Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234382e302f32332d3234203d3e20383334.roa
File:                     3134372e3132352e3234382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          y1EiPL5CcU6XwHl3dCc7XXj5nr1zwbuJihrZHhAMMbI=
Subject key identifier:   8D:98:DE:C9:95:FD:6E:37:D6:45:2E:4D:D2:03:6A:32:6E:D3:01:DB
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       7E793103D448A7B7EC2B1FC28339570D3AD07875
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234382e302f32332d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:12:26 +0000
ROA not before:           Tue 21 Apr 2026 09:07:26 +0000
ROA not after:            Tue 20 Apr 2027 09:12:26 +0000
asID:                     834
IP address blocks:        147.125.248.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:79:31:03:d4:48:a7:b7:ec:2b:1f:c2:83:39:57:0d:3a:d0:78:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:07:26 2026 GMT
            Not After : Apr 20 09:12:26 2027 GMT
        Subject: CN=8D98DEC995FD6E37D6452E4DD2036A326ED301DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:50:da:2a:f2:c2:62:60:41:0d:4f:61:03:02:
                    9a:5e:e2:80:b6:9a:92:57:2a:0c:ff:be:3f:3f:68:
                    c4:ae:7c:b7:73:23:4d:43:d9:61:e5:b1:31:59:93:
                    46:21:e5:f6:aa:ec:d1:a1:16:bb:e2:cb:4a:7b:3b:
                    ac:47:c2:57:ec:f8:13:fd:1c:1c:21:b0:c4:71:e0:
                    4c:5e:c1:61:1a:f6:95:f6:71:13:fa:b9:00:c9:54:
                    ff:80:fe:c3:5d:d3:2c:ee:a0:0d:cb:2f:ba:9d:bb:
                    e3:77:2f:3d:2e:6f:36:29:e0:93:cc:15:50:e4:cc:
                    05:47:6e:db:33:d7:40:b4:7d:ee:70:c8:49:85:a9:
                    5b:e4:d5:87:c5:9c:cb:be:b9:ae:e1:9b:e3:6e:d9:
                    f5:bd:17:03:14:5a:61:b4:74:a2:0d:4b:70:89:06:
                    e6:ec:bf:30:79:67:cf:c7:d2:22:5f:36:47:45:ec:
                    ec:7b:9c:b0:f8:85:90:b7:66:fb:d3:ae:58:f0:8b:
                    3b:fb:a2:02:d3:b2:0a:35:e9:7c:2b:a5:d0:19:a3:
                    15:28:ba:b9:fc:38:46:e2:aa:eb:c5:f9:01:e8:80:
                    5c:8e:10:15:a0:48:a7:84:bb:a8:c0:98:11:17:6f:
                    4b:e2:2e:50:b5:d2:d6:da:15:b7:38:f2:ad:16:37:
                    6a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:98:DE:C9:95:FD:6E:37:D6:45:2E:4D:D2:03:6A:32:6E:D3:01:DB
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3234382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:d2:b4:45:e6:97:76:10:9a:1c:bc:46:13:8a:cc:5c:1a:5a:
         bf:30:83:ea:0c:a1:af:93:90:7e:af:9e:c1:38:2b:3e:01:2f:
         c3:1b:ac:08:b2:8b:b3:2f:a5:89:d1:07:76:8a:4e:85:6d:70:
         3d:eb:58:85:2f:e8:26:4c:39:88:15:6f:6f:6a:d3:b8:63:8a:
         27:67:b5:b6:64:f5:ef:ea:26:65:56:6f:a9:58:78:74:dd:d5:
         7d:ef:b1:e7:f7:08:87:d7:dc:c7:81:bc:d6:19:64:4b:96:c3:
         b0:3e:5e:3a:36:fd:c7:4b:8d:65:f7:33:d8:d0:e8:47:3b:de:
         c2:4b:c7:5b:ce:05:ef:c2:25:e3:e8:b9:67:9f:60:1e:80:45:
         ec:8b:4c:44:6b:c4:82:be:f1:58:28:bc:85:af:c2:58:d4:fc:
         52:3f:b8:34:5d:9a:d8:f9:94:27:cd:25:b0:68:e7:9c:2c:1b:
         ee:44:4b:2e:86:9c:3f:c8:61:b1:75:7e:eb:82:5c:1a:fb:cb:
         eb:cd:e9:3b:64:11:f6:d4:90:ce:8a:b6:02:69:9f:a2:9a:f6:
         4e:be:0e:0b:10:22:01:5a:94:a1:d8:f3:11:91:f2:dd:32:61:
         51:e5:08:c5:cc:16:89:e4:2c:52:4d:fa:b7:17:59:28:2c:6a:
         7c:93:f5:cf
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfnkxA9RIp7fsKx/CgzlXDTrQeHUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA3MjZaFw0yNzA0MjAwOTEyMjZaMDMxMTAvBgNV
BAMTKDhEOThERUM5OTVGRDZFMzdENjQ1MkU0REQyMDM2QTMyNkVEMzAxREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkUNoq8sJiYEENT2EDAppe4oC2
mpJXKgz/vj8/aMSufLdzI01D2WHlsTFZk0Yh5faq7NGhFrviy0p7O6xHwlfs+BP9
HBwhsMRx4ExewWEa9pX2cRP6uQDJVP+A/sNd0yzuoA3LL7qdu+N3Lz0ubzYp4JPM
FVDkzAVHbtsz10C0fe5wyEmFqVvk1YfFnMu+ua7hm+Nu2fW9FwMUWmG0dKINS3CJ
BubsvzB5Z8/H0iJfNkdF7Ox7nLD4hZC3ZvvTrljwizv7ogLTsgo16XwrpdAZoxUo
urn8OEbiquvF+QHogFyOEBWgSKeEu6jAmBEXb0viLlC10tbaFbc48q0WN2pvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjZjeyZX9bjfWRS5N0gNqMm7TAdswHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzQzODJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZN9
+DANBgkqhkiG9w0BAQsFAAOCAQEAOtK0ReaXdhCaHLxGE4rMXBpavzCD6gyhr5OQ
fq+ewTgrPgEvwxusCLKLsy+lidEHdopOhW1wPetYhS/oJkw5iBVvb2rTuGOKJ2e1
tmT17+omZVZvqVh4dN3Vfe+x5/cIh9fcx4G81hlkS5bDsD5eOjb9x0uNZfcz2NDo
RzvewkvHW84F78Il4+i5Z59gHoBF7ItMRGvEgr7xWCi8ha/CWNT8Uj+4NF2a2PmU
J80lsGjnnCwb7kRLLoacP8hhsXV+64JcGvvL683pO2QR9tSQzoq2Ammfopr2Tr4O
CxAiAVqUodjzEZHy3TJhUeUIxcwWieQsUk36txdZKCxqfJP1zw==
-----END CERTIFICATE-----