Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133382e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3133382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          qZCXtMrG+HcDPl0Xt5LIAEWdR8oV+Ok0cJP1U1O1/6M=
Subject key identifier:   23:50:05:E7:1F:54:1B:2E:6E:19:44:B0:80:02:EF:52:53:28:A1:5A
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       08883AA2698926F56012928671896EB4FBCC2B72
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133382e302f32342d3234203d3e20383334.roa
Signing time:             Wed 13 May 2026 13:14:13 +0000
ROA not before:           Wed 13 May 2026 13:09:13 +0000
ROA not after:            Wed 12 May 2027 13:14:13 +0000
asID:                     834
IP address blocks:        147.125.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:88:3a:a2:69:89:26:f5:60:12:92:86:71:89:6e:b4:fb:cc:2b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: May 13 13:09:13 2026 GMT
            Not After : May 12 13:14:13 2027 GMT
        Subject: CN=235005E71F541B2E6E1944B08002EF525328A15A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e3:06:3c:30:53:fb:b7:37:cf:59:97:9c:7f:
                    4f:b3:27:a3:db:f9:df:f5:d2:29:75:b5:7b:8d:07:
                    21:cd:c8:f4:f7:5a:5d:a1:d7:73:91:1f:32:d0:64:
                    52:f5:91:5c:34:1f:01:d7:3e:7a:c6:15:64:88:1e:
                    86:b4:27:ab:52:dc:88:c0:03:55:ba:24:d0:c4:9c:
                    4e:63:69:33:e2:a4:f3:b4:2f:84:6e:51:42:a9:96:
                    f8:ef:64:e5:23:c6:fa:11:92:0d:62:75:ec:0b:5a:
                    e6:0e:fc:15:af:05:7c:07:c2:e0:8d:72:cb:14:b0:
                    ce:ed:1a:fb:44:5f:45:65:60:8a:e4:82:23:bc:71:
                    cb:62:b9:63:a0:a0:22:c5:d4:a9:11:f3:e6:fd:87:
                    0b:da:b7:0b:f1:c3:bf:ea:df:37:c1:3d:9f:f6:ac:
                    76:3d:6c:8e:0b:53:0d:4b:7b:58:16:1c:c2:5c:cf:
                    85:9b:0a:5f:57:82:ca:fc:b7:c8:75:45:59:f3:9f:
                    a6:18:6e:87:a8:41:2f:53:a1:68:07:4e:6e:0c:f5:
                    88:eb:c9:ec:4a:cd:89:9e:d8:31:d6:5f:49:32:1e:
                    e8:55:2d:84:80:1b:44:b2:db:87:14:27:c3:39:df:
                    fc:a6:3b:b3:3d:c6:b8:4a:ba:bb:f3:e4:83:14:4d:
                    4b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:50:05:E7:1F:54:1B:2E:6E:19:44:B0:80:02:EF:52:53:28:A1:5A
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:fa:e7:5e:01:da:9c:4e:5f:75:78:5c:c3:2e:c5:72:bc:a7:
         79:13:fd:45:b7:8b:65:d8:99:30:b4:85:e8:aa:02:df:c4:ec:
         f0:9e:88:ca:13:8b:b2:70:96:e9:8a:aa:84:6e:73:d4:0b:13:
         d4:34:4c:3b:66:63:e1:a9:a8:1b:03:0a:d8:f5:b4:b3:39:d3:
         ee:61:7b:07:d9:57:46:ee:4f:9d:31:dd:67:df:15:52:ee:51:
         87:5b:bf:af:03:04:e2:da:57:33:ee:9d:34:81:47:13:49:2f:
         de:c0:8c:57:e7:ab:9f:72:91:d0:da:8d:64:68:0a:32:6f:a2:
         39:0f:7f:8b:f5:13:0e:39:24:26:be:fa:36:e2:01:af:40:29:
         7b:58:8c:a4:ae:80:af:de:6e:83:62:dc:21:86:02:e0:d6:81:
         94:49:20:87:6c:52:e0:e0:d3:bb:c7:d4:44:a8:68:9a:dc:af:
         88:cf:85:79:74:08:ce:cd:58:37:26:93:91:d1:12:b9:3c:0b:
         e7:57:a9:d5:b1:83:03:a6:6b:a5:68:63:74:11:83:69:35:a0:
         9e:5c:d8:68:7d:e9:f9:f0:74:96:73:60:e6:64:5a:f9:a9:d6:
         79:e6:91:a3:13:9e:51:b9:a9:11:f8:c1:cd:3f:c8:ae:02:32:
         a0:d3:04:44
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCIg6ommJJvVgEpKGcYlutPvMK3IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA1MTMxMzA5MTNaFw0yNzA1MTIxMzE0MTNaMDMxMTAvBgNV
BAMTKDIzNTAwNUU3MUY1NDFCMkU2RTE5NDRCMDgwMDJFRjUyNTMyOEExNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj4wY8MFP7tzfPWZecf0+zJ6Pb
+d/10il1tXuNByHNyPT3Wl2h13ORHzLQZFL1kVw0HwHXPnrGFWSIHoa0J6tS3IjA
A1W6JNDEnE5jaTPipPO0L4RuUUKplvjvZOUjxvoRkg1idewLWuYO/BWvBXwHwuCN
cssUsM7tGvtEX0VlYIrkgiO8cctiuWOgoCLF1KkR8+b9hwvatwvxw7/q3zfBPZ/2
rHY9bI4LUw1Le1gWHMJcz4WbCl9Xgsr8t8h1RVnzn6YYboeoQS9ToWgHTm4M9Yjr
yexKzYme2DHWX0kyHuhVLYSAG0Sy24cUJ8M53/ymO7M9xrhKurvz5IMUTUvRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUI1AF5x9UGy5uGUSwgALvUlMooVowHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzMzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
ijANBgkqhkiG9w0BAQsFAAOCAQEAAfrnXgHanE5fdXhcwy7FcryneRP9RbeLZdiZ
MLSF6KoC38Ts8J6IyhOLsnCW6YqqhG5z1AsT1DRMO2Zj4amoGwMK2PW0sznT7mF7
B9lXRu5PnTHdZ98VUu5Rh1u/rwME4tpXM+6dNIFHE0kv3sCMV+ern3KR0NqNZGgK
Mm+iOQ9/i/UTDjkkJr76NuIBr0Ape1iMpK6Ar95ug2LcIYYC4NaBlEkgh2xS4ODT
u8fURKhomtyviM+FeXQIzs1YNyaTkdESuTwL51ep1bGDA6ZrpWhjdBGDaTWgnlzY
aH3p+fB0lnNg5mRa+anWeeaRoxOeUbmpEfjBzT/IrgIyoNMERA==
-----END CERTIFICATE-----