0:3a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeWW41TgOeXHxO5UBSDgYwUbFCsYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAyMjAwOTAzNDdaFw0yNzAyMTkwOTA4NDdaMDMxMTAvBgNV
BAMTKEJERTZCMUNBQUU4QkVBRDAyRjFCMzExRTI4QTY3ODA3MUVENDU4MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOxcms/CXG8fpDMtLRNhBt9NwQ
Zhp25z5gsgeWgicTI5u0899zI2sOOMuSLKy6oXU2cSNRx/Myt7CMZ2/iyOpyvPa1
QZrfOOTlQ0RyfJUhoM4s4wBXc1AdhFlXRLO9PvaYQAl9AoLQO6XkTJ5oZ2/3qk1z
bMhiKfM1no9w/iKTmIonaJfcfRWXNHUxaZV0QOCbN6KDoQC4g3gam3jKuQSc8tA9
PIYhJ1hinguyYVY+vN5xL6ak7AmNAaTlfTWLVvPB4feue/B3PbHqKRGpCW17zont
BMsQsYw8bG675Yiko5VXHd5Qs3IEOFBnWHJQJO5pGH8BIiGqa9WgV0i9UCtrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUveaxyq6L6tAvGzEeKKZ4Bx7UWDAwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzQzMDJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApN9
8DANBgkqhkiG9w0BAQsFAAOCAQEAEtZJBVph1ZtkapJheQzScI6FyQV9/lL92GsO
GS9Qyxn2gZrMeFzZ5jb6QGSLHvd9lTWFsIea/oGxMnj4CYBh9lk6eYda62QUfqGN
H+1J3qq0k+vaq3Nv3xYVzkrNQloqxfwI5UHOjtoI/5wfJpMFKWx5VVhDBbOM0XdT
BjzuzBNgT2xUBBBCLeTK2Z6/Qo8fKRTtZwXYecF2uPeh4m+nsQZKZMhK1wbVFhgD
8gu4EH85aZpdn9ZzkB66SbjAO5hDluaTaJar5AZ0HJvwRk+VKipfWXeU3dp4CM/Z
aSxmcjUd4fZDwepiJNSo+iYH+TMYPxi8efz2F+bW//QOc5WgOg==
-----END CERTIFICATE-----