Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234332e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3234332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          tl46qhrfanlfykbuxjsI9JTMJV2CiR7WDCl8K8lRY14=
Subject key identifier:   2E:4C:F7:B0:90:BF:DE:37:CC:A2:57:93:F2:E3:E7:AF:D5:B6:DA:CA
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       31FFFD656BF8DAB2DC12330C9B4A747CAE2A5B18
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234332e302f32342d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:09:10 +0000
ROA not before:           Tue 21 Apr 2026 09:04:10 +0000
ROA not after:            Tue 20 Apr 2027 09:09:10 +0000
asID:                     834
IP address blocks:        147.125.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ff:fd:65:6b:f8:da:b2:dc:12:33:0c:9b:4a:74:7c:ae:2a:5b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:04:10 2026 GMT
            Not After : Apr 20 09:09:10 2027 GMT
        Subject: CN=2E4CF7B090BFDE37CCA25793F2E3E7AFD5B6DACA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d6:f3:8c:7e:10:2f:b0:cf:63:b2:30:01:d3:
                    82:f4:74:fe:53:f4:43:f0:d8:4a:4b:d3:2b:93:70:
                    ff:85:72:04:8b:d6:a1:d5:a9:79:e6:3b:7f:4b:6b:
                    34:f9:1f:a2:e4:e8:7f:c6:9f:b0:41:e0:fb:4d:7e:
                    ec:fd:8e:ea:44:03:ce:de:bf:d4:8a:fa:13:e0:69:
                    74:ae:43:2f:eb:10:ca:ba:84:9d:5d:8d:10:56:b5:
                    f0:7b:46:a7:28:f7:02:85:c8:07:46:0d:0c:fc:9d:
                    a3:aa:d8:1f:6a:4d:13:5b:cb:12:b2:e2:9a:fe:35:
                    9d:a6:79:5f:eb:00:16:b3:3b:89:90:d8:34:4d:0d:
                    86:89:99:df:9a:7c:25:63:ae:40:c8:d1:ac:40:cb:
                    70:c8:93:0c:bd:63:ce:0f:75:03:14:9b:6d:81:a4:
                    a8:0e:a1:07:12:fa:c5:61:70:59:65:61:d8:b7:28:
                    a7:4b:ca:1a:ba:b0:99:e5:56:7c:b2:87:1e:86:9e:
                    a5:46:ba:b5:57:f7:41:fa:e5:77:06:09:9b:41:1b:
                    6e:e6:79:03:28:a2:77:eb:84:b2:31:3a:42:db:50:
                    c1:b5:23:59:c2:48:64:cc:34:4f:21:5a:31:8c:2c:
                    cf:9d:e8:18:0e:93:57:69:0d:14:ca:eb:56:bb:07:
                    e2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:4C:F7:B0:90:BF:DE:37:CC:A2:57:93:F2:E3:E7:AF:D5:B6:DA:CA
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:5b:01:05:10:94:f3:d0:f7:f1:bd:d1:2f:e8:93:a3:37:8d:
         70:1f:10:d8:0a:d0:c2:7d:e2:50:73:a9:fe:56:d5:52:0d:7c:
         8c:0c:31:c3:4a:8e:80:5e:0d:62:35:69:d0:16:4f:e2:6b:85:
         59:49:a8:12:06:b5:6b:37:20:4e:ef:61:a9:42:91:63:01:85:
         ea:cb:32:60:e5:6a:6a:63:f5:14:0a:9a:df:20:36:0b:55:ff:
         d8:3c:4d:8a:be:02:49:a6:77:5f:df:c9:da:f4:09:5f:95:af:
         6c:9e:b2:7d:db:8b:ee:10:11:45:b9:ab:43:a7:74:2b:5f:e4:
         72:44:1f:11:2f:00:99:19:bc:da:2a:c6:02:38:95:d9:c9:92:
         40:93:4d:99:0e:07:ca:3c:0e:ee:d1:f3:e0:f2:80:4c:34:f4:
         21:89:69:81:d2:86:7f:6a:bc:2e:97:c6:35:cb:16:81:e2:35:
         90:ea:30:b0:1e:0d:87:6e:9d:2f:23:c1:f1:40:62:11:51:23:
         a4:c7:89:b6:a2:cb:9a:0e:f1:c2:1e:50:f1:30:24:24:0a:4d:
         1d:aa:d1:90:2b:28:f9:4b:f2:bc:c9:00:eb:9f:2f:ff:17:aa:
         25:da:88:d0:37:f8:d7:9d:bb:aa:1e:4a:01:fc:4d:fe:d6:f6:
         89:46:67:aa
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMf/9ZWv42rLcEjMMm0p0fK4qWxgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MTBaFw0yNzA0MjAwOTA5MTBaMDMxMTAvBgNV
BAMTKDJFNENGN0IwOTBCRkRFMzdDQ0EyNTc5M0YyRTNFN0FGRDVCNkRBQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC1vOMfhAvsM9jsjAB04L0dP5T
9EPw2EpL0yuTcP+FcgSL1qHVqXnmO39LazT5H6Lk6H/Gn7BB4PtNfuz9jupEA87e
v9SK+hPgaXSuQy/rEMq6hJ1djRBWtfB7Rqco9wKFyAdGDQz8naOq2B9qTRNbyxKy
4pr+NZ2meV/rABazO4mQ2DRNDYaJmd+afCVjrkDI0axAy3DIkwy9Y84PdQMUm22B
pKgOoQcS+sVhcFllYdi3KKdLyhq6sJnlVnyyhx6GnqVGurVX90H65XcGCZtBG27m
eQMoonfrhLIxOkLbUMG1I1nCSGTMNE8hWjGMLM+d6BgOk1dpDRTK61a7B+LJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULkz3sJC/3jfMoleT8uPnr9W22sowHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzQzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
8zANBgkqhkiG9w0BAQsFAAOCAQEAeFsBBRCU89D38b3RL+iTozeNcB8Q2ArQwn3i
UHOp/lbVUg18jAwxw0qOgF4NYjVp0BZP4muFWUmoEga1azcgTu9hqUKRYwGF6ssy
YOVqamP1FAqa3yA2C1X/2DxNir4CSaZ3X9/J2vQJX5WvbJ6yfduL7hARRbmrQ6d0
K1/kckQfES8AmRm82irGAjiV2cmSQJNNmQ4HyjwO7tHz4PKATDT0IYlpgdKGf2q8
LpfGNcsWgeI1kOowsB4Nh26dLyPB8UBiEVEjpMeJtqLLmg7xwh5Q8TAkJApNHarR
kCso+UvyvMkA658v/xeqJdqI0Df41527qh5KAfxN/tb2iUZnqg==
-----END CERTIFICATE-----