Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3135372e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3135372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          3uIvl+2a6BVAv8U/Ouy3RCR1g41zfhzfz8db2gAWCdo=
Subject key identifier:   BB:D0:95:B2:E3:58:8D:69:68:CF:40:6B:AD:BD:CB:B5:23:23:1C:6C
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       76AC467E32D7A5559251AD7F48E68735A902BB83
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3135372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:09:11 +0000
ROA not before:           Tue 21 Apr 2026 09:04:11 +0000
ROA not after:            Tue 20 Apr 2027 09:09:11 +0000
asID:                     834
IP address blocks:        147.125.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:ac:46:7e:32:d7:a5:55:92:51:ad:7f:48:e6:87:35:a9:02:bb:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:04:11 2026 GMT
            Not After : Apr 20 09:09:11 2027 GMT
        Subject: CN=BBD095B2E3588D6968CF406BADBDCBB523231C6C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fb:7c:c7:c3:0f:6d:56:6a:93:a9:66:c4:fd:
                    fa:cf:56:28:57:20:fd:3a:4d:d4:37:9c:be:f1:95:
                    a1:e0:ed:0a:27:c5:04:e9:3e:18:e9:5f:a4:bf:b0:
                    4e:cb:45:da:cc:2c:30:53:38:8f:7a:c1:bf:5e:93:
                    67:31:2a:94:2f:09:19:b8:10:08:ed:43:f9:eb:14:
                    57:c1:8a:79:a1:e0:de:ec:12:07:ff:a0:fa:bc:d9:
                    00:a4:cb:14:85:e6:8d:72:75:a9:bb:99:a9:9a:c8:
                    74:af:89:ec:07:66:92:33:75:94:e2:6d:26:b9:1f:
                    5a:cf:a4:bc:e8:56:61:2b:57:7d:0f:bf:81:7b:39:
                    e8:52:01:a9:7b:a4:20:47:e3:85:93:e4:73:cf:f1:
                    14:c6:01:ff:eb:42:aa:59:5e:a0:1b:01:c3:ed:20:
                    1c:26:98:d4:c7:cd:cd:e2:6d:d0:07:21:ba:a5:77:
                    e7:ba:bd:9a:6e:1a:e8:6d:1d:06:c4:ee:b6:8b:10:
                    2c:8a:2a:2a:1e:08:ca:83:ef:72:39:d4:bf:f5:f6:
                    92:db:94:91:40:aa:87:e7:78:1e:a3:26:4f:ec:7a:
                    98:fb:17:7e:0d:cb:e1:2a:44:25:90:5e:f9:0b:e6:
                    5e:a4:94:dc:c2:b4:3d:97:7e:b6:55:bc:93:f3:4e:
                    f4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D0:95:B2:E3:58:8D:69:68:CF:40:6B:AD:BD:CB:B5:23:23:1C:6C
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3135372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:fc:84:ca:ea:18:8e:df:e3:f0:f6:3b:3b:32:6f:ab:d1:97:
         b0:6d:64:c8:fb:6a:1d:a4:f5:5d:4d:02:2f:a3:71:7c:20:8f:
         32:19:81:12:1f:af:63:3b:a8:3c:0b:d2:81:fa:d2:ff:08:f3:
         c3:14:f9:2f:6c:76:aa:8f:ed:b1:ef:1b:2b:2b:ba:16:3f:d2:
         50:96:b7:c9:d0:c7:a7:b3:20:88:2f:d3:ac:99:5a:d1:53:0f:
         e8:e2:c8:d2:ad:10:14:a1:30:83:b5:12:e1:34:8c:59:71:bc:
         be:67:f7:99:ea:b0:1a:12:02:da:d7:b5:c5:8c:39:7b:af:4b:
         55:62:d1:99:c8:8e:a8:88:e6:62:4b:62:9a:e5:82:1a:ac:e2:
         97:96:d8:cd:70:56:a4:9f:48:7d:f8:1d:a2:dd:96:8a:fa:22:
         2d:72:86:78:fd:31:40:80:91:88:97:18:34:92:18:ee:8a:62:
         a3:09:21:04:38:91:03:ad:c4:27:98:00:3c:de:61:60:be:2d:
         d6:e7:f5:f3:28:50:fa:48:47:2c:b1:68:ed:27:b5:07:12:00:
         7e:c5:d3:d1:d2:09:ab:cd:f9:80:64:6b:49:31:7b:fe:77:4b:
         f3:e6:f2:98:33:22:9f:76:a4:18:9f:d5:09:a2:7e:6e:ca:dc:
         5e:3e:a6:ed
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdqxGfjLXpVWSUa1/SOaHNakCu4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MTFaFw0yNzA0MjAwOTA5MTFaMDMxMTAvBgNV
BAMTKEJCRDA5NUIyRTM1ODhENjk2OENGNDA2QkFEQkRDQkI1MjMyMzFDNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz+3zHww9tVmqTqWbE/frPVihX
IP06TdQ3nL7xlaHg7QonxQTpPhjpX6S/sE7LRdrMLDBTOI96wb9ek2cxKpQvCRm4
EAjtQ/nrFFfBinmh4N7sEgf/oPq82QCkyxSF5o1ydam7mamayHSviewHZpIzdZTi
bSa5H1rPpLzoVmErV30Pv4F7OehSAal7pCBH44WT5HPP8RTGAf/rQqpZXqAbAcPt
IBwmmNTHzc3ibdAHIbqld+e6vZpuGuhtHQbE7raLECyKKioeCMqD73I51L/19pLb
lJFAqofneB6jJk/sepj7F34Ny+EqRCWQXvkL5l6klNzCtD2XfrZVvJPzTvQbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUu9CVsuNYjWloz0Brrb3LtSMjHGwwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzUzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
nTANBgkqhkiG9w0BAQsFAAOCAQEAlPyEyuoYjt/j8PY7OzJvq9GXsG1kyPtqHaT1
XU0CL6NxfCCPMhmBEh+vYzuoPAvSgfrS/wjzwxT5L2x2qo/tse8bKyu6Fj/SUJa3
ydDHp7MgiC/TrJla0VMP6OLI0q0QFKEwg7US4TSMWXG8vmf3meqwGhIC2te1xYw5
e69LVWLRmciOqIjmYktimuWCGqzil5bYzXBWpJ9Iffgdot2WivoiLXKGeP0xQICR
iJcYNJIY7opiowkhBDiRA63EJ5gAPN5hYL4t1uf18yhQ+khHLLFo7Se1BxIAfsXT
0dIJq835gGRrSTF7/ndL8+bymDMin3akGJ/VCaJ+bsrcXj6m7Q==
-----END CERTIFICATE-----