Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          HrOlqKxeAPtcav+TF3E3cFR31w1P+6dze5zQwX8b3cc=
Subject key identifier:   F9:E1:2E:82:AB:AD:58:9A:41:20:B3:51:5A:78:86:FF:3F:89:96:F9
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3453C7422A841CBB8B8C5DC223E5C1156E21F530
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Thu 19 Mar 2026 13:38:40 +0000
ROA not before:           Thu 19 Mar 2026 13:33:40 +0000
ROA not after:            Thu 18 Mar 2027 13:38:40 +0000
asID:                     834
IP address blocks:        193.151.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:53:c7:42:2a:84:1c:bb:8b:8c:5d:c2:23:e5:c1:15:6e:21:f5:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 19 13:33:40 2026 GMT
            Not After : Mar 18 13:38:40 2027 GMT
        Subject: CN=F9E12E82ABAD589A4120B3515A7886FF3F8996F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3c:b6:c3:03:68:28:5f:4b:18:2b:57:9d:06:
                    52:5e:a0:6e:b2:ff:cb:95:e6:c6:3c:75:54:8a:57:
                    2f:dd:97:60:a3:5c:d8:67:09:22:a1:8d:68:c0:bc:
                    2f:9e:67:0f:13:ac:ec:d2:7f:4b:65:51:d0:e2:b0:
                    2e:88:e3:03:55:ef:25:30:5e:d0:d4:e7:38:24:4e:
                    67:33:e1:97:18:07:19:ed:a2:cd:84:37:33:fb:9b:
                    7f:26:f3:3a:cf:9e:72:a5:97:13:29:85:60:3c:f1:
                    85:94:e3:20:67:70:0e:26:4d:b9:c1:1d:d5:55:2f:
                    42:82:c1:46:80:e3:06:e5:74:3c:9a:de:37:e6:ca:
                    5c:2b:97:9d:16:99:d0:4b:2c:51:0f:ea:19:5c:8a:
                    91:c5:4f:e8:fb:8e:37:8a:ac:1c:70:0f:e2:87:9c:
                    46:3e:aa:41:fd:24:68:3a:0a:c0:92:ee:eb:3a:4c:
                    0a:79:ac:e8:29:7f:7e:20:01:b7:1d:33:18:92:e9:
                    1c:5b:59:4c:e4:6f:f4:14:2b:7c:d7:33:2e:60:46:
                    71:fa:c2:8b:ce:82:a2:3c:92:57:f4:b3:3a:a3:69:
                    64:19:77:a5:52:f5:bf:11:a2:95:d5:c6:e7:7c:e6:
                    6e:f2:90:c8:c1:ab:7e:78:ef:32:c2:b5:85:c2:63:
                    cc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E1:2E:82:AB:AD:58:9A:41:20:B3:51:5A:78:86:FF:3F:89:96:F9
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:1d:16:78:12:e5:4c:96:7c:92:1d:63:cf:b6:18:f5:6e:9c:
         79:3c:b4:10:bf:47:e6:ec:7f:d8:ea:84:72:c5:b2:71:4b:af:
         05:66:57:88:bd:c3:93:98:90:d6:3f:1b:ee:e4:d4:56:6f:d4:
         90:24:77:d0:c7:89:c5:39:66:21:eb:78:fd:1b:5d:b5:b1:3d:
         71:4d:0b:36:0f:22:0b:e2:47:bc:21:6e:9c:9d:3c:fc:63:4d:
         bf:23:48:3a:64:7d:0c:a3:f0:71:92:96:9d:bd:ce:c7:ea:60:
         f4:5a:9d:37:a5:d1:a9:fe:75:50:3e:ba:2b:36:83:2d:35:90:
         6f:65:c6:7e:75:a0:11:7c:5f:a0:c6:30:7e:29:fb:0e:27:a8:
         b5:7c:4b:96:0b:a3:b0:5d:a2:d6:0d:a4:7e:50:aa:1c:41:b2:
         21:53:cc:e3:a1:9b:09:33:0c:77:cd:0a:f8:aa:80:86:f4:81:
         fa:8d:8c:41:3c:ad:c8:b1:1d:e5:0b:9a:e6:58:48:fe:a7:a2:
         53:64:c9:d7:e1:4e:51:65:7f:c8:87:7a:ad:bb:99:46:1e:75:
         91:ad:38:a7:48:4a:6a:b5:dd:c3:8e:dd:0f:f8:44:de:97:1e:
         2c:30:54:ef:c7:e9:c2:f7:42:83:b2:a5:a2:48:1d:9f:43:37:
         46:72:1a:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUNFPHQiqEHLuLjF3CI+XBFW4h9TAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMTkxMzMzNDBaFw0yNzAzMTgxMzM4NDBaMDMxMTAvBgNV
BAMTKEY5RTEyRTgyQUJBRDU4OUE0MTIwQjM1MTVBNzg4NkZGM0Y4OTk2RjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRPLbDA2goX0sYK1edBlJeoG6y
/8uV5sY8dVSKVy/dl2CjXNhnCSKhjWjAvC+eZw8TrOzSf0tlUdDisC6I4wNV7yUw
XtDU5zgkTmcz4ZcYBxntos2ENzP7m38m8zrPnnKllxMphWA88YWU4yBncA4mTbnB
HdVVL0KCwUaA4wbldDya3jfmylwrl50WmdBLLFEP6hlcipHFT+j7jjeKrBxwD+KH
nEY+qkH9JGg6CsCS7us6TAp5rOgpf34gAbcdMxiS6RxbWUzkb/QUK3zXMy5gRnH6
wovOgqI8klf0szqjaWQZd6VS9b8RopXVxud85m7ykMjBq3547zLCtYXCY8zXAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQU+eEugqutWJpBILNRWniG/z+JlvkwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZe1MA0G
CSqGSIb3DQEBCwUAA4IBAQCoHRZ4EuVMlnySHWPPthj1bpx5PLQQv0fm7H/Y6oRy
xbJxS68FZleIvcOTmJDWPxvu5NRWb9SQJHfQx4nFOWYh63j9G121sT1xTQs2DyIL
4ke8IW6cnTz8Y02/I0g6ZH0Mo/Bxkpadvc7H6mD0Wp03pdGp/nVQProrNoMtNZBv
ZcZ+daARfF+gxjB+KfsOJ6i1fEuWC6OwXaLWDaR+UKocQbIhU8zjoZsJMwx3zQr4
qoCG9IH6jYxBPK3IsR3lC5rmWEj+p6JTZMnX4U5RZX/Ih3qtu5lGHnWRrTinSEpq
td3Djt0P+ETelx4sMFTvx+nC90KDsqWiSB2fQzdGchop
-----END CERTIFICATE-----