Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3136302e302f31392d3234203d3e20383334.roa
File:                     3134372e3132352e3136302e302f31392d3234203d3e20383334.roa (raw, json)
Hash identifier:          iHOVJtLMhrc9OpfiRHQfhyQp7jYg6eBYRtcoyGk7MO0=
Subject key identifier:   65:C5:77:F5:39:4F:13:97:72:67:B7:8B:AF:84:2E:78:04:55:D2:E3
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       5B253B9231A2C142773AEE522DD1D1446E43DDF5
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3136302e302f31392d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:09:10 +0000
ROA not before:           Tue 21 Apr 2026 09:04:10 +0000
ROA not after:            Tue 20 Apr 2027 09:09:10 +0000
asID:                     834
IP address blocks:        147.125.160.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:25:3b:92:31:a2:c1:42:77:3a:ee:52:2d:d1:d1:44:6e:43:dd:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:04:10 2026 GMT
            Not After : Apr 20 09:09:10 2027 GMT
        Subject: CN=65C577F5394F13977267B78BAF842E780455D2E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:24:de:50:69:fa:dd:28:04:72:34:1c:ff:24:
                    60:54:3a:10:52:a7:83:03:60:76:f6:b3:49:6d:47:
                    28:16:5a:96:0e:a0:ba:e2:3f:87:73:ef:d2:b3:f6:
                    87:0c:30:ca:ae:0e:08:70:3b:4c:f2:03:a1:0a:57:
                    6d:1e:fb:54:82:f7:8a:01:51:35:b6:5b:08:eb:57:
                    0b:ff:9c:a5:5e:a8:0c:ac:d0:cb:ac:53:07:09:66:
                    c6:c9:f0:d3:58:30:33:74:61:1c:bf:5b:ae:3c:7c:
                    a5:0e:64:0d:d9:4f:5b:c6:be:c3:92:bd:d8:d7:8a:
                    44:e0:e6:aa:c2:0c:cc:70:36:cf:48:ca:dd:bb:20:
                    82:57:e5:0e:88:bc:f8:51:e6:96:ac:49:4e:8f:62:
                    7b:7c:a2:0b:51:1f:f1:4c:19:df:85:db:44:08:9d:
                    6a:0f:92:21:7b:71:e2:2d:03:57:f6:1c:82:27:86:
                    5f:91:17:8e:ca:fb:ea:99:e8:50:03:78:0a:3a:fe:
                    a8:41:c8:e2:88:e0:24:8a:51:41:85:89:94:0f:84:
                    d2:a2:44:92:81:bb:3c:ec:67:fe:2a:8c:4e:b8:70:
                    96:cd:0d:2b:8c:4c:46:84:fc:fe:e7:d2:aa:ff:2d:
                    82:e8:27:e6:71:61:a5:83:91:be:1e:cf:a6:8c:16:
                    fb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C5:77:F5:39:4F:13:97:72:67:B7:8B:AF:84:2E:78:04:55:D2:E3
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3136302e302f31392d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a4:e5:64:4e:3f:78:b2:3f:ce:2f:de:10:06:ee:f5:9e:7b:c7:
         01:a2:6b:ae:77:a4:fa:ba:46:66:1a:66:17:70:46:25:22:f3:
         cf:2c:27:6a:34:a3:31:2a:f1:22:09:8d:fb:68:0d:f4:9a:4d:
         84:19:e2:3a:5e:eb:b0:d4:4e:cb:fa:63:3b:5f:95:13:b5:90:
         e3:d0:8d:f1:a5:8e:d8:33:c4:44:91:35:9f:43:99:cc:fe:0d:
         cf:82:94:4f:18:06:c8:ed:b6:52:43:8e:13:20:87:c0:0a:fa:
         63:3e:20:3b:23:3f:ea:25:57:66:cf:40:88:27:b4:50:71:5f:
         7c:e9:e4:6a:38:bb:68:7a:1c:24:e7:01:3b:50:69:7a:a6:1a:
         b7:5d:0d:c9:dc:cb:64:0b:0d:04:87:96:e8:32:59:b1:f3:58:
         68:9c:1f:0b:b5:9a:92:3f:34:e5:52:e3:04:86:ed:b5:38:1d:
         37:ff:03:2b:b4:e5:c2:5f:65:8c:53:2a:f3:28:72:73:6a:54:
         34:4b:61:d3:17:13:29:1d:7a:dd:6d:75:3a:5d:10:9e:5f:85:
         9a:48:69:62:8e:21:89:87:8d:ca:b7:83:cf:b2:22:97:fb:8f:
         63:ad:f4:10:e1:ad:51:17:3a:2c:bf:fd:4c:02:2b:9f:06:1f:
         f0:f3:b6:76
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWyU7kjGiwUJ3Ou5SLdHRRG5D3fUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MTBaFw0yNzA0MjAwOTA5MTBaMDMxMTAvBgNV
BAMTKDY1QzU3N0Y1Mzk0RjEzOTc3MjY3Qjc4QkFGODQyRTc4MDQ1NUQyRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdJN5QafrdKARyNBz/JGBUOhBS
p4MDYHb2s0ltRygWWpYOoLriP4dz79Kz9ocMMMquDghwO0zyA6EKV20e+1SC94oB
UTW2WwjrVwv/nKVeqAys0MusUwcJZsbJ8NNYMDN0YRy/W648fKUOZA3ZT1vGvsOS
vdjXikTg5qrCDMxwNs9Iyt27IIJX5Q6IvPhR5pasSU6PYnt8ogtRH/FMGd+F20QI
nWoPkiF7ceItA1f2HIInhl+RF47K++qZ6FADeAo6/qhByOKI4CSKUUGFiZQPhNKi
RJKBuzzsZ/4qjE64cJbNDSuMTEaE/P7n0qr/LYLoJ+ZxYaWDkb4ez6aMFvv5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUZcV39TlPE5dyZ7eLr4QueARV0uMwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzYzMDJlMzAyZjMxMzkyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBZN9
oDANBgkqhkiG9w0BAQsFAAOCAQEApOVkTj94sj/OL94QBu71nnvHAaJrrnek+rpG
ZhpmF3BGJSLzzywnajSjMSrxIgmN+2gN9JpNhBniOl7rsNROy/pjO1+VE7WQ49CN
8aWO2DPERJE1n0OZzP4Nz4KUTxgGyO22UkOOEyCHwAr6Yz4gOyM/6iVXZs9AiCe0
UHFffOnkaji7aHocJOcBO1BpeqYat10NydzLZAsNBIeW6DJZsfNYaJwfC7Wakj80
5VLjBIbttTgdN/8DK7Tlwl9ljFMq8yhyc2pUNEth0xcTKR163W11Ol0Qnl+Fmkhp
Yo4hiYeNyreDz7Iil/uPY630EOGtURc6LL/9TAIrnwYf8PO2dg==
-----END CERTIFICATE-----