Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3231302e302f32332d3234203d3e20383334.roa
File:                     3134372e3132352e3231302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          lncVHkPSVWzEuEwQGpNijlG3HUO87/bnRztk7aDsftU=
Subject key identifier:   5B:C8:E8:BE:5C:5B:13:E9:91:D6:C4:41:C5:41:2D:1A:7E:16:A3:33
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       4A82BB46827C713912E494BF037A99B81D960677
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3231302e302f32332d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:09:12 +0000
ROA not before:           Tue 21 Apr 2026 09:04:12 +0000
ROA not after:            Tue 20 Apr 2027 09:09:12 +0000
asID:                     834
IP address blocks:        147.125.210.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:82:bb:46:82:7c:71:39:12:e4:94:bf:03:7a:99:b8:1d:96:06:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:04:12 2026 GMT
            Not After : Apr 20 09:09:12 2027 GMT
        Subject: CN=5BC8E8BE5C5B13E991D6C441C5412D1A7E16A333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c0:d7:54:18:d8:49:9b:54:1f:45:a8:5b:33:
                    e1:6a:59:71:59:a2:c5:d8:0b:1f:ce:08:d3:c3:3f:
                    2f:7c:07:c1:b7:b1:8b:72:0f:05:68:6e:2a:e0:62:
                    4b:97:e6:f9:01:cd:70:b8:4c:a3:d6:f8:58:95:74:
                    92:86:5f:c1:aa:19:dc:dd:6d:c2:f9:d4:56:e0:08:
                    27:08:c5:ec:86:b1:50:ea:4c:65:0c:54:bd:e4:8a:
                    03:6b:b3:d6:ca:bf:9c:0e:81:2b:ae:8e:bd:51:e2:
                    5a:9a:2e:b2:28:f3:ea:a9:9c:f7:15:cd:42:a0:2e:
                    c8:c5:6d:6a:51:e5:e2:85:66:65:29:24:02:2f:9b:
                    60:10:cb:68:4c:98:bd:85:e2:2c:7d:54:47:26:58:
                    42:7f:28:15:c3:08:fc:77:50:f5:df:2c:f4:83:25:
                    11:7d:ad:1f:90:9e:a6:1f:19:7c:77:0d:5f:12:97:
                    95:7c:6b:6d:19:5f:e3:2b:c7:28:7a:97:0f:10:3a:
                    65:ce:33:a0:85:04:da:0d:f1:cd:ac:38:4e:de:c3:
                    4c:b4:2b:2e:e0:ba:3f:23:1d:65:ae:01:e2:51:3f:
                    ed:ac:86:27:98:97:b6:a9:5b:77:ab:03:cb:e6:0a:
                    63:db:78:b9:f0:35:99:37:8e:d8:b4:72:ec:bb:92:
                    42:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:C8:E8:BE:5C:5B:13:E9:91:D6:C4:41:C5:41:2D:1A:7E:16:A3:33
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3231302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:2f:77:21:b2:d3:ea:b8:c6:d5:26:74:ae:1a:65:9e:49:10:
         1f:5f:b0:31:eb:64:85:01:a3:a3:ab:96:0f:62:d4:33:9d:3d:
         50:9d:ad:e8:27:73:88:d9:43:90:92:db:f3:c2:de:b6:b6:2f:
         87:21:f1:a5:26:79:62:49:dc:2d:e4:71:28:46:8b:6b:b5:f7:
         ee:25:87:93:de:e1:5c:39:40:d0:09:e7:a9:9a:23:11:da:2b:
         9a:9c:e0:0a:c1:d1:c4:cd:e3:5a:76:08:53:f4:61:36:08:9e:
         5e:8a:a7:f3:90:65:3b:ac:c7:00:32:65:c4:09:4a:c2:6c:68:
         d5:5d:91:5f:ea:82:72:70:50:be:36:84:87:b6:b1:49:e9:e8:
         51:b7:51:3a:69:c1:8f:05:ce:b5:89:70:e2:4c:8c:7e:93:97:
         7e:92:39:ac:51:77:77:ef:fe:e0:ca:e5:1a:5a:33:cf:44:13:
         77:67:83:c2:88:03:39:e7:31:64:b2:43:0b:27:ef:e5:12:56:
         94:74:b8:3d:15:24:fd:f4:06:64:51:c8:06:6e:56:18:d5:b3:
         6c:e4:51:19:ee:9b:ee:da:99:a2:f0:ea:9a:ab:fe:58:0f:10:
         b8:d6:23:09:4d:fe:5f:2a:f0:0d:3c:de:d0:d0:14:2c:12:93:
         48:11:25:a1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSoK7RoJ8cTkS5JS/A3qZuB2WBncwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MTJaFw0yNzA0MjAwOTA5MTJaMDMxMTAvBgNV
BAMTKDVCQzhFOEJFNUM1QjEzRTk5MUQ2QzQ0MUM1NDEyRDFBN0UxNkEzMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChwNdUGNhJm1QfRahbM+FqWXFZ
osXYCx/OCNPDPy98B8G3sYtyDwVobirgYkuX5vkBzXC4TKPW+FiVdJKGX8GqGdzd
bcL51FbgCCcIxeyGsVDqTGUMVL3kigNrs9bKv5wOgSuujr1R4lqaLrIo8+qpnPcV
zUKgLsjFbWpR5eKFZmUpJAIvm2AQy2hMmL2F4ix9VEcmWEJ/KBXDCPx3UPXfLPSD
JRF9rR+QnqYfGXx3DV8Sl5V8a20ZX+Mrxyh6lw8QOmXOM6CFBNoN8c2sOE7ew0y0
Ky7guj8jHWWuAeJRP+2shieYl7apW3erA8vmCmPbeLnwNZk3jti0cuy7kkJ5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW8jovlxbE+mR1sRBxUEtGn4WozMwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzEzMDJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZN9
0jANBgkqhkiG9w0BAQsFAAOCAQEAfi93IbLT6rjG1SZ0rhplnkkQH1+wMetkhQGj
o6uWD2LUM509UJ2t6CdziNlDkJLb88LetrYvhyHxpSZ5YkncLeRxKEaLa7X37iWH
k97hXDlA0AnnqZojEdormpzgCsHRxM3jWnYIU/RhNgieXoqn85BlO6zHADJlxAlK
wmxo1V2RX+qCcnBQvjaEh7axSenoUbdROmnBjwXOtYlw4kyMfpOXfpI5rFF3d+/+
4MrlGlozz0QTd2eDwogDOecxZLJDCyfv5RJWlHS4PRUk/fQGZFHIBm5WGNWzbORR
Ge6b7tqZovDqmqv+WA8QuNYjCU3+XyrwDTze0NAULBKTSBEloQ==
-----END CERTIFICATE-----