Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3138382e302f32322d3234203d3e20383334.roa
File:                     3134372e3132352e3138382e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          2UhCGpEYJCEOH9oj8vbIvK+BZLeVCUHwqYUMRDkHw0Q=
Subject key identifier:   3C:99:1B:E8:B5:3F:1B:61:B6:2F:77:D7:AA:91:EE:73:33:37:13:61
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       3CC473C96BBD38D6F5F4E935D8CF8933786F6C89
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3138382e302f32322d3234203d3e20383334.roa
Signing time:             Sun 28 Jun 2026 05:03:16 +0000
ROA not before:           Sun 28 Jun 2026 04:58:16 +0000
ROA not after:            Sun 27 Jun 2027 05:03:16 +0000
asID:                     834
IP address blocks:        147.125.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 22:40:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:c4:73:c9:6b:bd:38:d6:f5:f4:e9:35:d8:cf:89:33:78:6f:6c:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Jun 28 04:58:16 2026 GMT
            Not After : Jun 27 05:03:16 2027 GMT
        Subject: CN=3C991BE8B53F1B61B62F77D7AA91EE7333371361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:b1:61:09:37:c4:a1:74:23:13:69:fb:4a:6f:
                    d1:34:b9:86:be:59:a0:43:f8:79:a1:73:4d:c6:65:
                    e3:82:58:ea:52:f5:ba:3b:d6:23:dd:17:cc:0a:12:
                    eb:4c:55:ac:ae:79:5f:ac:18:95:43:ca:44:8c:01:
                    d7:77:88:44:6c:79:03:e0:98:fb:d0:32:de:ad:03:
                    99:37:5f:5a:f9:ca:b6:ec:d0:e3:6c:63:87:24:62:
                    20:af:f9:3c:77:2f:39:bd:fb:14:0d:65:d2:38:a0:
                    03:31:73:01:92:a7:bd:e3:2f:86:d8:5f:75:87:5b:
                    ca:8c:f4:03:6d:a3:ed:4f:a7:68:96:67:1a:4f:14:
                    33:d4:3b:1a:a5:3a:41:14:fe:cb:b2:86:63:25:0b:
                    2e:20:1d:cb:e9:b4:9f:69:5b:18:46:63:81:c7:0e:
                    8f:43:27:b5:ac:66:fa:7d:6d:10:35:2a:9d:0f:09:
                    54:b7:31:78:36:94:a5:25:fa:9f:12:bd:32:0a:d6:
                    39:12:bc:59:82:7f:e7:e0:ff:a6:db:39:5c:fc:a8:
                    66:63:10:bc:27:1f:b0:89:2e:4f:c7:db:35:cf:6f:
                    ec:19:78:ba:97:13:df:92:c0:05:d1:6e:85:c7:2d:
                    26:3f:6f:e8:94:fc:2c:f9:4e:1d:bf:28:e1:e3:17:
                    7e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:99:1B:E8:B5:3F:1B:61:B6:2F:77:D7:AA:91:EE:73:33:37:13:61
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3138382e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:11:57:e6:89:76:62:82:53:49:6d:22:a0:65:41:db:e2:46:
         f0:4a:04:91:bb:ca:90:f8:90:cb:31:8d:36:8f:ab:bf:f2:4c:
         4f:b0:3c:b8:55:0a:9f:63:10:85:e7:63:fe:59:bc:a5:fe:6c:
         07:50:9f:95:cb:a9:c3:ef:c5:2e:67:dd:f9:8b:b1:65:ce:11:
         21:7b:e4:1e:39:0e:4f:be:21:80:5e:59:b8:ca:c6:c2:54:05:
         59:e4:26:df:40:67:e4:5c:a6:bf:7d:c5:a9:39:15:16:2d:a1:
         57:00:3e:ec:ec:14:57:6a:6f:5f:0c:46:29:fd:e5:9e:f5:31:
         56:3c:f2:fe:2a:ce:33:45:64:15:47:2d:a6:63:f0:6c:76:37:
         0b:83:6a:87:02:cf:3f:2f:28:bf:be:f4:8b:1e:2d:3e:45:f8:
         eb:c8:e1:9f:f4:23:bc:13:ac:e9:94:dc:f5:09:99:e1:54:c9:
         99:09:2a:dd:b2:a4:14:3e:d8:c4:a1:3a:ef:2d:dd:cd:cc:97:
         21:ff:85:5b:02:bf:e1:1c:94:30:05:a9:73:c1:80:56:de:b8:
         c2:f7:03:a5:78:5d:0f:9b:63:cc:be:d0:e6:30:7f:f2:f8:6c:
         0c:95:f4:81:ba:cd:a1:ba:f9:df:e0:31:79:c5:84:1d:1d:07:
         5f:12:df:56
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPMRzyWu9ONb19Ok12M+JM3hvbIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA2MjgwNDU4MTZaFw0yNzA2MjcwNTAzMTZaMDMxMTAvBgNV
BAMTKDNDOTkxQkU4QjUzRjFCNjFCNjJGNzdEN0FBOTFFRTczMzMzNzEzNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDssWEJN8ShdCMTaftKb9E0uYa+
WaBD+Hmhc03GZeOCWOpS9bo71iPdF8wKEutMVayueV+sGJVDykSMAdd3iERseQPg
mPvQMt6tA5k3X1r5yrbs0ONsY4ckYiCv+Tx3Lzm9+xQNZdI4oAMxcwGSp73jL4bY
X3WHW8qM9ANto+1Pp2iWZxpPFDPUOxqlOkEU/suyhmMlCy4gHcvptJ9pWxhGY4HH
Do9DJ7WsZvp9bRA1Kp0PCVS3MXg2lKUl+p8SvTIK1jkSvFmCf+fg/6bbOVz8qGZj
ELwnH7CJLk/H2zXPb+wZeLqXE9+SwAXRboXHLSY/b+iU/Cz5Th2/KOHjF35hAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPJkb6LU/G2G2L3fXqpHuczM3E2EwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzgzODJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApN9
vDANBgkqhkiG9w0BAQsFAAOCAQEAMhFX5ol2YoJTSW0ioGVB2+JG8EoEkbvKkPiQ
yzGNNo+rv/JMT7A8uFUKn2MQhedj/lm8pf5sB1Cflcupw+/FLmfd+YuxZc4RIXvk
HjkOT74hgF5ZuMrGwlQFWeQm30Bn5Fymv33FqTkVFi2hVwA+7OwUV2pvXwxGKf3l
nvUxVjzy/irOM0VkFUctpmPwbHY3C4NqhwLPPy8ov770ix4tPkX468jhn/QjvBOs
6ZTc9QmZ4VTJmQkq3bKkFD7YxKE67y3dzcyXIf+FWwK/4RyUMAWpc8GAVt64wvcD
pXhdD5tjzL7Q5jB/8vhsDJX0gbrNobr53+AxecWEHR0HXxLfVg==
-----END CERTIFICATE-----