Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          wys9R82S1jSaJQ8wfOyUNYdJBsM29oho6ZX9bG5eEUo=
Subject key identifier:   E2:4F:FB:06:34:F1:D6:F9:D3:12:97:14:54:18:95:79:F7:A3:C0:54
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       11473309F41C8ACFD745442FB08A2EB02849ADC5
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Fri 27 Jun 2025 17:43:11 +0000
ROA not before:           Fri 27 Jun 2025 17:38:11 +0000
ROA not after:            Fri 26 Jun 2026 17:43:11 +0000
asID:                     834
IP address blocks:        45.135.250.0/24 maxlen: 24
                          193.151.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 14:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:47:33:09:f4:1c:8a:cf:d7:45:44:2f:b0:8a:2e:b0:28:49:ad:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 27 17:38:11 2025 GMT
            Not After : Jun 26 17:43:11 2026 GMT
        Subject: CN=E24FFB0634F1D6F9D312971454189579F7A3C054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b4:0a:d3:b8:28:ce:9b:f2:fb:22:11:74:58:
                    45:e1:f3:4c:44:10:2c:fd:5b:78:61:a7:8e:27:d8:
                    f3:7e:8a:2d:8d:e8:7c:68:fa:3c:09:7d:11:07:c9:
                    81:a4:28:c2:4b:32:dd:df:1c:e1:a2:65:c4:f3:3c:
                    ab:0c:30:9b:12:ed:e3:26:66:7a:25:82:dd:c0:18:
                    e1:7b:ec:5d:02:00:62:de:90:03:ae:8b:b0:e3:a0:
                    c1:f7:03:7d:4f:27:4b:c3:c9:74:fb:e1:23:88:6c:
                    db:e3:e5:8d:ed:e4:f6:3e:57:28:1b:e1:c7:e9:5b:
                    b9:76:60:6b:e7:32:50:10:03:ba:bf:e7:42:4a:68:
                    de:02:4b:b3:c6:91:c0:59:35:d1:86:16:67:a2:0f:
                    96:e9:f7:47:48:31:c3:31:ed:7e:18:7d:6e:c9:f7:
                    78:95:0d:a2:3e:1d:71:1e:62:3c:a5:a1:bd:57:81:
                    4b:09:7d:84:fb:8b:7f:e5:11:e6:1d:10:56:f2:1d:
                    9c:12:0e:56:56:58:7d:ee:41:d1:ee:2f:f5:5e:94:
                    28:e6:62:b8:f8:54:b6:02:f9:5a:be:42:0d:6a:0c:
                    62:1d:d7:59:82:4c:8a:09:64:98:0d:f2:2c:60:d0:
                    f1:c8:bc:8d:2f:22:d5:9c:a4:de:23:26:3f:89:a9:
                    e2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:4F:FB:06:34:F1:D6:F9:D3:12:97:14:54:18:95:79:F7:A3:C0:54
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.250.0/24
                  193.151.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:d9:f4:6f:86:b7:87:a4:11:ed:a0:ff:4a:ef:77:c3:72:d7:
         8b:9f:9d:08:05:62:c4:13:15:e0:91:01:99:f3:b5:9d:55:9f:
         77:98:99:b1:31:f3:21:b6:82:1d:1f:4c:39:6a:90:09:b4:9d:
         00:53:a2:dd:eb:0e:f9:a9:63:82:95:c9:65:61:76:52:10:f0:
         76:b9:bb:7d:78:6e:79:f9:52:6d:41:0e:ff:4e:d1:82:2f:9f:
         1c:31:4e:43:60:9d:09:87:c1:3d:72:41:c0:66:ac:7e:55:95:
         7d:6c:33:df:43:2b:2e:9b:f6:48:02:f6:46:89:d9:47:97:61:
         6e:90:78:27:05:d7:61:a7:03:0c:df:2e:9b:78:df:90:cd:0e:
         2d:97:97:4b:5a:10:9c:0c:c9:59:cf:3d:68:5b:e3:07:d7:7b:
         1e:3d:4d:fc:e9:d9:02:d0:06:45:7c:f4:02:ce:24:69:14:cc:
         91:04:d5:d5:3c:06:84:05:7e:a0:8d:e1:8f:6b:12:82:4e:29:
         42:3e:7a:3c:a4:80:59:b4:ab:b9:f3:44:1a:6f:62:b1:f0:26:
         58:d0:f5:a0:53:2e:67:e5:11:80:6b:dd:f3:70:4f:5a:6d:6d:
         1a:5f:74:03:30:fc:b7:d4:60:ae:fa:08:88:0e:b8:82:96:d2:
         b7:c9:12:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEUczCfQcis/XRUQvsIousChJrcUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA2MjcxNzM4MTFaFw0yNjA2MjYxNzQzMTFaMDMxMTAvBgNV
BAMTKEUyNEZGQjA2MzRGMUQ2RjlEMzEyOTcxNDU0MTg5NTc5RjdBM0MwNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTtArTuCjOm/L7IhF0WEXh80xE
ECz9W3hhp44n2PN+ii2N6Hxo+jwJfREHyYGkKMJLMt3fHOGiZcTzPKsMMJsS7eMm
Znolgt3AGOF77F0CAGLekAOui7DjoMH3A31PJ0vDyXT74SOIbNvj5Y3t5PY+Vygb
4cfpW7l2YGvnMlAQA7q/50JKaN4CS7PGkcBZNdGGFmeiD5bp90dIMcMx7X4YfW7J
93iVDaI+HXEeYjylob1XgUsJfYT7i3/lEeYdEFbyHZwSDlZWWH3uQdHuL/VelCjm
Yrj4VLYC+Vq+Qg1qDGId11mCTIoJZJgN8ixg0PHIvI0vItWcpN4jJj+JqeLVAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU4k/7BjTx1vnTEpcUVBiVefejwFQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYf6AwQA
wZe1MA0GCSqGSIb3DQEBCwUAA4IBAQB+2fRvhreHpBHtoP9K73fDcteLn50IBWLE
ExXgkQGZ87WdVZ93mJmxMfMhtoIdH0w5apAJtJ0AU6Ld6w75qWOClcllYXZSEPB2
ubt9eG55+VJtQQ7/TtGCL58cMU5DYJ0Jh8E9ckHAZqx+VZV9bDPfQysum/ZIAvZG
idlHl2FukHgnBddhpwMM3y6beN+QzQ4tl5dLWhCcDMlZzz1oW+MH13sePU386dkC
0AZFfPQCziRpFMyRBNXVPAaEBX6gjeGPaxKCTilCPno8pIBZtKu580Qab2Kx8CZY
0PWgUy5n5RGAa93zcE9abW0aX3QDMPy31GCu+giIDriCltK3yRJF
-----END CERTIFICATE-----