Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234342e302f32322d3234203d3e20383334.roa
File:                     3134372e3132352e3234342e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          374YZaIWqalE1WHxzZkjuPKb+It8LhV1mbseb+MPbwk=
Subject key identifier:   7C:20:A3:C4:05:D9:A5:D0:FF:89:A1:96:64:18:26:EB:83:5C:8D:B6
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       34FA4B2515204E25D9FD93003E1B8BAE33BC9F7E
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234342e302f32322d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:12:26 +0000
ROA not before:           Tue 21 Apr 2026 09:07:26 +0000
ROA not after:            Tue 20 Apr 2027 09:12:26 +0000
asID:                     834
IP address blocks:        147.125.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:fa:4b:25:15:20:4e:25:d9:fd:93:00:3e:1b:8b:ae:33:bc:9f:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:07:26 2026 GMT
            Not After : Apr 20 09:12:26 2027 GMT
        Subject: CN=7C20A3C405D9A5D0FF89A196641826EB835C8DB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:df:90:d9:d6:b1:07:a7:8b:91:3b:c2:34:6b:
                    26:8e:7a:49:a9:58:3f:2b:b2:1e:8a:0e:de:0a:87:
                    77:0a:ea:73:2d:cf:b5:a2:4a:a8:0a:80:1a:30:08:
                    66:31:d4:17:ef:0a:ba:b6:09:cc:ec:ee:4a:d8:e7:
                    21:7b:d0:b4:1c:18:03:32:2a:38:21:be:36:05:13:
                    e5:df:25:0e:f5:5b:89:86:b0:3a:f5:2c:eb:2b:4e:
                    34:61:b1:c2:7d:9d:d8:2a:97:7d:7f:16:93:f8:1f:
                    6c:8a:72:e7:3a:d1:76:31:b0:4a:e2:d7:0d:25:42:
                    12:02:8a:02:5a:e1:30:d8:8e:53:66:c3:05:9e:32:
                    e0:b5:52:7d:57:49:91:57:d6:da:ab:af:e8:5e:8b:
                    81:4f:ac:c5:dc:e3:1d:4a:fa:13:ca:9f:6c:f2:83:
                    73:cc:53:b8:eb:a6:70:a6:b5:e6:79:7a:99:b5:18:
                    f6:37:35:a7:50:93:19:bf:cc:03:19:fe:4e:0c:90:
                    ae:4f:a7:29:4c:ab:5a:0a:78:08:05:e6:bd:6b:8d:
                    89:c4:38:a1:c0:23:10:53:2d:25:74:8c:2d:ff:5d:
                    71:02:b8:5e:b7:1f:ad:07:ba:8f:61:f2:e7:cb:94:
                    2c:f0:bb:2f:1a:e4:6a:48:ab:6f:44:3a:e5:cd:58:
                    ed:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:20:A3:C4:05:D9:A5:D0:FF:89:A1:96:64:18:26:EB:83:5C:8D:B6
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234342e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:2a:ec:ee:fd:d4:64:52:56:1f:f5:ef:8b:5c:27:b1:07:43:
         02:90:3f:14:e5:b2:f8:1b:c7:a7:e1:a6:38:ad:b0:9a:39:e8:
         1d:0a:59:d2:00:5c:23:bd:f8:e6:ae:5d:2c:2d:11:7f:fb:f5:
         8c:18:60:92:d9:62:4c:75:1b:d5:c6:2c:42:76:6f:79:d0:da:
         f5:5b:e5:40:83:b3:f5:94:73:24:62:7d:b0:02:82:83:77:33:
         7f:0f:eb:63:53:4f:7f:e1:6b:c7:05:e4:41:f8:5a:54:1e:56:
         34:5c:57:2c:9f:d4:3c:8a:47:c2:02:5f:d0:3a:db:c2:2c:8e:
         c2:63:5e:7a:f5:40:53:fd:4c:ee:7d:e1:2d:57:73:c2:64:f1:
         04:e5:a8:0a:51:cd:e3:15:af:5c:cf:74:98:cc:1a:1b:a3:b4:
         bd:ce:a9:ca:84:c6:3b:b6:89:4f:09:d6:51:88:28:3f:af:05:
         59:31:1b:a6:7a:be:70:e9:93:1a:63:0c:a4:5f:8b:b0:84:13:
         bf:f7:78:da:a4:00:54:44:6e:73:59:ea:5c:94:ff:81:bb:27:
         29:36:86:8e:59:1f:f8:45:b1:a7:88:28:c3:83:ab:29:e1:ac:
         51:63:0e:dd:42:aa:da:46:ac:d9:37:a7:80:ca:c3:05:eb:dc:
         96:81:60:da
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNPpLJRUgTiXZ/ZMAPhuLrjO8n34wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA3MjZaFw0yNzA0MjAwOTEyMjZaMDMxMTAvBgNV
BAMTKDdDMjBBM0M0MDVEOUE1RDBGRjg5QTE5NjY0MTgyNkVCODM1QzhEQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC35DZ1rEHp4uRO8I0ayaOekmp
WD8rsh6KDt4Kh3cK6nMtz7WiSqgKgBowCGYx1BfvCrq2Cczs7krY5yF70LQcGAMy
KjghvjYFE+XfJQ71W4mGsDr1LOsrTjRhscJ9ndgql31/FpP4H2yKcuc60XYxsEri
1w0lQhICigJa4TDYjlNmwwWeMuC1Un1XSZFX1tqrr+hei4FPrMXc4x1K+hPKn2zy
g3PMU7jrpnCmteZ5epm1GPY3NadQkxm/zAMZ/k4MkK5PpylMq1oKeAgF5r1rjYnE
OKHAIxBTLSV0jC3/XXECuF63H60Huo9h8ufLlCzwuy8a5GpIq29EOuXNWO3vAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfCCjxAXZpdD/iaGWZBgm64NcjbYwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzQzNDJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApN9
9DANBgkqhkiG9w0BAQsFAAOCAQEAjCrs7v3UZFJWH/Xvi1wnsQdDApA/FOWy+BvH
p+GmOK2wmjnoHQpZ0gBcI7345q5dLC0Rf/v1jBhgktliTHUb1cYsQnZvedDa9Vvl
QIOz9ZRzJGJ9sAKCg3czfw/rY1NPf+FrxwXkQfhaVB5WNFxXLJ/UPIpHwgJf0Drb
wiyOwmNeevVAU/1M7n3hLVdzwmTxBOWoClHN4xWvXM90mMwaG6O0vc6pyoTGO7aJ
TwnWUYgoP68FWTEbpnq+cOmTGmMMpF+LsIQTv/d42qQAVERuc1nqXJT/gbsnKTaG
jlkf+EWxp4gow4OrKeGsUWMO3UKq2kas2TengMrDBevcloFg2g==
-----END CERTIFICATE-----