Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3235312e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3235312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          wvK5G2bqCTpUYqEdue4JLrUZPFmo6LpGAO7c4vSoN6Q=
Subject key identifier:   85:80:B8:28:CB:7C:85:CA:E1:43:6D:B6:A4:22:2D:2D:1E:9A:21:0A
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       50F75193BCB0FABC19A40C8056F9C258C69FE913
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3235312e302f32342d3234203d3e20383334.roa
Signing time:             Mon 23 Feb 2026 08:30:57 +0000
ROA not before:           Mon 23 Feb 2026 08:25:57 +0000
ROA not after:            Mon 22 Feb 2027 08:30:57 +0000
asID:                     834
IP address blocks:        147.125.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:f7:51:93:bc:b0:fa:bc:19:a4:0c:80:56:f9:c2:58:c6:9f:e9:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Feb 23 08:25:57 2026 GMT
            Not After : Feb 22 08:30:57 2027 GMT
        Subject: CN=8580B828CB7C85CAE1436DB6A4222D2D1E9A210A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:b4:58:fb:26:74:09:cf:2b:0e:cf:94:65:14:
                    3c:cc:7d:4f:86:09:2c:9f:33:3b:67:af:b7:2b:94:
                    2e:57:a2:d0:dd:97:13:02:d2:97:ff:92:f0:28:f0:
                    23:c5:2e:fc:6a:59:9e:11:70:10:79:30:ca:3f:e1:
                    72:08:6e:aa:48:1e:02:51:cf:8e:19:1c:12:b7:26:
                    3f:b4:52:e6:ba:a2:b6:10:52:01:1c:5c:97:be:aa:
                    01:1b:5b:e5:ef:d9:d2:18:66:00:24:c5:cb:6b:11:
                    ee:97:68:23:aa:90:d4:67:f8:5c:fe:e5:0d:e3:1d:
                    ae:83:67:6e:a7:ce:57:03:f2:7b:bb:ed:12:07:6a:
                    b3:59:23:ca:af:d9:21:5f:65:13:01:77:0d:c4:e5:
                    ce:17:7c:a0:79:d3:e0:78:17:75:7e:38:6c:c5:ed:
                    40:b8:8d:fe:5a:e2:6a:e0:0d:28:52:36:b2:a3:b7:
                    93:b8:9e:40:d2:9e:9c:05:5b:f1:cb:c7:98:f2:8e:
                    3f:fe:7b:75:6e:19:e7:66:7a:c1:e4:57:1f:37:ac:
                    46:c9:d3:f5:12:99:a2:80:cf:af:9a:7e:55:c8:c2:
                    62:84:1e:6c:d6:a1:fc:64:ac:97:92:cd:75:fc:c1:
                    2e:2b:51:61:9f:11:90:36:14:c4:77:02:88:a9:27:
                    ad:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:80:B8:28:CB:7C:85:CA:E1:43:6D:B6:A4:22:2D:2D:1E:9A:21:0A
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3235312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:df:e5:e9:b7:f3:b3:aa:4c:64:1f:60:c3:40:f1:0a:36:57:
         a8:c6:8e:53:ea:ec:e2:17:58:5a:60:3b:7e:e5:5f:f2:02:f0:
         36:b6:0d:0b:e2:be:0d:78:c8:ae:ff:99:57:2d:53:90:0c:ba:
         23:96:dc:c8:61:33:b6:82:ad:2c:ea:d1:f0:67:d8:ea:69:ee:
         d7:98:0e:18:b4:4b:78:da:9f:1d:c2:39:7e:ae:26:c5:11:35:
         7d:59:dc:e7:24:5c:f5:a7:2d:ad:4a:f0:06:ff:4d:98:b8:31:
         85:1a:90:84:25:20:2a:3a:53:10:56:91:29:2d:aa:95:c7:45:
         62:8a:83:3a:a8:be:1b:58:ce:7c:30:ee:f9:f5:18:05:5d:44:
         58:c4:e0:a7:ea:61:63:e8:be:2d:b3:f2:46:8d:08:5d:53:dd:
         12:68:fd:ce:a7:43:4f:39:ee:78:1b:74:42:58:fb:05:03:d4:
         82:3c:35:e5:c5:45:ab:dc:26:f6:d9:2d:6f:14:46:d7:5c:d5:
         13:93:8a:de:88:8a:ae:a1:42:ae:c2:06:42:c8:33:3a:db:53:
         61:bf:56:57:e1:f2:97:10:6d:3b:8b:c8:45:c7:be:aa:c3:4d:
         a3:97:6b:0a:ed:31:dd:5e:90:4c:c9:03:e6:59:3c:5d:08:f7:
         e3:80:49:fd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUPdRk7yw+rwZpAyAVvnCWMaf6RMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAyMjMwODI1NTdaFw0yNzAyMjIwODMwNTdaMDMxMTAvBgNV
BAMTKDg1ODBCODI4Q0I3Qzg1Q0FFMTQzNkRCNkE0MjIyRDJEMUU5QTIxMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3tFj7JnQJzysOz5RlFDzMfU+G
CSyfMztnr7crlC5XotDdlxMC0pf/kvAo8CPFLvxqWZ4RcBB5MMo/4XIIbqpIHgJR
z44ZHBK3Jj+0Uua6orYQUgEcXJe+qgEbW+Xv2dIYZgAkxctrEe6XaCOqkNRn+Fz+
5Q3jHa6DZ26nzlcD8nu77RIHarNZI8qv2SFfZRMBdw3E5c4XfKB50+B4F3V+OGzF
7UC4jf5a4mrgDShSNrKjt5O4nkDSnpwFW/HLx5jyjj/+e3VuGedmesHkVx83rEbJ
0/USmaKAz6+aflXIwmKEHmzWofxkrJeSzXX8wS4rUWGfEZA2FMR3AoipJ63LAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUhYC4KMt8hcrhQ222pCItLR6aIQowHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzUzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
+zANBgkqhkiG9w0BAQsFAAOCAQEAL9/l6bfzs6pMZB9gw0DxCjZXqMaOU+rs4hdY
WmA7fuVf8gLwNrYNC+K+DXjIrv+ZVy1TkAy6I5bcyGEztoKtLOrR8GfY6mnu15gO
GLRLeNqfHcI5fq4mxRE1fVnc5yRc9actrUrwBv9NmLgxhRqQhCUgKjpTEFaRKS2q
lcdFYoqDOqi+G1jOfDDu+fUYBV1EWMTgp+phY+i+LbPyRo0IXVPdEmj9zqdDTznu
eBt0Qlj7BQPUgjw15cVFq9wm9tktbxRG11zVE5OK3oiKrqFCrsIGQsgzOttTYb9W
V+HylxBtO4vIRce+qsNNo5drCu0x3V6QTMkD5lk8XQj344BJ/Q==
-----END CERTIFICATE-----