Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          Ad8CxYjOhV3nMZJ+qtfkNQCfsTTuzBRPuKg4az67Wug=
Subject key identifier:   53:75:33:1A:7A:CC:A3:0F:E6:BC:C6:9D:D9:B1:DD:20:3F:7C:9B:BB
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       139444147F18E77FFCAFE83B3D6B23D60C561846
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Sat 23 Aug 2025 00:02:43 +0000
ROA not before:           Fri 22 Aug 2025 23:57:43 +0000
ROA not after:            Sat 22 Aug 2026 00:02:43 +0000
asID:                     834
IP address blocks:        147.78.120.0/24 maxlen: 24
                          193.151.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:94:44:14:7f:18:e7:7f:fc:af:e8:3b:3d:6b:23:d6:0c:56:18:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 22 23:57:43 2025 GMT
            Not After : Aug 22 00:02:43 2026 GMT
        Subject: CN=5375331A7ACCA30FE6BCC69DD9B1DD203F7C9BBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ca:b8:f1:a6:39:a0:47:3d:c1:41:1b:41:9e:
                    9d:98:e3:50:89:d2:8c:f1:8d:61:bb:0b:a7:ce:30:
                    41:b5:27:d0:17:f8:88:5f:eb:8a:4d:34:6f:a8:75:
                    ed:5b:52:15:93:a0:5d:65:f0:2d:94:a7:7a:ad:d5:
                    2d:d5:dd:66:ad:b0:bc:c0:8e:44:b9:c2:47:7c:ea:
                    fb:e1:d6:06:41:b9:80:f5:5f:0f:1b:e3:be:ad:3e:
                    bf:cf:bf:46:7d:86:62:71:8e:57:6c:85:7f:f8:cc:
                    05:ae:cb:5f:b1:81:b6:17:cc:d7:75:22:7a:af:21:
                    08:48:3b:d4:5d:16:98:fb:cc:f1:73:64:da:26:87:
                    a3:09:17:0d:46:e1:49:c3:3a:8c:2a:64:76:11:43:
                    49:c6:89:b6:6c:2c:aa:98:f7:64:73:dd:2d:1d:85:
                    f4:c4:89:88:7a:8b:b6:68:f7:17:ad:aa:bf:db:43:
                    13:28:a5:37:74:7b:84:be:df:6e:25:7d:3f:59:8e:
                    22:fd:b5:c9:26:e6:7f:32:17:1f:0e:e3:11:63:b2:
                    1f:46:01:e4:6f:51:b7:43:67:61:6a:3e:99:d7:e1:
                    b2:35:de:06:d1:07:69:ed:ee:ed:ea:c4:73:e2:d9:
                    15:9d:c8:36:7e:cb:ef:b0:af:b8:08:15:59:22:f2:
                    13:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:75:33:1A:7A:CC:A3:0F:E6:BC:C6:9D:D9:B1:DD:20:3F:7C:9B:BB
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.120.0/24
                  193.151.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f6:00:e5:5b:c2:93:01:0e:e1:fa:04:3c:fd:2c:37:e4:38:
         df:74:24:ce:34:8d:aa:06:91:0a:df:70:59:42:85:17:9a:09:
         e9:67:7d:73:13:5d:12:b3:27:0e:cc:ac:d8:e8:06:02:0a:74:
         f6:f1:93:3c:a2:d4:78:b3:86:e8:71:58:89:d7:07:14:e4:68:
         7c:5c:a5:d2:8d:f9:d5:54:ce:a5:c0:2d:ac:31:4b:0d:2f:35:
         8f:17:cc:ee:71:23:e9:ea:9d:56:24:19:b0:90:61:e6:ec:da:
         67:c4:b1:0f:14:55:f7:37:51:bd:bf:b0:f9:63:18:24:de:31:
         31:31:9b:4c:d7:8c:bf:e0:7b:64:ce:67:39:3d:57:c9:18:70:
         f8:d6:9f:a0:60:4d:d8:b6:55:f9:7e:45:f0:2a:33:68:c4:a4:
         bd:3c:5a:4f:41:1f:bd:13:b1:85:93:bc:62:e4:b3:01:05:d9:
         73:d6:30:2f:9a:aa:07:38:28:4e:c3:79:b1:33:99:78:f8:78:
         b9:ec:49:61:f6:8a:ae:77:29:ac:fa:fc:eb:48:d5:7f:ed:52:
         93:de:50:71:d0:61:a0:3f:12:43:85:92:fb:87:0a:e2:4a:22:
         0b:3f:11:eb:1e:23:0b:fb:9b:6f:87:46:f6:79:34:81:e0:03:
         94:f6:63:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUE5REFH8Y53/8r+g7PWsj1gxWGEYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MjIyMzU3NDNaFw0yNjA4MjIwMDAyNDNaMDMxMTAvBgNV
BAMTKDUzNzUzMzFBN0FDQ0EzMEZFNkJDQzY5REQ5QjFERDIwM0Y3QzlCQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLyrjxpjmgRz3BQRtBnp2Y41CJ
0ozxjWG7C6fOMEG1J9AX+Ihf64pNNG+ode1bUhWToF1l8C2Up3qt1S3V3WatsLzA
jkS5wkd86vvh1gZBuYD1Xw8b476tPr/Pv0Z9hmJxjldshX/4zAWuy1+xgbYXzNd1
InqvIQhIO9RdFpj7zPFzZNomh6MJFw1G4UnDOowqZHYRQ0nGibZsLKqY92Rz3S0d
hfTEiYh6i7Zo9xetqr/bQxMopTd0e4S+324lfT9ZjiL9tckm5n8yFx8O4xFjsh9G
AeRvUbdDZ2FqPpnX4bI13gbRB2nt7u3qxHPi2RWdyDZ+y++wr7gIFVki8hMdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUU3UzGnrMow/mvMad2bHdID98m7swHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk054AwQA
wZe1MA0GCSqGSIb3DQEBCwUAA4IBAQAa9gDlW8KTAQ7h+gQ8/Sw35DjfdCTONI2q
BpEK33BZQoUXmgnpZ31zE10SsycOzKzY6AYCCnT28ZM8otR4s4bocViJ1wcU5Gh8
XKXSjfnVVM6lwC2sMUsNLzWPF8zucSPp6p1WJBmwkGHm7NpnxLEPFFX3N1G9v7D5
Yxgk3jExMZtM14y/4Htkzmc5PVfJGHD41p+gYE3YtlX5fkXwKjNoxKS9PFpPQR+9
E7GFk7xi5LMBBdlz1jAvmqoHOChOw3mxM5l4+Hi57Elh9oqudyms+vzrSNV/7VKT
3lBx0GGgPxJDhZL7hwriSiILPxHrHiML+5tvh0b2eTSB4AOU9mMc
-----END CERTIFICATE-----