Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234342e302f32332d3234203d3e20383334.roa
File:                     3134372e3132352e3234342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          wJ8oaUIimSrCafhXENNCu2QxTbpVYuWaUYvmDs3y60s=
Subject key identifier:   2E:CC:5C:12:79:FB:9B:36:F0:68:A9:DC:D2:68:58:85:D8:7C:FD:FC
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       05044484F4A6F3186B5B5F20358105EC2B36B97F
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234342e302f32332d3234203d3e20383334.roa
Signing time:             Fri 20 Feb 2026 09:08:48 +0000
ROA not before:           Fri 20 Feb 2026 09:03:48 +0000
ROA not after:            Fri 19 Feb 2027 09:08:48 +0000
asID:                     834
IP address blocks:        147.125.244.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:04:44:84:f4:a6:f3:18:6b:5b:5f:20:35:81:05:ec:2b:36:b9:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Feb 20 09:03:48 2026 GMT
            Not After : Feb 19 09:08:48 2027 GMT
        Subject: CN=2ECC5C1279FB9B36F068A9DCD2685885D87CFDFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:44:09:ac:e3:ae:ea:c6:ad:e5:c7:c7:ac:de:
                    67:7d:f6:28:ef:33:62:46:2d:cc:9e:ea:f6:7f:19:
                    64:40:1b:8d:d6:63:2b:30:e2:de:da:6b:1f:48:ac:
                    f3:8b:9a:93:3d:3c:fb:26:de:22:b2:ee:61:28:72:
                    ca:c0:fd:f8:9d:7c:c4:3b:c5:cd:27:ce:4e:c9:8c:
                    c0:80:0c:71:24:bf:f4:52:96:7d:d4:06:b0:dd:a5:
                    35:77:00:0c:62:bc:bf:5f:4e:be:44:57:bc:13:97:
                    17:5a:0d:43:cb:7e:e1:15:59:ca:6a:0d:b8:35:56:
                    ea:67:2e:a3:e3:ad:9c:ee:20:e1:c2:35:b8:c4:a0:
                    bd:a8:f1:07:cd:7e:62:d3:4a:75:e7:72:cf:b3:bb:
                    89:35:2a:ca:8a:78:54:db:8e:17:63:7a:3f:68:c6:
                    e5:3e:7b:16:8c:27:ea:4e:d3:ae:fa:d7:47:bb:bb:
                    9f:9e:e7:3a:b3:9c:ab:d4:6b:7b:4c:d6:28:1b:78:
                    ca:64:ca:65:af:16:a7:8f:9b:64:0a:e4:12:17:da:
                    18:bb:66:34:43:41:c3:c6:89:05:0f:9a:a1:2d:c9:
                    a2:8f:a6:cd:5a:3b:77:09:a5:5e:09:4e:53:88:9e:
                    8e:3b:16:9f:ea:46:c5:1b:86:89:41:8f:3e:02:2a:
                    c1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:CC:5C:12:79:FB:9B:36:F0:68:A9:DC:D2:68:58:85:D8:7C:FD:FC
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234342e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:d6:21:73:0b:8d:21:33:a2:33:5d:fd:82:52:61:d2:60:b1:
         2a:bc:40:ff:c8:5e:1c:22:bb:b9:83:80:80:46:f5:79:b0:f5:
         bc:c6:ee:ce:ed:18:9a:a8:57:b1:57:d6:1c:fe:31:7e:18:7a:
         2c:ac:18:74:81:56:3c:cf:ac:2d:5a:5e:fd:51:79:33:54:73:
         d2:fc:a0:75:03:13:6b:4c:9a:55:00:34:d7:12:ca:73:71:5b:
         15:7b:78:a9:bd:36:61:f7:ab:30:be:9c:63:ed:02:d9:26:30:
         06:80:1a:c9:72:18:e0:16:5b:e8:43:c2:a5:8c:69:17:f3:f0:
         c6:4c:55:83:1e:5a:1e:1f:14:a3:24:98:c4:a2:96:8d:da:31:
         81:81:50:c5:c4:e3:57:70:2f:8a:a2:7e:86:35:f9:85:8d:4d:
         dc:e2:3d:02:90:77:4f:de:a6:6c:d4:71:a3:33:05:31:5b:03:
         94:1c:69:d1:41:6b:57:a0:94:33:9d:1d:46:98:3c:a4:ec:ec:
         4c:9e:ae:d7:67:73:39:43:58:dc:f9:be:16:3f:d5:43:b1:4c:
         00:30:da:eb:10:24:ff:b5:42:03:16:99:24:63:dd:5d:ec:da:
         d2:70:2a:94:98:86:bb:a0:0b:82:a5:73:5f:29:53:b0:32:01:
         75:c8:31:43
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBQREhPSm8xhrW18gNYEF7Cs2uX8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAyMjAwOTAzNDhaFw0yNzAyMTkwOTA4NDhaMDMxMTAvBgNV
BAMTKDJFQ0M1QzEyNzlGQjlCMzZGMDY4QTlEQ0QyNjg1ODg1RDg3Q0ZERkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+RAms467qxq3lx8es3md99ijv
M2JGLcye6vZ/GWRAG43WYysw4t7aax9IrPOLmpM9PPsm3iKy7mEocsrA/fidfMQ7
xc0nzk7JjMCADHEkv/RSln3UBrDdpTV3AAxivL9fTr5EV7wTlxdaDUPLfuEVWcpq
Dbg1VupnLqPjrZzuIOHCNbjEoL2o8QfNfmLTSnXncs+zu4k1KsqKeFTbjhdjej9o
xuU+exaMJ+pO067610e7u5+e5zqznKvUa3tM1igbeMpkymWvFqePm2QK5BIX2hi7
ZjRDQcPGiQUPmqEtyaKPps1aO3cJpV4JTlOIno47Fp/qRsUbholBjz4CKsELAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULsxcEnn7mzbwaKnc0mhYhdh8/fwwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzQzNDJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZN9
9DANBgkqhkiG9w0BAQsFAAOCAQEAKNYhcwuNITOiM139glJh0mCxKrxA/8heHCK7
uYOAgEb1ebD1vMbuzu0YmqhXsVfWHP4xfhh6LKwYdIFWPM+sLVpe/VF5M1Rz0vyg
dQMTa0yaVQA01xLKc3FbFXt4qb02YferML6cY+0C2SYwBoAayXIY4BZb6EPCpYxp
F/PwxkxVgx5aHh8UoySYxKKWjdoxgYFQxcTjV3AviqJ+hjX5hY1N3OI9ApB3T96m
bNRxozMFMVsDlBxp0UFrV6CUM50dRpg8pOzsTJ6u12dzOUNY3Pm+Fj/VQ7FMADDa
6xAk/7VCAxaZJGPdXeza0nAqlJiGu6ALgqVzXylTsDIBdcgxQw==
-----END CERTIFICATE-----