Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133362e302f32322d3234203d3e20383334.roa
File:                     3134372e3132352e3133362e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          gMb/pHQmZNqm7n6l/SGQ1ffX3s14AHP4mluOViSNZhQ=
Subject key identifier:   C2:FB:94:37:5B:10:38:F5:7D:CB:22:DD:F5:23:61:6A:D9:EC:9C:52
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       58A148478DA9A2F3418ADB7F4B4DDC994704F113
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133362e302f32322d3234203d3e20383334.roa
Signing time:             Sun 28 Jun 2026 13:28:26 +0000
ROA not before:           Sun 28 Jun 2026 13:23:26 +0000
ROA not after:            Sun 27 Jun 2027 13:28:26 +0000
asID:                     834
IP address blocks:        147.125.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 22:40:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:a1:48:47:8d:a9:a2:f3:41:8a:db:7f:4b:4d:dc:99:47:04:f1:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun 28 13:23:26 2026 GMT
            Not After : Jun 27 13:28:26 2027 GMT
        Subject: CN=C2FB94375B1038F57DCB22DDF523616AD9EC9C52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:62:5a:0f:e1:94:4f:bb:2f:a9:52:9e:f7:b8:
                    3c:dd:61:c1:f8:be:db:8b:2c:ee:9d:43:f0:6b:e2:
                    85:83:ca:00:2c:87:2a:e6:e8:27:09:78:e5:5d:59:
                    96:c5:b5:24:74:0f:79:58:08:0f:71:33:93:f9:e8:
                    43:0c:14:73:62:84:51:a2:2e:6e:a9:37:91:d7:ae:
                    96:96:45:87:18:29:2f:ed:52:9e:7c:38:29:38:fb:
                    df:8d:c6:9c:cd:ed:7e:a2:a7:a8:a2:3e:c0:66:40:
                    e6:6c:ec:e7:57:3a:b7:6f:03:f2:0b:69:9f:53:08:
                    ba:14:62:79:9b:05:de:ae:95:dd:a5:59:47:a0:9d:
                    c4:4a:45:e0:3c:7b:e2:1f:11:7f:42:75:2a:4a:20:
                    1d:44:ef:77:cc:f1:a4:ea:9e:db:b7:8a:48:e4:95:
                    6a:25:e2:38:97:31:e5:de:07:30:2f:8c:80:da:08:
                    6a:f5:7b:6f:a3:90:4d:bd:2a:bd:20:0b:be:bf:3d:
                    56:2e:84:89:5b:79:22:b8:6a:c2:e3:81:67:71:86:
                    fa:bb:32:5d:dd:5c:81:20:c1:36:35:ce:52:62:d2:
                    e0:9b:f3:3f:42:2a:8e:cd:cc:71:e1:93:31:d0:22:
                    3a:d6:96:cf:79:e0:2d:73:b5:71:f0:f0:01:af:63:
                    06:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:FB:94:37:5B:10:38:F5:7D:CB:22:DD:F5:23:61:6A:D9:EC:9C:52
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133362e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:87:fe:c4:dc:a9:47:66:a2:ce:cf:30:cc:21:24:89:38:03:
         f7:5b:7b:70:c4:a4:8c:61:f1:8d:70:4c:4b:dc:9b:1f:8b:e2:
         73:7e:7d:d1:78:78:f3:3f:f1:7d:2b:18:09:8a:e1:95:e4:c8:
         17:e9:f1:79:46:84:cd:ec:f9:f0:27:7c:0b:c6:74:87:2e:fd:
         d9:d3:56:84:09:ca:e6:da:83:ad:1f:0f:53:79:64:5e:42:8c:
         8a:3a:87:52:72:36:ee:56:1a:47:a0:4d:53:58:b3:47:77:9f:
         4e:a9:c9:24:06:9e:2e:93:18:ac:6b:24:aa:b6:6a:15:9e:f2:
         af:52:d7:69:99:01:dc:00:c0:fa:af:e5:34:29:39:10:73:45:
         07:2c:92:fd:8e:db:c7:8f:cd:f7:84:f7:65:c1:39:f8:52:e0:
         d9:3f:25:74:ce:9c:4c:7e:76:aa:95:d6:4f:94:ac:40:99:0e:
         c6:f4:8c:57:29:b3:4f:e8:73:e9:8a:68:e7:16:54:43:41:c5:
         86:c2:33:ac:2e:a9:cf:65:f2:c9:55:c7:61:ad:bd:c2:60:79:
         f1:e5:ea:88:5d:ac:11:04:f2:e1:71:38:b5:f7:43:59:bd:af:
         ff:6e:1e:5d:71:96:94:fd:65:29:ed:e4:7f:8f:a1:d4:c4:f4:
         c9:4d:2e:39
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWKFIR42povNBitt/S03cmUcE8RMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MjgxMzIzMjZaFw0yNzA2MjcxMzI4MjZaMDMxMTAvBgNV
BAMTKEMyRkI5NDM3NUIxMDM4RjU3RENCMjJEREY1MjM2MTZBRDlFQzlDNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbYloP4ZRPuy+pUp73uDzdYcH4
vtuLLO6dQ/Br4oWDygAshyrm6CcJeOVdWZbFtSR0D3lYCA9xM5P56EMMFHNihFGi
Lm6pN5HXrpaWRYcYKS/tUp58OCk4+9+NxpzN7X6ip6iiPsBmQOZs7OdXOrdvA/IL
aZ9TCLoUYnmbBd6uld2lWUegncRKReA8e+IfEX9CdSpKIB1E73fM8aTqntu3ikjk
lWol4jiXMeXeBzAvjIDaCGr1e2+jkE29Kr0gC76/PVYuhIlbeSK4asLjgWdxhvq7
Ml3dXIEgwTY1zlJi0uCb8z9CKo7NzHHhkzHQIjrWls954C1ztXHw8AGvYwb1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwvuUN1sQOPV9yyLd9SNhatnsnFIwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzMzNjJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApN9
iDANBgkqhkiG9w0BAQsFAAOCAQEAfof+xNypR2aizs8wzCEkiTgD91t7cMSkjGHx
jXBMS9ybH4vic3590Xh48z/xfSsYCYrhleTIF+nxeUaEzez58Cd8C8Z0hy792dNW
hAnK5tqDrR8PU3lkXkKMijqHUnI27lYaR6BNU1izR3efTqnJJAaeLpMYrGskqrZq
FZ7yr1LXaZkB3ADA+q/lNCk5EHNFByyS/Y7bx4/N94T3ZcE5+FLg2T8ldM6cTH52
qpXWT5SsQJkOxvSMVymzT+hz6Ypo5xZUQ0HFhsIzrC6pz2XyyVXHYa29wmB58eXq
iF2sEQTy4XE4tfdDWb2v/24eXXGWlP1lKe3kf4+h1MT0yU0uOQ==
-----END CERTIFICATE-----