Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234382e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3234382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          6st6kdtxyaJEeRpv8cDYJ5b70imDyudytaYA2C7MnWE=
Subject key identifier:   EB:36:85:59:6F:40:A3:51:EB:BE:D6:B1:80:A0:55:08:2B:9A:D8:7A
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       3C5098459EDE8A2B70693387A573E069215DBCDC
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234382e302f32342d3234203d3e20383334.roa
Signing time:             Sun 24 May 2026 16:27:55 +0000
ROA not before:           Sun 24 May 2026 16:22:55 +0000
ROA not after:            Sun 23 May 2027 16:27:55 +0000
asID:                     834
IP address blocks:        147.125.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:50:98:45:9e:de:8a:2b:70:69:33:87:a5:73:e0:69:21:5d:bc:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: May 24 16:22:55 2026 GMT
            Not After : May 23 16:27:55 2027 GMT
        Subject: CN=EB3685596F40A351EBBED6B180A055082B9AD87A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:93:ed:c9:14:15:ab:35:d8:1b:22:f2:10:0b:
                    d5:09:a4:d1:d3:6d:9f:14:a3:64:cd:96:4c:2c:11:
                    07:f9:5b:e1:1a:5e:3c:e1:a2:f5:07:85:dc:ee:e3:
                    3a:e7:4a:50:63:97:8c:b5:a4:cf:8d:03:c9:98:a7:
                    83:2f:5e:a2:a8:36:13:c2:f2:eb:82:92:0e:48:c1:
                    91:db:76:7a:88:2f:87:bf:e5:7d:47:8f:56:b2:0c:
                    19:27:8b:73:ce:45:78:b0:3d:35:59:1e:da:8a:68:
                    f3:70:79:9a:20:3d:c7:93:89:fd:9c:7d:b5:68:2d:
                    6f:85:63:80:df:7e:3c:8c:a2:87:d2:5a:d9:73:f1:
                    7e:d3:db:ba:c3:45:6b:c8:9c:df:b4:e0:5b:d3:61:
                    0a:0a:c5:6e:6f:15:28:48:34:e2:57:c2:7c:98:44:
                    7f:2f:db:46:f5:d4:f4:8c:98:27:72:b9:ee:ab:91:
                    46:7f:92:54:07:ff:27:cd:b6:43:4c:76:8a:69:6f:
                    a2:76:05:d4:d9:d8:f0:3d:7a:dd:fc:1a:91:ea:61:
                    c8:53:65:c2:a9:6a:dc:40:2f:ff:20:fd:49:ca:ff:
                    f1:d0:c2:b7:af:91:44:da:81:93:16:82:55:6b:39:
                    7d:b4:da:bc:02:4b:ca:97:a3:51:aa:1f:3c:b6:da:
                    f0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:36:85:59:6F:40:A3:51:EB:BE:D6:B1:80:A0:55:08:2B:9A:D8:7A
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:3a:81:ff:8c:96:e9:6d:cd:cf:7f:81:ba:0b:01:46:20:4e:
         1e:be:62:4a:83:85:a8:90:37:1e:6c:ab:7c:89:c7:dc:45:cc:
         15:d2:62:63:bc:fd:9e:55:c0:b0:28:7e:ee:33:c5:34:e0:06:
         56:f5:94:52:05:8e:c2:32:03:e4:8f:b3:7d:1d:f5:39:77:2f:
         9b:2d:74:6c:2f:15:4c:54:d3:1c:4e:88:2c:18:a3:06:f3:ba:
         ab:44:2a:01:61:80:9b:69:10:bc:8a:a8:75:9c:90:ab:bf:b9:
         01:a0:31:f7:69:fb:22:62:b2:a3:ad:71:d4:e9:f3:30:f2:d1:
         7e:9f:ca:1a:d0:73:a2:07:c0:d1:d5:6e:6e:1c:1f:3b:17:44:
         ef:99:ee:21:24:3d:aa:bd:55:72:1e:8d:f6:00:ac:5f:db:94:
         6e:da:e7:bf:f9:3f:b7:de:c5:94:81:ce:9e:59:c5:0c:53:fc:
         d0:33:aa:eb:40:f2:b8:61:ae:b5:4c:58:63:f3:f9:14:1e:2f:
         56:51:77:9c:bc:92:f8:bc:04:f4:78:00:b2:cf:13:33:00:97:
         46:98:69:94:8a:7b:40:46:af:f0:b3:46:1d:0a:56:f3:58:2f:
         dc:2c:4a:8c:20:b9:4f:a7:d0:89:dc:a6:93:b5:36:de:5d:ee:
         79:1a:a3:00
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPFCYRZ7eiitwaTOHpXPgaSFdvNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA1MjQxNjIyNTVaFw0yNzA1MjMxNjI3NTVaMDMxMTAvBgNV
BAMTKEVCMzY4NTU5NkY0MEEzNTFFQkJFRDZCMTgwQTA1NTA4MkI5QUQ4N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGk+3JFBWrNdgbIvIQC9UJpNHT
bZ8Uo2TNlkwsEQf5W+EaXjzhovUHhdzu4zrnSlBjl4y1pM+NA8mYp4MvXqKoNhPC
8uuCkg5IwZHbdnqIL4e/5X1Hj1ayDBkni3PORXiwPTVZHtqKaPNweZogPceTif2c
fbVoLW+FY4DffjyMoofSWtlz8X7T27rDRWvInN+04FvTYQoKxW5vFShINOJXwnyY
RH8v20b11PSMmCdyue6rkUZ/klQH/yfNtkNMdoppb6J2BdTZ2PA9et38GpHqYchT
ZcKpatxAL/8g/UnK//HQwrevkUTagZMWglVrOX202rwCS8qXo1GqHzy22vBnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU6zaFWW9Ao1HrvtaxgKBVCCua2HowHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzQzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
+DANBgkqhkiG9w0BAQsFAAOCAQEAbjqB/4yW6W3Nz3+BugsBRiBOHr5iSoOFqJA3
HmyrfInH3EXMFdJiY7z9nlXAsCh+7jPFNOAGVvWUUgWOwjID5I+zfR31OXcvmy10
bC8VTFTTHE6ILBijBvO6q0QqAWGAm2kQvIqodZyQq7+5AaAx92n7ImKyo61x1Onz
MPLRfp/KGtBzogfA0dVubhwfOxdE75nuISQ9qr1Vch6N9gCsX9uUbtrnv/k/t97F
lIHOnlnFDFP80DOq60DyuGGutUxYY/P5FB4vVlF3nLyS+LwE9HgAss8TMwCXRphp
lIp7QEav8LNGHQpW81gv3CxKjCC5T6fQidymk7U23l3ueRqjAA==
-----END CERTIFICATE-----