Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139322e302f32322d3234203d3e20383334.roa
File:                     3134372e3132352e3139322e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          BE2oA+5SEQhYMWKXIF3eFuJ5Wt8kuPrcPKkcr6+NzTo=
Subject key identifier:   39:50:18:C4:96:9E:59:3D:B1:E4:4C:F8:49:43:0C:2A:0C:D0:32:53
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       1BF29301EEF231B75CA7DFAA99F7B9BCBA7B57CC
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139322e302f32322d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:09:12 +0000
ROA not before:           Tue 21 Apr 2026 09:04:12 +0000
ROA not after:            Tue 20 Apr 2027 09:09:12 +0000
asID:                     834
IP address blocks:        147.125.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:f2:93:01:ee:f2:31:b7:5c:a7:df:aa:99:f7:b9:bc:ba:7b:57:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:04:12 2026 GMT
            Not After : Apr 20 09:09:12 2027 GMT
        Subject: CN=395018C4969E593DB1E44CF849430C2A0CD03253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2e:5a:fe:19:c9:b3:62:09:b3:b9:01:3b:e9:
                    a3:a9:f8:f4:51:bf:b3:6a:a2:2d:37:49:cc:23:63:
                    3f:76:45:ee:40:7e:68:49:f2:7c:93:91:43:a2:7e:
                    92:b6:56:a3:12:cc:7e:68:5e:e3:bc:2c:cf:28:ab:
                    6a:fe:ac:3c:f2:0b:ec:b3:c0:bd:30:38:3c:cf:ba:
                    10:49:6a:ca:27:dc:cc:12:c7:9a:c5:a3:17:7a:0b:
                    48:72:3f:69:a6:68:d7:6c:68:bf:7d:1d:84:d6:6c:
                    06:eb:f0:84:1e:f7:7b:61:00:76:7d:41:05:b1:af:
                    5b:2e:02:d6:d7:b5:f8:0e:0c:cd:00:ba:56:87:9a:
                    8d:de:57:65:0f:90:c7:8d:21:6b:61:36:c2:20:e5:
                    e2:67:08:e8:e7:3e:62:93:eb:1d:6b:0a:11:25:3d:
                    f1:ce:82:d3:88:6b:31:a6:80:5a:e2:f7:39:7b:97:
                    93:d0:8b:7d:15:33:15:d7:cb:2d:7c:07:34:1c:58:
                    ef:68:0c:1d:0a:3d:6a:9c:e0:51:3d:a2:bf:f5:29:
                    9d:20:08:51:25:d8:ef:10:3e:5c:21:85:e3:39:7c:
                    21:5b:02:4e:60:68:3f:7f:38:eb:2f:b9:e4:86:c8:
                    fb:aa:d0:2a:78:45:8e:6d:a8:9b:23:8c:b0:fe:cb:
                    32:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:50:18:C4:96:9E:59:3D:B1:E4:4C:F8:49:43:0C:2A:0C:D0:32:53
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139322e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:e5:7c:7e:c2:93:e6:4d:d4:cb:48:19:2b:bf:c3:dc:00:56:
         b5:d5:60:39:c5:67:c7:39:05:1b:ab:4b:48:08:f3:1a:b4:28:
         d8:38:af:c3:4c:db:d9:9e:e2:ac:41:a5:ef:e4:53:1c:a0:22:
         47:79:fc:bf:5f:84:f2:10:97:e8:71:bf:5d:3c:be:47:40:27:
         d6:f7:2e:43:19:34:9c:ea:d5:74:84:10:16:75:6d:2d:61:4a:
         1d:81:ee:db:4a:ad:5c:ee:a5:8d:8e:81:b8:6f:c2:0d:f6:a3:
         fa:1e:4f:7a:52:aa:f3:28:25:34:87:dd:0e:ca:99:6c:ff:a0:
         b2:ff:fa:38:c1:27:08:08:98:b2:d1:c3:ad:c5:76:b6:ce:15:
         08:a3:3f:30:62:0b:5f:71:bf:1f:82:25:4d:9a:e6:23:b3:dd:
         e6:a8:89:da:d6:cc:77:33:9a:b6:9e:44:dc:3b:4d:92:e5:6b:
         57:09:6f:03:8a:c7:d3:13:7d:0f:ef:41:be:16:5e:94:f1:4a:
         57:76:a5:47:d5:3b:38:86:ab:4e:86:e1:49:49:0e:2e:11:7f:
         4c:e4:de:e4:72:80:61:47:d1:27:64:24:73:86:60:26:50:e5:
         2a:cd:dc:a4:95:26:e8:2b:38:2f:a3:9e:8f:12:03:ad:ed:37:
         9c:dd:08:b5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUG/KTAe7yMbdcp9+qmfe5vLp7V8wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MTJaFw0yNzA0MjAwOTA5MTJaMDMxMTAvBgNV
BAMTKDM5NTAxOEM0OTY5RTU5M0RCMUU0NENGODQ5NDMwQzJBMENEMDMyNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkLlr+GcmzYgmzuQE76aOp+PRR
v7Nqoi03ScwjYz92Re5AfmhJ8nyTkUOifpK2VqMSzH5oXuO8LM8oq2r+rDzyC+yz
wL0wODzPuhBJason3MwSx5rFoxd6C0hyP2mmaNdsaL99HYTWbAbr8IQe93thAHZ9
QQWxr1suAtbXtfgODM0AulaHmo3eV2UPkMeNIWthNsIg5eJnCOjnPmKT6x1rChEl
PfHOgtOIazGmgFri9zl7l5PQi30VMxXXyy18BzQcWO9oDB0KPWqc4FE9or/1KZ0g
CFEl2O8QPlwhheM5fCFbAk5gaD9/OOsvueSGyPuq0Cp4RY5tqJsjjLD+yzJlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUOVAYxJaeWT2x5Ez4SUMMKgzQMlMwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzkzMjJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApN9
wDANBgkqhkiG9w0BAQsFAAOCAQEAY+V8fsKT5k3Uy0gZK7/D3ABWtdVgOcVnxzkF
G6tLSAjzGrQo2Divw0zb2Z7irEGl7+RTHKAiR3n8v1+E8hCX6HG/XTy+R0An1vcu
Qxk0nOrVdIQQFnVtLWFKHYHu20qtXO6ljY6BuG/CDfaj+h5PelKq8yglNIfdDsqZ
bP+gsv/6OMEnCAiYstHDrcV2ts4VCKM/MGILX3G/H4IlTZrmI7Pd5qiJ2tbMdzOa
tp5E3DtNkuVrVwlvA4rH0xN9D+9BvhZelPFKV3alR9U7OIarTobhSUkOLhF/TOTe
5HKAYUfRJ2Qkc4ZgJlDlKs3cpJUm6Cs4L6OejxIDre03nN0ItQ==
-----END CERTIFICATE-----