Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234362e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3234362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          0bHsJ/rBfB6AJcdP9pucOhejGIo5Yc0rIZ2vHPpYSQI=
Subject key identifier:   A0:2D:6E:E6:F8:DD:A4:F2:3C:2E:DE:54:5A:97:61:6F:F3:55:9A:3F
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       3234CCADDD33F2C99E38E706DD18BC287C4218E2
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234362e302f32342d3234203d3e20383334.roa
Signing time:             Fri 20 Feb 2026 09:08:48 +0000
ROA not before:           Fri 20 Feb 2026 09:03:48 +0000
ROA not after:            Fri 19 Feb 2027 09:08:48 +0000
asID:                     834
IP address blocks:        147.125.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:34:cc:ad:dd:33:f2:c9:9e:38:e7:06:dd:18:bc:28:7c:42:18:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Feb 20 09:03:48 2026 GMT
            Not After : Feb 19 09:08:48 2027 GMT
        Subject: CN=A02D6EE6F8DDA4F23C2EDE545A97616FF3559A3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ff:64:df:29:d7:82:45:85:f5:1c:e7:09:ba:
                    62:5b:f5:ac:23:91:47:11:dc:1e:5a:0c:7e:c0:7e:
                    0c:29:ec:a1:51:9c:ae:c3:9e:cc:e3:c3:ca:1d:d4:
                    c1:d6:ce:a6:46:c1:d6:36:f7:c3:56:aa:c2:0a:f5:
                    fc:89:45:08:cd:90:6c:e9:d7:cf:2b:10:1b:c6:77:
                    67:d6:37:02:62:1a:6c:2c:a7:46:e0:10:4c:0b:22:
                    5d:41:2f:40:e9:b2:90:b9:bd:7a:35:b0:f1:5f:de:
                    bf:ce:62:b1:f8:0b:ce:e3:2a:5b:25:ce:1b:d4:70:
                    ac:73:ab:34:3e:29:5d:c5:22:61:51:ba:62:24:e3:
                    9a:58:52:5c:09:fc:91:71:1e:8a:38:d1:88:93:d7:
                    2f:16:6b:c2:53:89:47:9a:c0:02:10:3c:2b:18:fa:
                    b5:7e:78:13:86:7a:a1:35:c3:45:7f:f0:0e:93:e3:
                    2c:b0:87:a3:37:52:a8:b9:85:e0:75:58:4a:e8:44:
                    0f:26:e8:a5:d8:95:56:16:23:0c:c3:a0:80:ab:57:
                    7f:39:fb:ad:82:91:2d:33:98:b7:5d:1d:4c:ec:a1:
                    63:3c:fb:e8:6a:45:59:12:31:72:58:84:81:0c:bb:
                    d8:87:ed:f6:3d:79:63:c5:e7:2e:39:ed:97:d2:d1:
                    48:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2D:6E:E6:F8:DD:A4:F2:3C:2E:DE:54:5A:97:61:6F:F3:55:9A:3F
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:9b:ea:27:60:82:1e:c1:72:9f:2d:d2:15:a5:06:f1:01:30:
         4e:eb:70:a1:12:33:12:4d:db:49:10:ba:be:33:35:63:fc:7b:
         ad:d7:0f:0f:64:20:b3:68:fb:5a:c6:6b:78:bc:90:f8:6f:6b:
         0d:e6:5a:11:03:e7:9d:58:9b:e9:bd:29:6f:52:ab:b7:6d:da:
         6b:76:4e:02:b4:23:2f:8d:06:5b:7d:8f:43:75:e4:11:c4:47:
         3d:d0:bb:23:ba:67:43:3f:1b:7d:e2:81:36:e1:3d:12:79:ea:
         11:30:6b:cf:3c:ca:1e:77:79:3a:e6:66:17:be:08:b3:9e:1c:
         da:11:c4:d4:41:c0:5d:5e:df:bb:55:e2:dc:5d:2d:2f:09:a3:
         7b:69:56:b0:60:32:24:47:82:f1:26:17:0f:be:4e:e4:34:fc:
         7e:91:44:1b:16:75:ed:52:2f:ff:ba:ea:82:12:e2:fa:56:3c:
         48:c7:18:4a:9f:68:c5:a9:8c:1a:ca:6a:cd:f2:62:29:46:55:
         b5:7c:48:96:85:51:ff:03:cb:46:96:e8:78:4e:ec:d5:08:89:
         8a:d4:e8:8b:f2:67:9b:b3:8b:6d:4b:c5:1d:aa:fc:c2:3e:4a:
         fe:54:5e:b5:53:eb:23:14:fe:22:38:73:87:15:1b:03:81:61:
         5d:47:51:69
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMjTMrd0z8smeOOcG3Ri8KHxCGOIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAyMjAwOTAzNDhaFw0yNzAyMTkwOTA4NDhaMDMxMTAvBgNV
BAMTKEEwMkQ2RUU2RjhEREE0RjIzQzJFREU1NDVBOTc2MTZGRjM1NTlBM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6/2TfKdeCRYX1HOcJumJb9awj
kUcR3B5aDH7Afgwp7KFRnK7Dnszjw8od1MHWzqZGwdY298NWqsIK9fyJRQjNkGzp
188rEBvGd2fWNwJiGmwsp0bgEEwLIl1BL0DpspC5vXo1sPFf3r/OYrH4C87jKlsl
zhvUcKxzqzQ+KV3FImFRumIk45pYUlwJ/JFxHoo40YiT1y8Wa8JTiUeawAIQPCsY
+rV+eBOGeqE1w0V/8A6T4yywh6M3Uqi5heB1WEroRA8m6KXYlVYWIwzDoICrV385
+62CkS0zmLddHUzsoWM8++hqRVkSMXJYhIEMu9iH7fY9eWPF5y457ZfS0Ug7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUoC1u5vjdpPI8Lt5UWpdhb/NVmj8wHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzQzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
9jANBgkqhkiG9w0BAQsFAAOCAQEARpvqJ2CCHsFyny3SFaUG8QEwTutwoRIzEk3b
SRC6vjM1Y/x7rdcPD2Qgs2j7WsZreLyQ+G9rDeZaEQPnnVib6b0pb1Krt23aa3ZO
ArQjL40GW32PQ3XkEcRHPdC7I7pnQz8bfeKBNuE9EnnqETBrzzzKHnd5OuZmF74I
s54c2hHE1EHAXV7fu1Xi3F0tLwmje2lWsGAyJEeC8SYXD75O5DT8fpFEGxZ17VIv
/7rqghLi+lY8SMcYSp9oxamMGspqzfJiKUZVtXxIloVR/wPLRpboeE7s1QiJitTo
i/Jnm7OLbUvFHar8wj5K/lRetVPrIxT+IjhzhxUbA4FhXUdRaQ==
-----END CERTIFICATE-----