Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137342e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3137342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          /9Z247IAyIZl483oguMSLeg5i8Z5cFi5DkPIb7QOLzM=
Subject key identifier:   B6:04:0A:EF:82:80:E4:03:43:03:24:6E:71:BF:E2:BA:5A:D0:B3:90
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       22EFC5EA5713B8BC8281AE8E3036FC9C6C5A50CE
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137342e302f32342d3234203d3e20383334.roa
Signing time:             Sat 20 Jun 2026 13:57:26 +0000
ROA not before:           Sat 20 Jun 2026 13:52:26 +0000
ROA not after:            Sat 19 Jun 2027 13:57:26 +0000
asID:                     834
IP address blocks:        147.125.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 11:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:ef:c5:ea:57:13:b8:bc:82:81:ae:8e:30:36:fc:9c:6c:5a:50:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun 20 13:52:26 2026 GMT
            Not After : Jun 19 13:57:26 2027 GMT
        Subject: CN=B6040AEF8280E4034303246E71BFE2BA5AD0B390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0c:20:2f:2c:a9:23:24:ed:b2:79:dd:24:2a:
                    a6:7f:58:b0:43:51:43:97:19:ea:0b:de:a1:fd:7c:
                    e7:05:19:76:39:e8:ff:3d:2f:b8:7b:d9:30:0d:fe:
                    a5:35:ee:7a:58:98:88:91:30:7d:e6:40:e6:fc:ef:
                    02:d4:c8:4d:f1:07:de:47:80:86:e3:cf:16:11:d0:
                    29:f0:d6:f9:2b:c8:21:9a:f8:10:eb:c1:d9:de:b9:
                    b9:f1:de:01:b1:00:d5:ad:ce:c4:56:c7:72:4f:13:
                    2d:43:b0:48:62:ec:7d:2d:b4:98:80:de:f0:e6:18:
                    0c:e1:6f:9b:8c:f9:e0:e4:7a:72:82:af:db:d0:2b:
                    70:77:8a:af:93:f4:2a:0b:84:7e:0d:fc:6a:1c:87:
                    16:1b:c1:cf:36:79:88:85:50:e5:51:e8:db:c9:8e:
                    7d:fe:e2:8b:90:ba:55:a7:95:00:31:ed:1f:8f:fb:
                    2f:67:c4:38:50:d4:41:93:f4:db:44:38:d8:26:29:
                    88:ab:c1:4e:75:c2:76:19:2e:c8:0a:29:42:54:e9:
                    16:56:cd:27:9c:09:06:4e:a6:91:62:ac:59:24:53:
                    fb:e0:b2:48:2f:36:d5:d2:8d:a7:ce:ce:39:7f:20:
                    57:d2:ba:3b:fb:70:d3:f9:ce:f4:81:c5:fc:91:54:
                    28:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:04:0A:EF:82:80:E4:03:43:03:24:6E:71:BF:E2:BA:5A:D0:B3:90
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:49:a2:43:ef:67:1b:e0:3a:96:02:35:1e:74:5b:f4:af:60:
         67:26:be:f4:41:2a:6d:77:b2:01:1b:5a:66:ab:90:9e:04:12:
         bb:7f:4e:70:f1:f8:8d:f4:1f:c9:6a:ab:3f:88:42:09:a9:30:
         f3:6e:29:44:ac:bb:c1:68:7b:bb:ee:02:d8:53:c9:10:fe:d8:
         fa:b2:1d:7d:e4:50:03:c6:b0:77:41:dd:d9:14:36:8d:7e:a5:
         ee:40:50:e5:c1:d0:bb:ad:17:5f:bc:10:86:59:ea:b2:67:37:
         ab:54:99:7c:04:bc:30:36:06:ed:2b:cf:f1:93:c9:2e:46:6a:
         74:c6:78:7c:97:19:b1:fd:39:ef:55:63:f2:23:18:53:14:13:
         8c:29:4b:a5:d9:4a:60:57:13:c9:15:e3:b7:a5:6d:d0:e5:3c:
         87:55:31:56:3e:09:4b:df:c9:bf:6f:61:2e:8e:8f:cd:75:41:
         a9:bd:d5:ea:2d:04:3b:1c:fa:68:63:72:1f:21:4b:14:08:2f:
         0f:81:86:0b:8c:cc:38:c5:21:1d:3f:ce:96:89:0d:b9:6b:e6:
         9c:41:4a:17:64:fb:10:9e:be:91:40:22:71:5a:e1:d8:f2:d5:
         52:8f:cc:e0:2a:14:f1:fa:06:cf:50:2a:5b:d6:75:5c:2b:5b:
         2d:de:33:81
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIu/F6lcTuLyCga6OMDb8nGxaUM4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MjAxMzUyMjZaFw0yNzA2MTkxMzU3MjZaMDMxMTAvBgNV
BAMTKEI2MDQwQUVGODI4MEU0MDM0MzAzMjQ2RTcxQkZFMkJBNUFEMEIzOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3DCAvLKkjJO2yed0kKqZ/WLBD
UUOXGeoL3qH9fOcFGXY56P89L7h72TAN/qU17npYmIiRMH3mQOb87wLUyE3xB95H
gIbjzxYR0Cnw1vkryCGa+BDrwdneubnx3gGxANWtzsRWx3JPEy1DsEhi7H0ttJiA
3vDmGAzhb5uM+eDkenKCr9vQK3B3iq+T9CoLhH4N/GochxYbwc82eYiFUOVR6NvJ
jn3+4ouQulWnlQAx7R+P+y9nxDhQ1EGT9NtEONgmKYirwU51wnYZLsgKKUJU6RZW
zSecCQZOppFirFkkU/vgskgvNtXSjafOzjl/IFfSujv7cNP5zvSBxfyRVCgHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUtgQK74KA5ANDAyRucb/iulrQs5AwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzczNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
rjANBgkqhkiG9w0BAQsFAAOCAQEAd0miQ+9nG+A6lgI1HnRb9K9gZya+9EEqbXey
ARtaZquQngQSu39OcPH4jfQfyWqrP4hCCakw824pRKy7wWh7u+4C2FPJEP7Y+rId
feRQA8awd0Hd2RQ2jX6l7kBQ5cHQu60XX7wQhlnqsmc3q1SZfAS8MDYG7SvP8ZPJ
LkZqdMZ4fJcZsf0571Vj8iMYUxQTjClLpdlKYFcTyRXjt6Vt0OU8h1UxVj4JS9/J
v29hLo6PzXVBqb3V6i0EOxz6aGNyHyFLFAgvD4GGC4zMOMUhHT/OlokNuWvmnEFK
F2T7EJ6+kUAicVrh2PLVUo/M4CoU8foGz1AqW9Z1XCtbLd4zgQ==
-----END CERTIFICATE-----