Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3233322e302f32312d3234203d3e20383334.roa
File:                     3134372e3132352e3233322e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          PzCUgTkBwW8VHpbwE6woq9A2p7hCBp4BqcDYp7cL7lU=
Subject key identifier:   C7:0E:93:96:DB:D9:31:43:67:2F:3B:AF:33:B2:BC:43:30:87:CD:07
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       5841392E00A6AAFCFD55934FD08FE91ADBEEAD58
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3233322e302f32312d3234203d3e20383334.roa
Signing time:             Mon 01 Sep 2025 17:00:03 +0000
ROA not before:           Mon 01 Sep 2025 16:55:03 +0000
ROA not after:            Mon 31 Aug 2026 17:00:03 +0000
asID:                     834
IP address blocks:        147.125.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 15:34:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:41:39:2e:00:a6:aa:fc:fd:55:93:4f:d0:8f:e9:1a:db:ee:ad:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Sep  1 16:55:03 2025 GMT
            Not After : Aug 31 17:00:03 2026 GMT
        Subject: CN=C70E9396DBD93143672F3BAF33B2BC433087CD07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4c:bd:04:e4:f4:f2:a2:7c:e5:16:0e:9c:a9:
                    64:e8:ad:aa:b4:71:8b:47:d5:9c:b8:28:03:a8:ed:
                    ce:9b:c4:c5:8b:38:47:b0:fb:95:03:4d:31:62:e5:
                    44:26:67:4d:d9:41:f1:27:c1:54:50:5e:6e:a0:16:
                    47:bd:ce:7d:b8:d4:70:58:35:c3:b4:ce:b9:75:95:
                    dd:1d:a1:cf:c9:df:3d:a9:87:ef:f3:5b:5b:c3:3e:
                    e8:7b:fe:52:15:fb:da:4e:ef:61:6b:df:0f:2c:68:
                    ba:2c:95:83:69:de:b3:8f:7a:f2:61:5e:da:02:ef:
                    a0:f6:bf:84:ea:71:03:1e:54:ac:82:13:c4:24:85:
                    8e:40:d3:d6:a8:dd:40:2e:b8:80:1f:a5:4f:29:f1:
                    15:dc:9a:f8:da:05:a4:ac:91:df:3a:19:99:58:b1:
                    2e:17:54:35:7f:c0:59:b7:ad:e0:fc:a3:db:05:59:
                    3f:a8:2f:d6:ea:35:f9:a4:24:5a:41:3b:f1:1b:31:
                    a2:4d:19:69:59:ac:2c:6f:9a:e1:75:41:8d:6f:e6:
                    0e:5e:25:70:70:16:bb:de:e4:db:9c:a0:1f:12:ae:
                    56:4c:f8:cb:4a:1f:7a:21:2a:f4:a5:5f:22:46:7e:
                    65:7b:8b:4b:54:6e:dc:79:93:dc:93:74:6c:71:dd:
                    27:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:0E:93:96:DB:D9:31:43:67:2F:3B:AF:33:B2:BC:43:30:87:CD:07
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3233322e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         47:d2:93:df:c1:51:84:f1:85:2b:2f:a9:e2:ca:1a:60:ce:35:
         99:38:64:14:e0:4c:41:7d:fa:66:1d:2e:60:b6:a2:e4:31:5a:
         fb:67:30:e2:dc:10:74:20:2b:35:d1:71:66:81:30:4f:95:0a:
         f9:50:13:51:55:4b:25:2a:93:fd:a3:81:99:7d:e3:e6:0a:2f:
         5a:32:f5:b0:83:39:d6:c1:1c:20:e8:92:c3:0d:34:10:1a:d1:
         0d:92:eb:3a:e2:d2:0b:ac:e8:25:5f:02:45:6f:27:b9:d5:1a:
         a3:e2:f8:14:96:52:3b:de:72:3c:c3:be:5d:01:cc:69:b6:43:
         15:33:ea:8e:24:da:a2:64:f7:c0:cc:4e:8e:32:56:bf:8c:39:
         65:e9:c0:5c:6c:2c:38:1e:39:bc:1c:f9:12:30:83:e1:69:e2:
         69:99:ea:04:4f:fd:25:6c:bf:cc:1e:e8:28:c7:da:2c:95:31:
         7f:6b:51:30:b6:47:d1:3c:0d:3e:53:c9:6a:14:d5:0f:1c:94:
         37:3f:ce:d2:e9:c6:9a:61:b7:13:6f:d4:bc:47:c4:fc:76:da:
         68:01:0e:99:77:fd:e1:d0:03:18:12:89:e7:cf:13:8e:02:0f:
         89:a6:e8:4b:eb:27:e5:4f:49:03:61:f4:39:83:06:e9:57:17:
         44:94:55:49
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWEE5LgCmqvz9VZNP0I/pGtvurVgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNTA5MDExNjU1MDNaFw0yNjA4MzExNzAwMDNaMDMxMTAvBgNV
BAMTKEM3MEU5Mzk2REJEOTMxNDM2NzJGM0JBRjMzQjJCQzQzMzA4N0NEMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNTL0E5PTyonzlFg6cqWToraq0
cYtH1Zy4KAOo7c6bxMWLOEew+5UDTTFi5UQmZ03ZQfEnwVRQXm6gFke9zn241HBY
NcO0zrl1ld0doc/J3z2ph+/zW1vDPuh7/lIV+9pO72Fr3w8saLoslYNp3rOPevJh
XtoC76D2v4TqcQMeVKyCE8QkhY5A09ao3UAuuIAfpU8p8RXcmvjaBaSskd86GZlY
sS4XVDV/wFm3reD8o9sFWT+oL9bqNfmkJFpBO/EbMaJNGWlZrCxvmuF1QY1v5g5e
JXBwFrve5NucoB8SrlZM+MtKH3ohKvSlXyJGfmV7i0tUbtx5k9yTdGxx3Se1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxw6TltvZMUNnLzuvM7K8QzCHzQcwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzMzMjJlMzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA5N9
6DANBgkqhkiG9w0BAQsFAAOCAQEAR9KT38FRhPGFKy+p4soaYM41mThkFOBMQX36
Zh0uYLai5DFa+2cw4twQdCArNdFxZoEwT5UK+VATUVVLJSqT/aOBmX3j5govWjL1
sIM51sEcIOiSww00EBrRDZLrOuLSC6zoJV8CRW8nudUao+L4FJZSO95yPMO+XQHM
abZDFTPqjiTaomT3wMxOjjJWv4w5ZenAXGwsOB45vBz5EjCD4WniaZnqBE/9JWy/
zB7oKMfaLJUxf2tRMLZH0TwNPlPJahTVDxyUNz/O0unGmmG3E2/UvEfE/HbaaAEO
mXf94dADGBKJ588TjgIPiaboS+sn5U9JA2H0OYMG6VcXRJRVSQ==
-----END CERTIFICATE-----