Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3230382e302f32312d3234203d3e20383334.roa
File:                     3134372e3132352e3230382e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          i1MlYDyZthDox3t9GTaYfp478joSZhMXf8NBAusdJGg=
Subject key identifier:   B9:62:14:4E:DB:70:8B:B7:C0:A5:9F:1B:92:DC:BD:FF:EC:D3:98:3F
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       3896CD2AEC62476BF0299987BF05B2294B9E41DD
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3230382e302f32312d3234203d3e20383334.roa
Signing time:             Fri 10 Oct 2025 11:54:44 +0000
ROA not before:           Fri 10 Oct 2025 11:49:44 +0000
ROA not after:            Fri 09 Oct 2026 11:54:44 +0000
asID:                     834
IP address blocks:        147.125.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Oct 2025 22:29:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:96:cd:2a:ec:62:47:6b:f0:29:99:87:bf:05:b2:29:4b:9e:41:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Oct 10 11:49:44 2025 GMT
            Not After : Oct  9 11:54:44 2026 GMT
        Subject: CN=B962144EDB708BB7C0A59F1B92DCBDFFECD3983F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:01:5a:4b:a4:22:35:06:27:ba:10:04:44:81:
                    4c:19:58:65:6c:d9:be:2e:11:ef:1c:7a:64:f1:68:
                    b8:32:04:0a:f6:02:4f:8f:f4:f4:dd:fb:f6:19:3a:
                    77:0e:d3:c3:36:ac:a0:49:30:da:c0:05:47:ad:34:
                    e5:e7:07:21:4f:01:38:54:39:d0:68:9c:85:a3:90:
                    7f:24:19:f1:a9:85:46:43:2f:83:a8:6e:74:e2:0c:
                    13:1b:db:a4:b4:11:54:2d:d2:32:30:0f:0c:31:23:
                    5f:78:03:e9:3d:e2:5a:5d:6e:6b:fc:12:ef:b0:90:
                    c8:7b:2b:b4:6f:e7:45:a9:14:6b:73:72:91:f2:85:
                    44:22:6e:9f:55:40:88:db:78:24:4d:e3:b7:af:91:
                    b4:5c:d6:8f:89:f2:e1:58:23:74:b1:11:cd:1a:93:
                    20:c1:64:b3:68:83:af:16:e1:b9:39:8d:16:bd:1d:
                    e4:24:b5:fd:bb:51:f2:81:45:9a:3c:8a:1e:60:69:
                    a4:21:da:70:2d:ae:e8:b4:7b:0e:d1:21:69:90:f1:
                    47:f9:fa:cf:2d:be:a4:1b:dc:70:54:93:38:7c:ca:
                    41:3b:5a:ff:16:54:5a:0c:bd:ec:36:77:c2:70:5b:
                    6c:af:73:74:f8:c6:a2:af:d3:dc:cd:0b:c7:93:23:
                    f2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:62:14:4E:DB:70:8B:B7:C0:A5:9F:1B:92:DC:BD:FF:EC:D3:98:3F
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3230382e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:e3:bc:8f:5a:53:97:22:50:48:39:bb:a9:57:6d:cb:f0:54:
         f8:6f:fc:f8:9a:b5:58:a5:c6:11:7a:85:1a:92:4e:f7:f6:d7:
         1b:bf:dd:8a:b0:9b:2b:69:24:3d:ec:4d:63:b0:2a:d2:ff:b8:
         54:55:ce:c1:c2:b0:59:e6:27:2f:77:df:d0:b1:23:61:4b:05:
         2b:a9:0a:6d:ca:e0:ad:9b:a6:c7:0d:54:d8:0b:2b:e1:c7:a0:
         51:17:19:fc:24:8b:c7:f5:28:f1:f0:fe:11:48:ab:30:fa:77:
         36:d3:37:4a:b4:3f:d6:b6:5c:b0:0f:43:d5:04:42:02:72:d4:
         f7:be:8b:01:f9:54:17:65:7a:21:10:42:3b:ca:9d:6a:40:a7:
         7e:f7:41:08:ca:d7:e3:7e:77:a4:4a:f4:4e:24:e9:dd:23:59:
         0a:5c:e2:09:3d:1b:29:53:da:b5:83:96:1a:ee:11:ab:9d:8c:
         6e:1f:80:bf:d1:c5:48:5e:c6:4b:17:28:4c:70:40:5b:47:c7:
         4e:b4:b0:be:6b:ee:64:f8:42:1d:61:1e:08:48:fd:b9:c8:dd:
         f7:f1:9b:ab:ae:3a:2a:0b:17:32:80:c8:33:44:97:ae:03:18:
         d7:24:72:e9:e6:1d:dd:95:81:b2:f3:d6:71:9d:8b:8a:e1:1e:
         8e:e8:24:ae
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOJbNKuxiR2vwKZmHvwWyKUueQd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNTEwMTAxMTQ5NDRaFw0yNjEwMDkxMTU0NDRaMDMxMTAvBgNV
BAMTKEI5NjIxNDRFREI3MDhCQjdDMEE1OUYxQjkyRENCREZGRUNEMzk4M0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyAVpLpCI1Bie6EAREgUwZWGVs
2b4uEe8cemTxaLgyBAr2Ak+P9PTd+/YZOncO08M2rKBJMNrABUetNOXnByFPAThU
OdBonIWjkH8kGfGphUZDL4OobnTiDBMb26S0EVQt0jIwDwwxI194A+k94lpdbmv8
Eu+wkMh7K7Rv50WpFGtzcpHyhUQibp9VQIjbeCRN47evkbRc1o+J8uFYI3SxEc0a
kyDBZLNog68W4bk5jRa9HeQktf27UfKBRZo8ih5gaaQh2nAtrui0ew7RIWmQ8Uf5
+s8tvqQb3HBUkzh8ykE7Wv8WVFoMvew2d8JwW2yvc3T4xqKv09zNC8eTI/LDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUuWIUTttwi7fApZ8bkty9/+zTmD8wHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzAzODJlMzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA5N9
0DANBgkqhkiG9w0BAQsFAAOCAQEANuO8j1pTlyJQSDm7qVdty/BU+G/8+Jq1WKXG
EXqFGpJO9/bXG7/dirCbK2kkPexNY7Aq0v+4VFXOwcKwWeYnL3ff0LEjYUsFK6kK
bcrgrZumxw1U2Asr4cegURcZ/CSLx/Uo8fD+EUirMPp3NtM3SrQ/1rZcsA9D1QRC
AnLU976LAflUF2V6IRBCO8qdakCnfvdBCMrX4353pEr0TiTp3SNZClziCT0bKVPa
tYOWGu4Rq52Mbh+Av9HFSF7GSxcoTHBAW0fHTrSwvmvuZPhCHWEeCEj9ucjd9/Gb
q646KgsXMoDIM0SXrgMY1yRy6eYd3ZWBsvPWcZ2LiuEejugkrg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:44 2025 by rpki-client