Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139382e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3139382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          tpuF7tFBhXFyhHkdHhcLgdjAsySt7TAOsYz4OL+ZwKw=
Subject key identifier:   0B:03:4D:33:BB:0F:E3:CC:C4:07:4E:88:81:BE:A6:FB:C2:EA:D6:F4
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       4670BAB449210CBD4697C2A96421C5DF6388FFBC
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139382e302f32342d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:09:09 +0000
ROA not before:           Tue 21 Apr 2026 09:04:09 +0000
ROA not after:            Tue 20 Apr 2027 09:09:09 +0000
asID:                     834
IP address blocks:        147.125.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:70:ba:b4:49:21:0c:bd:46:97:c2:a9:64:21:c5:df:63:88:ff:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:04:09 2026 GMT
            Not After : Apr 20 09:09:09 2027 GMT
        Subject: CN=0B034D33BB0FE3CCC4074E8881BEA6FBC2EAD6F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:43:ff:0a:a9:a1:8a:36:e4:53:81:a2:bf:11:
                    45:05:27:c2:c8:9f:18:6b:f0:e1:74:87:e0:fc:1e:
                    45:84:0f:63:a3:01:ac:b2:85:a6:78:8b:f5:fe:e5:
                    07:a3:b8:24:f9:c3:16:3c:9c:b0:f4:64:0a:70:e8:
                    a6:0f:61:34:7c:cc:60:ce:90:a3:0b:81:d5:ce:ad:
                    ee:ac:bf:df:92:08:97:d9:83:4f:90:f3:02:21:9f:
                    d5:2d:2c:0a:9e:d8:4d:0a:97:c8:1d:22:eb:81:e1:
                    cf:f0:b8:83:e8:4a:82:4e:f4:52:ac:e0:2e:7c:aa:
                    d4:26:3e:45:b6:8d:87:44:7b:d4:54:4b:6b:a1:3d:
                    e7:fb:18:66:f8:b2:8f:14:a2:31:10:7b:3d:d8:d4:
                    24:1f:a8:8a:78:b5:41:e6:c8:c2:02:a0:fc:58:55:
                    6c:23:bb:40:e7:6f:44:dc:c4:66:3f:a9:0b:fe:98:
                    ee:6c:ae:55:6d:f9:eb:d2:00:1f:03:15:5a:98:08:
                    5f:fe:26:60:ea:a1:00:c9:af:e2:6e:b0:a6:61:1e:
                    fb:d1:79:8f:95:fa:59:56:46:28:bb:10:14:01:ac:
                    5c:bf:49:d3:cd:33:dc:ca:4e:d2:25:78:51:ae:2b:
                    33:a7:32:6f:3d:ae:0c:d5:67:f0:62:da:c3:6a:da:
                    44:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:03:4D:33:BB:0F:E3:CC:C4:07:4E:88:81:BE:A6:FB:C2:EA:D6:F4
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3139382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:20:e1:83:c8:06:a4:e8:99:d0:02:53:b6:51:1b:17:f7:57:
         50:f2:ba:a3:21:ff:9b:99:e3:05:d4:68:5b:f3:fb:ca:82:4f:
         5a:d2:51:ef:58:64:ef:8c:ac:b9:a4:28:26:1d:87:63:1d:f2:
         0d:4b:0c:26:f7:fc:5b:6a:ed:98:2f:74:97:cd:ed:7e:a9:fb:
         3e:90:a1:55:ca:8e:44:40:e2:29:2e:fb:98:88:c3:ec:d6:45:
         6d:66:59:fd:a6:21:71:c6:93:f6:9f:1b:ae:e4:dc:75:f4:79:
         6a:91:95:bc:73:6f:8b:f8:b0:0f:c0:ed:71:28:bd:28:ee:68:
         64:c2:1e:af:e9:ee:34:1d:c7:80:67:90:06:e3:1d:65:e1:08:
         5b:24:d4:8a:5c:d0:d5:e7:c9:b5:af:99:33:b7:09:e7:9a:80:
         30:52:fe:db:c7:95:fe:84:41:06:31:49:77:78:fd:d4:de:07:
         3b:1d:bf:f2:6e:72:3a:56:ed:dc:8f:35:ff:02:bb:93:e3:4f:
         37:f2:47:a8:6c:9f:ab:48:e1:d4:fd:da:bf:fc:dd:4e:0d:2b:
         8a:a7:89:92:2f:3a:9f:fa:19:e0:b2:fe:c4:5e:0e:91:6d:43:
         ed:35:2d:13:72:54:21:43:75:5e:2e:19:de:57:e1:31:1d:c6:
         5e:20:21:97
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURnC6tEkhDL1Gl8KpZCHF32OI/7wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MDlaFw0yNzA0MjAwOTA5MDlaMDMxMTAvBgNV
BAMTKDBCMDM0RDMzQkIwRkUzQ0NDNDA3NEU4ODgxQkVBNkZCQzJFQUQ2RjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfQ/8KqaGKNuRTgaK/EUUFJ8LI
nxhr8OF0h+D8HkWED2OjAayyhaZ4i/X+5QejuCT5wxY8nLD0ZApw6KYPYTR8zGDO
kKMLgdXOre6sv9+SCJfZg0+Q8wIhn9UtLAqe2E0Kl8gdIuuB4c/wuIPoSoJO9FKs
4C58qtQmPkW2jYdEe9RUS2uhPef7GGb4so8UojEQez3Y1CQfqIp4tUHmyMICoPxY
VWwju0Dnb0TcxGY/qQv+mO5srlVt+evSAB8DFVqYCF/+JmDqoQDJr+JusKZhHvvR
eY+V+llWRii7EBQBrFy/SdPNM9zKTtIleFGuKzOnMm89rgzVZ/Bi2sNq2kRzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCwNNM7sP48zEB06Igb6m+8Lq1vQwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzkzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
xjANBgkqhkiG9w0BAQsFAAOCAQEApyDhg8gGpOiZ0AJTtlEbF/dXUPK6oyH/m5nj
BdRoW/P7yoJPWtJR71hk74ysuaQoJh2HYx3yDUsMJvf8W2rtmC90l83tfqn7PpCh
VcqOREDiKS77mIjD7NZFbWZZ/aYhccaT9p8bruTcdfR5apGVvHNvi/iwD8DtcSi9
KO5oZMIer+nuNB3HgGeQBuMdZeEIWyTUilzQ1efJta+ZM7cJ55qAMFL+28eV/oRB
BjFJd3j91N4HOx2/8m5yOlbt3I81/wK7k+NPN/JHqGyfq0jh1P3av/zdTg0riqeJ
ki86n/oZ4LL+xF4OkW1D7TUtE3JUIUN1Xi4Z3lfhMR3GXiAhlw==
-----END CERTIFICATE-----