Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137362e302f32322d3234203d3e20383334.roa
File:                     3134372e3132352e3137362e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          z13Skh4+G8Sb/VOoMFxLPQXddq89jf3nZ/W61goOtm4=
Subject key identifier:   D5:F4:AB:63:D5:1C:7A:C8:3B:72:CC:0C:5A:8D:87:8D:7D:66:E9:EE
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       228F42B0F8496B0608BF103F753826CAF5B5F377
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137362e302f32322d3234203d3e20383334.roa
Signing time:             Sun 28 Jun 2026 06:04:08 +0000
ROA not before:           Sun 28 Jun 2026 05:59:08 +0000
ROA not after:            Sun 27 Jun 2027 06:04:08 +0000
asID:                     834
IP address blocks:        147.125.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 22:40:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:8f:42:b0:f8:49:6b:06:08:bf:10:3f:75:38:26:ca:f5:b5:f3:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun 28 05:59:08 2026 GMT
            Not After : Jun 27 06:04:08 2027 GMT
        Subject: CN=D5F4AB63D51C7AC83B72CC0C5A8D878D7D66E9EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2c:46:e0:cb:db:e1:41:b8:42:f6:37:5b:41:
                    f0:af:e7:fe:ad:cd:28:8c:e3:8b:8a:78:20:64:0f:
                    05:d6:4e:3a:05:eb:6e:5a:ac:43:34:5d:cb:28:a4:
                    34:f0:5c:81:d7:80:98:a2:6e:e0:02:98:7f:e9:d4:
                    33:3f:36:c7:19:be:bb:57:e7:39:63:75:a4:e4:16:
                    4e:09:16:be:e2:4e:3e:51:f1:96:db:86:36:6a:27:
                    0f:99:72:da:7f:16:1b:7b:85:75:27:0d:96:b8:59:
                    fa:7b:c0:0b:b1:35:7c:58:f3:0d:16:8e:cb:cc:60:
                    e9:1d:40:ea:19:d0:9f:0d:ec:85:8f:46:87:6d:ed:
                    6a:5a:60:0b:f1:1c:8e:22:83:5c:1a:1e:1d:e4:12:
                    f0:98:46:a5:ea:9e:72:cf:6d:e8:4f:c5:20:21:26:
                    d0:a1:4f:f3:32:8f:4b:8e:d9:29:c6:72:e1:01:6e:
                    e6:7b:1d:b8:f4:84:c3:49:ce:0c:c0:16:ce:fa:7f:
                    68:fc:dd:26:2a:5a:6f:fa:ca:3d:32:dd:85:5f:06:
                    23:97:89:ad:86:f4:56:8c:30:45:b3:ef:02:6d:f0:
                    d2:b1:f5:51:3c:25:1d:2b:24:fb:1a:4a:18:da:ed:
                    28:10:01:3a:ec:1e:c9:d7:e5:06:38:07:c9:c5:74:
                    fa:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F4:AB:63:D5:1C:7A:C8:3B:72:CC:0C:5A:8D:87:8D:7D:66:E9:EE
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3137362e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:68:62:a6:8a:61:6e:0d:b6:7c:77:8f:2c:e9:a4:cb:e8:68:
         8c:8e:33:15:1d:f4:4d:16:64:e9:c1:c3:30:73:d9:e0:29:da:
         3a:93:ec:f4:7c:d5:b4:d3:b6:d9:68:ce:eb:ef:0c:db:60:4e:
         4d:bc:ff:4b:27:18:da:d7:51:1d:e9:9f:31:77:e8:b6:98:fb:
         92:86:19:4e:f1:db:5d:20:0d:2a:e3:e9:d2:5a:bd:af:72:b6:
         d9:0a:ba:47:dc:a5:fc:03:ff:0b:b2:d0:56:9c:92:bc:50:38:
         80:1f:0a:ef:35:55:3d:ad:b8:fd:cc:03:4a:bc:3f:eb:b3:2d:
         98:8f:13:85:a7:cb:c8:5d:3a:12:47:d1:dd:c1:01:97:e4:07:
         93:a7:bb:fd:14:7c:d4:92:0f:21:6f:aa:d1:a0:90:20:b0:82:
         ad:b8:20:35:85:8e:a6:a6:a6:0e:ca:dd:d7:db:4a:6c:6d:b1:
         f6:f8:a5:e2:48:0c:d6:24:98:7f:34:d2:99:80:88:dd:ae:2e:
         de:42:21:1d:8d:3c:2c:a0:a2:67:33:8d:5a:5f:01:15:a6:16:
         82:0b:82:be:d0:ca:a7:64:90:17:47:b5:61:78:ba:12:4f:01:
         1f:7d:55:99:75:80:9c:7b:73:71:8b:f7:f9:6f:c4:f6:29:44:
         76:01:27:c6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIo9CsPhJawYIvxA/dTgmyvW183cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MjgwNTU5MDhaFw0yNzA2MjcwNjA0MDhaMDMxMTAvBgNV
BAMTKEQ1RjRBQjYzRDUxQzdBQzgzQjcyQ0MwQzVBOEQ4NzhEN0Q2NkU5RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3LEbgy9vhQbhC9jdbQfCv5/6t
zSiM44uKeCBkDwXWTjoF625arEM0XcsopDTwXIHXgJiibuACmH/p1DM/NscZvrtX
5zljdaTkFk4JFr7iTj5R8ZbbhjZqJw+Zctp/Fht7hXUnDZa4Wfp7wAuxNXxY8w0W
jsvMYOkdQOoZ0J8N7IWPRodt7WpaYAvxHI4ig1waHh3kEvCYRqXqnnLPbehPxSAh
JtChT/Myj0uO2SnGcuEBbuZ7Hbj0hMNJzgzAFs76f2j83SYqWm/6yj0y3YVfBiOX
ia2G9FaMMEWz7wJt8NKx9VE8JR0rJPsaShja7SgQATrsHsnX5QY4B8nFdPqtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU1fSrY9Ucesg7cswMWo2HjX1m6e4wHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzczNjJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApN9
sDANBgkqhkiG9w0BAQsFAAOCAQEAWmhipophbg22fHePLOmky+hojI4zFR30TRZk
6cHDMHPZ4CnaOpPs9HzVtNO22WjO6+8M22BOTbz/SycY2tdRHemfMXfotpj7koYZ
TvHbXSANKuPp0lq9r3K22Qq6R9yl/AP/C7LQVpySvFA4gB8K7zVVPa24/cwDSrw/
67MtmI8ThafLyF06EkfR3cEBl+QHk6e7/RR81JIPIW+q0aCQILCCrbggNYWOpqam
Dsrd19tKbG2x9vil4kgM1iSYfzTSmYCI3a4u3kIhHY08LKCiZzONWl8BFaYWgguC
vtDKp2SQF0e1YXi6Ek8BH31VmXWAnHtzcYv3+W/E9ilEdgEnxg==
-----END CERTIFICATE-----