Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139322e302f32302d3234203d3e20383334.roa
File:                     3134372e3132352e3139322e302f32302d3234203d3e20383334.roa (raw, json)
Hash identifier:          rjNs1Jt7KoXHdQmCwWkcrv/x4cVvHgt5YSgbu9nSOh4=
Subject key identifier:   F9:0F:51:C5:09:D5:40:7C:07:5D:A8:D7:FD:1B:B9:9C:BB:11:38:38
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       67653BF2BB67A799EC2CF519892A902FF07AEB68
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139322e302f32302d3234203d3e20383334.roa
Signing time:             Fri 10 Oct 2025 11:54:44 +0000
ROA not before:           Fri 10 Oct 2025 11:49:44 +0000
ROA not after:            Fri 09 Oct 2026 11:54:44 +0000
asID:                     834
IP address blocks:        147.125.192.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Oct 2025 22:29:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:65:3b:f2:bb:67:a7:99:ec:2c:f5:19:89:2a:90:2f:f0:7a:eb:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Oct 10 11:49:44 2025 GMT
            Not After : Oct  9 11:54:44 2026 GMT
        Subject: CN=F90F51C509D5407C075DA8D7FD1BB99CBB113838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c0:be:ea:86:ec:81:08:57:1b:7e:32:45:81:
                    d4:f3:cc:90:19:ca:55:d0:b6:72:83:0a:e0:1a:31:
                    63:d4:2c:17:ec:93:ea:d4:4f:9b:27:20:86:13:ce:
                    b2:52:fa:ca:38:55:49:7f:67:ba:1a:cc:f7:65:cb:
                    1c:d3:fc:cb:4c:b4:42:8c:b2:55:ff:b9:c9:24:d5:
                    b6:4c:74:b5:3d:14:e0:05:9f:19:a6:47:77:76:f3:
                    58:dc:40:a8:59:7f:77:68:40:fa:7a:ed:30:a8:fc:
                    9f:96:2b:89:97:af:4c:45:56:2a:75:76:6c:55:0a:
                    a1:2f:c6:62:45:98:23:c8:41:73:a8:fa:89:e3:a0:
                    c4:62:24:7c:f4:12:0e:6a:fd:d6:bf:4f:68:0c:b1:
                    13:29:e4:20:cd:7d:ec:03:f1:2c:ed:0e:0c:f3:a0:
                    b7:4d:9a:a9:b6:ef:32:b6:06:16:60:3a:a3:96:f9:
                    63:62:c4:72:68:a1:1e:52:6e:de:96:53:81:31:5f:
                    7c:a4:90:07:45:51:95:dd:20:9d:45:a7:80:9d:37:
                    b5:99:e9:aa:9a:8f:9e:47:3e:8b:a1:ff:31:13:3c:
                    77:fa:51:df:50:77:89:9b:37:8f:4b:ed:86:17:50:
                    40:5a:1d:e9:a6:f2:ca:dd:31:a4:de:4b:20:70:ad:
                    bd:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:0F:51:C5:09:D5:40:7C:07:5D:A8:D7:FD:1B:B9:9C:BB:11:38:38
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139322e302f32302d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0a:54:54:f1:d7:fd:db:c2:c3:82:12:7f:2f:7e:a6:c8:d0:f2:
         c8:34:ad:3c:84:20:e0:f8:5e:53:32:03:95:37:b5:0c:25:d2:
         48:c3:c3:f8:e9:f2:9a:61:49:6d:36:38:2d:96:bb:5e:8a:be:
         16:00:8e:91:5b:c0:de:f2:b5:ef:37:88:d9:d9:66:aa:58:29:
         54:b9:07:ad:c0:cf:17:e5:35:77:cc:d3:4d:9e:fe:08:33:76:
         ca:fb:8d:68:af:f5:c7:b5:20:b8:03:4f:51:09:6f:de:29:58:
         5a:04:00:72:ef:3a:be:b5:df:e6:a1:ee:12:56:f9:ad:a8:de:
         1b:c4:6e:77:d4:e8:40:9a:6f:60:bf:43:f2:eb:53:7f:44:9d:
         d1:11:26:c5:e7:66:da:40:4f:89:c7:06:e4:18:48:c5:8a:17:
         3d:01:ee:20:48:e1:36:b7:fb:06:83:29:14:fb:bd:b2:e9:3c:
         a6:8b:10:e5:29:8d:51:ce:4c:a8:be:0b:de:88:5b:9b:15:1d:
         a1:a2:f0:3c:14:35:f7:e5:0b:21:88:7a:3b:78:0d:fa:e0:b2:
         b6:9b:b0:63:12:80:54:40:27:77:3d:00:c5:9e:c1:c1:7e:cb:
         f8:70:ea:22:c5:da:ec:f8:6f:99:09:7c:ba:95:c3:8f:b0:87:
         53:08:ae:67
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZ2U78rtnp5nsLPUZiSqQL/B662gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNTEwMTAxMTQ5NDRaFw0yNjEwMDkxMTU0NDRaMDMxMTAvBgNV
BAMTKEY5MEY1MUM1MDlENTQwN0MwNzVEQThEN0ZEMUJCOTlDQkIxMTM4MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRwL7qhuyBCFcbfjJFgdTzzJAZ
ylXQtnKDCuAaMWPULBfsk+rUT5snIIYTzrJS+so4VUl/Z7oazPdlyxzT/MtMtEKM
slX/uckk1bZMdLU9FOAFnxmmR3d281jcQKhZf3doQPp67TCo/J+WK4mXr0xFVip1
dmxVCqEvxmJFmCPIQXOo+onjoMRiJHz0Eg5q/da/T2gMsRMp5CDNfewD8SztDgzz
oLdNmqm27zK2BhZgOqOW+WNixHJooR5Sbt6WU4ExX3ykkAdFUZXdIJ1Fp4CdN7WZ
6aqaj55HPouh/zETPHf6Ud9Qd4mbN49L7YYXUEBaHemm8srdMaTeSyBwrb2TAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+Q9RxQnVQHwHXajX/Ru5nLsRODgwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzkzMjJlMzAyZjMyMzAyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBJN9
wDANBgkqhkiG9w0BAQsFAAOCAQEAClRU8df928LDghJ/L36myNDyyDStPIQg4Phe
UzIDlTe1DCXSSMPD+OnymmFJbTY4LZa7Xoq+FgCOkVvA3vK17zeI2dlmqlgpVLkH
rcDPF+U1d8zTTZ7+CDN2yvuNaK/1x7UguANPUQlv3ilYWgQAcu86vrXf5qHuElb5
rajeG8Rud9ToQJpvYL9D8utTf0Sd0REmxedm2kBPiccG5BhIxYoXPQHuIEjhNrf7
BoMpFPu9suk8posQ5SmNUc5MqL4L3ohbmxUdoaLwPBQ19+ULIYh6O3gN+uCytpuw
YxKAVEAndz0AxZ7BwX7L+HDqIsXa7PhvmQl8upXDj7CHUwiuZw==
-----END CERTIFICATE-----