Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          ImCffmjmIVfL+0XNZp/PgiVbM7D+k+vUkjDDjmVb54Y=
Subject key identifier:   66:3F:90:F6:70:EE:06:AC:4D:FA:BA:F0:73:D7:79:13:ED:C9:55:09
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0CD0401CAC7BD2811FDC551E7A517EDE23E432BA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS834.roa
Signing time:             Sun 19 Oct 2025 12:54:05 +0000
ROA not before:           Sun 19 Oct 2025 12:49:05 +0000
ROA not after:            Sun 18 Oct 2026 12:54:05 +0000
asID:                     834
IP address blocks:        96.62.101.0/24 maxlen: 24
                          143.14.71.0/24 maxlen: 24
                          143.14.125.0/24 maxlen: 24
                          143.14.141.0/24 maxlen: 24
                          143.14.147.0/24 maxlen: 24
                          143.14.150.0/24 maxlen: 24
                          143.14.166.0/24 maxlen: 24
                          143.14.173.0/24 maxlen: 24
                          143.14.224.0/24 maxlen: 24
                          143.14.250.0/24 maxlen: 24
                          146.103.30.0/24 maxlen: 24
                          148.135.145.0/24 maxlen: 24
                          148.135.156.0/24 maxlen: 24
                          148.135.199.0/24 maxlen: 24
                          150.241.128.0/24 maxlen: 24
                          155.117.201.0/24 maxlen: 24
                          167.148.193.0/24 maxlen: 24
                          167.148.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:d0:40:1c:ac:7b:d2:81:1f:dc:55:1e:7a:51:7e:de:23:e4:32:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 19 12:49:05 2025 GMT
            Not After : Oct 18 12:54:05 2026 GMT
        Subject: CN=663F90F670EE06AC4DFABAF073D77913EDC95509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1d:28:61:cd:7f:5e:7c:7c:13:7b:af:be:c6:
                    d5:50:cf:b9:6e:b8:a5:1e:41:8a:a9:e9:f6:f3:e2:
                    47:c1:15:57:7e:27:3c:ec:e7:03:3d:1c:bf:26:78:
                    80:a5:a1:cc:e3:47:20:07:47:ac:fe:43:1b:2f:cb:
                    fc:41:d5:95:7a:07:de:c6:89:af:b0:db:b1:14:dc:
                    e8:06:31:ac:44:9f:2a:a4:0b:c0:93:41:38:bc:5a:
                    10:69:70:59:91:33:fb:df:1c:d2:f3:3c:f8:1d:ac:
                    c4:e7:56:cd:db:ff:d6:1a:33:9e:48:4f:ff:15:59:
                    2f:a1:4b:9c:62:c8:7c:d4:86:f4:65:7a:ab:3f:14:
                    82:20:35:7b:3e:f1:00:4c:09:1a:0c:4e:65:f4:c6:
                    c7:43:54:5d:26:df:86:5d:93:e9:4e:79:33:35:42:
                    01:3c:86:8a:6c:18:b2:6b:7a:9e:2a:ef:0d:30:2b:
                    ce:5e:4e:c0:98:ca:fd:10:1a:f5:99:90:59:36:27:
                    28:3e:89:a1:d6:b5:bb:f2:f8:ba:58:9e:f4:00:b5:
                    de:02:e9:d8:5b:e0:27:f8:15:97:dc:61:22:53:1a:
                    af:5b:4e:18:40:c4:4f:bc:69:b4:68:58:0a:bb:fd:
                    cd:97:c2:8b:13:bd:65:a7:fa:ac:f1:9b:0c:72:01:
                    e2:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:3F:90:F6:70:EE:06:AC:4D:FA:BA:F0:73:D7:79:13:ED:C9:55:09
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.101.0/24
                  143.14.71.0/24
                  143.14.125.0/24
                  143.14.141.0/24
                  143.14.147.0/24
                  143.14.150.0/24
                  143.14.166.0/24
                  143.14.173.0/24
                  143.14.224.0/24
                  143.14.250.0/24
                  146.103.30.0/24
                  148.135.145.0/24
                  148.135.156.0/24
                  148.135.199.0/24
                  150.241.128.0/24
                  155.117.201.0/24
                  167.148.193.0/24
                  167.148.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:71:29:0a:a8:9e:3b:d5:fe:81:c0:23:d2:91:86:d2:49:42:
         80:67:6d:81:47:e8:dc:2d:ca:4e:a9:d8:15:b9:d0:81:bc:5c:
         ce:39:cd:f2:39:ab:f9:99:3e:50:b7:de:87:94:ca:59:e0:84:
         04:26:6f:43:e8:d4:2a:9a:5c:40:85:5a:8e:25:fe:c1:86:60:
         67:cc:56:cc:ae:ac:bf:84:71:b5:9c:31:b2:52:8d:f8:0f:a2:
         54:8a:02:12:08:df:f7:e9:2a:00:44:0d:48:34:3a:d0:97:e3:
         8f:56:d9:42:ed:b5:38:71:90:5b:47:31:b6:67:61:26:ac:0e:
         70:17:be:f7:7b:30:2f:f7:aa:8f:43:79:e6:eb:23:e4:16:e8:
         29:1c:c7:a7:61:22:d9:32:5c:e9:63:b8:7f:69:46:9d:e9:0a:
         3d:e9:ea:0d:18:c4:a3:d6:3f:71:b2:fe:fc:d4:63:df:52:ec:
         eb:ac:25:93:18:97:e5:58:bf:a8:5e:c4:da:2c:97:d4:f5:23:
         cf:38:d4:d0:45:d1:61:1e:36:70:37:0b:ba:dc:98:13:2f:a7:
         8b:52:7b:d9:1f:30:9d:86:a1:33:4c:36:f3:e3:0b:91:cd:5f:
         af:18:05:42:9f:dd:b6:d4:e2:2b:cf:f8:ef:75:bf:19:cf:0b:
         4a:f0:b7:6d
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgIUDNBAHKx70oEf3FUeelF+3iPkMrowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMTkxMjQ5MDVaFw0yNjEwMTgxMjU0MDVaMDMxMTAvBgNV
BAMTKDY2M0Y5MEY2NzBFRTA2QUM0REZBQkFGMDczRDc3OTEzRURDOTU1MDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzHShhzX9efHwTe6++xtVQz7lu
uKUeQYqp6fbz4kfBFVd+Jzzs5wM9HL8meICloczjRyAHR6z+Qxsvy/xB1ZV6B97G
ia+w27EU3OgGMaxEnyqkC8CTQTi8WhBpcFmRM/vfHNLzPPgdrMTnVs3b/9YaM55I
T/8VWS+hS5xiyHzUhvRleqs/FIIgNXs+8QBMCRoMTmX0xsdDVF0m34Zdk+lOeTM1
QgE8hopsGLJrep4q7w0wK85eTsCYyv0QGvWZkFk2Jyg+iaHWtbvy+LpYnvQAtd4C
6dhb4Cf4FZfcYSJTGq9bThhAxE+8abRoWAq7/c2XwosTvWWn+qzxmwxyAeK/AgMB
AAGjggJuMIICajAdBgNVHQ4EFgQUZj+Q9nDuBqxN+rrwc9d5E+3JVQkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwcgQCAAEwbAMEAGA+ZQME
AI8ORwMEAI8OfQMEAI8OjQMEAI8OkwMEAI8OlgMEAI8OpgMEAI8OrQMEAI8O4AME
AI8O+gMEAJJnHgMEAJSHkQMEAJSHnAMEAJSHxwMEAJbxgAMEAJt1yQMEAKeUwQME
AKeUzTANBgkqhkiG9w0BAQsFAAOCAQEAPnEpCqieO9X+gcAj0pGG0klCgGdtgUfo
3C3KTqnYFbnQgbxczjnN8jmr+Zk+ULfeh5TKWeCEBCZvQ+jUKppcQIVajiX+wYZg
Z8xWzK6sv4RxtZwxslKN+A+iVIoCEgjf9+kqAEQNSDQ60Jfjj1bZQu21OHGQW0cx
tmdhJqwOcBe+93swL/eqj0N55usj5BboKRzHp2Ei2TJc6WO4f2lGnekKPenqDRjE
o9Y/cbL+/NRj31Ls66wlkxiX5Vi/qF7E2iyX1PUjzzjU0EXRYR42cDcLutyYEy+n
i1J72R8wnYahM0w28+MLkc1frxgFQp/dttTiK8/473W/Gc8LSvC3bQ==
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:43:33 2025 by rpki-client