Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3230392e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3230392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          iomlTMmPvoUcvFv2KZJTMyxUevkpGM23uErEUVhd5Uw=
Subject key identifier:   CB:91:33:3D:D0:39:2F:C7:DF:4E:90:7B:9E:5B:D4:F8:0C:AC:08:9E
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       61A032561DD7F5C32C8D1C106FC999AC6A5F2441
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3230392e302f32342d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:09:11 +0000
ROA not before:           Tue 21 Apr 2026 09:04:11 +0000
ROA not after:            Tue 20 Apr 2027 09:09:11 +0000
asID:                     834
IP address blocks:        147.125.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:a0:32:56:1d:d7:f5:c3:2c:8d:1c:10:6f:c9:99:ac:6a:5f:24:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:04:11 2026 GMT
            Not After : Apr 20 09:09:11 2027 GMT
        Subject: CN=CB91333DD0392FC7DF4E907B9E5BD4F80CAC089E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:55:57:32:99:e3:28:93:00:7c:06:f0:a2:2c:
                    05:d9:aa:d6:40:ea:0c:de:8a:e1:87:42:d6:08:25:
                    fc:7d:10:20:69:d8:b5:3b:6b:d7:07:29:9d:b4:63:
                    7d:08:1b:74:be:cd:4a:f5:4d:49:a8:f4:4a:be:79:
                    66:11:30:da:12:dd:68:2e:53:f9:fb:0c:f8:9c:e3:
                    e4:6d:64:bc:6c:f9:f7:49:1d:99:e7:70:f5:e0:93:
                    32:a0:14:38:47:a6:d9:98:4d:b8:92:55:86:2e:37:
                    71:54:40:31:93:03:4f:87:ce:13:19:d4:9e:eb:f1:
                    4c:e1:25:72:35:32:0f:37:8c:0d:44:93:d2:19:22:
                    cc:92:41:23:c8:7c:0f:c8:bd:3f:79:ee:0e:92:c2:
                    8b:db:61:45:e4:20:95:0f:36:96:37:d7:d0:a6:e2:
                    03:b3:e1:22:76:93:fc:83:f8:6f:05:7c:b5:75:3f:
                    9a:bb:8b:e7:c1:a4:e8:03:b0:be:68:cd:b8:46:52:
                    07:f2:1e:af:b2:8e:63:4c:a6:56:19:27:f9:fe:07:
                    31:9d:e4:33:13:3a:e0:f0:1d:27:f8:ae:97:4d:cb:
                    d5:63:ae:d9:bf:f0:87:93:8a:c1:c4:24:ee:1c:2f:
                    1c:21:95:17:89:a2:a2:ea:17:b4:6e:20:e1:07:92:
                    57:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:91:33:3D:D0:39:2F:C7:DF:4E:90:7B:9E:5B:D4:F8:0C:AC:08:9E
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3230392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:03:12:ac:08:53:e5:08:fc:d9:07:b7:bf:1e:bd:e5:e6:5b:
         09:6b:93:8d:7d:5d:f0:99:65:b9:ef:c1:72:70:98:db:c4:fd:
         83:31:f4:0c:5f:93:c4:a8:5e:67:21:c0:6a:c1:8b:46:6b:03:
         2f:7d:3f:2b:50:34:76:27:5c:d2:0f:b5:c2:95:87:d3:66:0a:
         1a:b0:f3:ba:eb:1d:8b:17:a9:bb:d8:a1:ae:ed:04:5f:08:51:
         88:94:36:c4:c2:c0:ca:2d:df:23:09:96:21:53:67:5b:e7:a3:
         5d:b5:9d:d1:e3:4d:16:f5:be:a9:6c:e2:31:b2:1e:39:fa:1e:
         f5:bc:9a:a7:29:44:64:08:83:47:a3:8d:15:5d:ce:9f:14:65:
         cf:f1:d2:a6:4e:8a:fa:27:5b:9b:16:02:09:df:58:96:f5:9b:
         71:6a:f2:05:f8:7f:44:cd:26:76:d7:b5:97:24:dc:66:97:da:
         c3:73:6b:3f:7c:85:9d:7c:22:b4:58:30:0e:72:04:f3:8b:2b:
         8d:4c:fc:76:36:70:70:80:9c:83:57:4d:a1:9b:3d:41:04:96:
         be:0d:f4:d1:d2:70:14:9e:73:27:89:75:a4:d1:28:f1:14:13:
         8c:fd:05:2e:f1:9d:c7:cc:aa:7e:e0:88:98:7b:1d:1a:a6:f8:
         20:22:07:fa
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYaAyVh3X9cMsjRwQb8mZrGpfJEEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MTFaFw0yNzA0MjAwOTA5MTFaMDMxMTAvBgNV
BAMTKENCOTEzMzNERDAzOTJGQzdERjRFOTA3QjlFNUJENEY4MENBQzA4OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXVVcymeMokwB8BvCiLAXZqtZA
6gzeiuGHQtYIJfx9ECBp2LU7a9cHKZ20Y30IG3S+zUr1TUmo9Eq+eWYRMNoS3Wgu
U/n7DPic4+RtZLxs+fdJHZnncPXgkzKgFDhHptmYTbiSVYYuN3FUQDGTA0+HzhMZ
1J7r8UzhJXI1Mg83jA1Ek9IZIsySQSPIfA/IvT957g6SwovbYUXkIJUPNpY319Cm
4gOz4SJ2k/yD+G8FfLV1P5q7i+fBpOgDsL5ozbhGUgfyHq+yjmNMplYZJ/n+BzGd
5DMTOuDwHSf4rpdNy9Vjrtm/8IeTisHEJO4cLxwhlReJoqLqF7RuIOEHklfrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUy5EzPdA5L8ffTpB7nlvU+AysCJ4wHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzAzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
0TANBgkqhkiG9w0BAQsFAAOCAQEASgMSrAhT5Qj82Qe3vx695eZbCWuTjX1d8Jll
ue/BcnCY28T9gzH0DF+TxKheZyHAasGLRmsDL30/K1A0didc0g+1wpWH02YKGrDz
uusdixepu9ihru0EXwhRiJQ2xMLAyi3fIwmWIVNnW+ejXbWd0eNNFvW+qWziMbIe
Ofoe9byapylEZAiDR6ONFV3OnxRlz/HSpk6K+idbmxYCCd9YlvWbcWryBfh/RM0m
dte1lyTcZpfaw3NrP3yFnXwitFgwDnIE84srjUz8djZwcICcg1dNoZs9QQSWvg30
0dJwFJ5zJ4l1pNEo8RQTjP0FLvGdx8yqfuCImHsdGqb4ICIH+g==
-----END CERTIFICATE-----