Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3235342e302f32342d3234203d3e20383334.roa
File:                     3134372e3132352e3235342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          vSE8TMpI4TK49qpFxsziq9U9Qp3NkhDxiBK/Nu5cVn8=
Subject key identifier:   55:15:74:67:BA:0E:1C:73:F4:04:45:08:B3:94:18:92:84:AA:63:9C
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       228BBC86C53DB89974CBE532AF2F4C168FD39C58
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3235342e302f32342d3234203d3e20383334.roa
Signing time:             Tue 21 Apr 2026 09:09:12 +0000
ROA not before:           Tue 21 Apr 2026 09:04:12 +0000
ROA not after:            Tue 20 Apr 2027 09:09:12 +0000
asID:                     834
IP address blocks:        147.125.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:8b:bc:86:c5:3d:b8:99:74:cb:e5:32:af:2f:4c:16:8f:d3:9c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr 21 09:04:12 2026 GMT
            Not After : Apr 20 09:09:12 2027 GMT
        Subject: CN=55157467BA0E1C73F4044508B394189284AA639C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ee:b3:a2:58:2f:b4:78:86:a3:01:cd:56:de:
                    6c:65:ab:4d:b8:e4:e6:11:00:6f:fd:d3:41:c4:8f:
                    c7:55:cf:dd:b7:60:ab:b5:35:7d:d0:b2:d7:39:f9:
                    ef:e5:2f:00:2b:eb:2d:37:28:31:09:9d:fb:b5:49:
                    90:04:bd:3f:70:17:aa:d8:9d:3a:4a:19:7a:ad:9d:
                    c8:ac:2c:22:f4:24:48:fe:fd:e2:a2:45:a2:b6:9f:
                    d6:d1:da:b5:5f:bd:a4:99:7c:0c:54:c0:ee:f7:98:
                    c4:16:4b:94:b0:63:f4:18:14:5b:c9:f4:66:4b:18:
                    d7:2e:2c:fd:91:df:73:7c:e5:fa:ee:52:27:4f:e4:
                    e5:2c:2f:7a:cf:97:b6:58:93:5e:c2:75:26:77:be:
                    c9:5f:c3:7b:a9:26:ec:64:d4:e3:01:1f:33:23:98:
                    b2:fa:fa:f8:a8:a6:43:1b:95:54:c4:37:0f:20:a0:
                    97:14:35:23:79:4a:89:4e:f6:0f:b1:f7:9e:8d:30:
                    78:3a:aa:51:fb:a3:0a:3c:85:15:c6:a2:c1:bd:1e:
                    07:55:ba:1a:c1:8f:7f:93:0e:d8:6c:59:86:76:11:
                    ea:a0:4c:61:93:cb:4e:8b:48:bd:2f:b5:df:5b:e7:
                    62:ca:0e:c1:0b:8a:5e:d6:70:09:97:55:af:c6:a5:
                    7a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:15:74:67:BA:0E:1C:73:F4:04:45:08:B3:94:18:92:84:AA:63:9C
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3235342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:b2:63:16:02:29:51:e2:54:3c:1f:de:18:cf:52:4f:ef:91:
         e3:bf:ec:bf:f2:75:d0:a8:f9:11:87:66:00:f3:c8:4d:bc:4c:
         dc:e1:17:52:ec:1f:2e:c9:f8:74:7c:bb:b1:67:b0:18:6c:84:
         ba:cf:55:f0:8a:fc:ad:b9:c1:0c:fa:51:c8:88:b2:e0:18:aa:
         e1:3d:3d:ba:2e:0c:d9:c6:8e:e5:15:ca:5a:97:67:7f:fd:af:
         cc:e0:ae:ce:d1:21:4c:1b:52:a9:bb:fb:27:e5:22:f0:97:25:
         13:a7:8a:c7:f6:9f:55:56:04:49:3d:cc:8b:92:55:cc:dd:45:
         ea:56:ed:b3:77:38:27:ee:0d:ad:11:d7:ed:86:32:b1:7e:c0:
         c5:8c:5f:da:ea:f3:e2:45:13:4b:39:4c:0d:9c:88:58:e2:e5:
         e2:e7:05:c2:db:f2:18:89:8c:14:0d:04:e4:a1:1c:c7:15:ca:
         f8:6b:05:3d:f1:32:af:84:39:f8:ba:fd:99:5d:3e:93:5c:99:
         00:23:74:fc:a2:74:dd:e8:de:a0:e3:a1:87:d8:10:4b:e0:5b:
         38:7d:fc:f9:47:bc:b1:44:ab:19:a5:cd:ac:87:86:cc:fb:09:
         47:8a:3d:53:56:1e:69:99:9e:55:25:4d:28:1d:75:70:1e:26:
         03:5f:0b:1d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIou8hsU9uJl0y+Uyry9MFo/TnFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MTJaFw0yNzA0MjAwOTA5MTJaMDMxMTAvBgNV
BAMTKDU1MTU3NDY3QkEwRTFDNzNGNDA0NDUwOEIzOTQxODkyODRBQTYzOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH7rOiWC+0eIajAc1W3mxlq024
5OYRAG/900HEj8dVz923YKu1NX3Qstc5+e/lLwAr6y03KDEJnfu1SZAEvT9wF6rY
nTpKGXqtncisLCL0JEj+/eKiRaK2n9bR2rVfvaSZfAxUwO73mMQWS5SwY/QYFFvJ
9GZLGNcuLP2R33N85fruUidP5OUsL3rPl7ZYk17CdSZ3vslfw3upJuxk1OMBHzMj
mLL6+viopkMblVTENw8goJcUNSN5SolO9g+x956NMHg6qlH7owo8hRXGosG9HgdV
uhrBj3+TDthsWYZ2EeqgTGGTy06LSL0vtd9b52LKDsELil7WcAmXVa/GpXqjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVRV0Z7oOHHP0BEUIs5QYkoSqY5wwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMy
MzUzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJN9
/jANBgkqhkiG9w0BAQsFAAOCAQEAi7JjFgIpUeJUPB/eGM9ST++R47/sv/J10Kj5
EYdmAPPITbxM3OEXUuwfLsn4dHy7sWewGGyEus9V8Ir8rbnBDPpRyIiy4Biq4T09
ui4M2caO5RXKWpdnf/2vzOCuztEhTBtSqbv7J+Ui8JclE6eKx/afVVYEST3Mi5JV
zN1F6lbts3c4J+4NrRHX7YYysX7AxYxf2urz4kUTSzlMDZyIWOLl4ucFwtvyGImM
FA0E5KEcxxXK+GsFPfEyr4Q5+Lr9mV0+k1yZACN0/KJ03ejeoOOhh9gQS+BbOH38
+Ue8sUSrGaXNrIeGzPsJR4o9U1YeaZmeVSVNKB11cB4mA18LHQ==
-----END CERTIFICATE-----