Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          0OqnTNUYZxjktFr9keB/5q8cFzF0nbdj56eR2HQHcVQ=
Subject key identifier:   DB:90:3D:56:68:91:69:1D:65:62:20:F4:76:48:78:94:D8:53:B6:59
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       4D27D5B347784523E4AE184D33528AFC983C32BF
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS834.roa
Signing time:             Sat 18 Oct 2025 09:16:18 +0000
ROA not before:           Sat 18 Oct 2025 09:11:18 +0000
ROA not after:            Sat 17 Oct 2026 09:16:18 +0000
asID:                     834
IP address blocks:        193.32.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:27:d5:b3:47:78:45:23:e4:ae:18:4d:33:52:8a:fc:98:3c:32:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Oct 18 09:11:18 2025 GMT
            Not After : Oct 17 09:16:18 2026 GMT
        Subject: CN=DB903D566891691D656220F476487894D853B659
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d2:32:35:3b:1e:f1:4a:19:dc:f6:1d:45:72:
                    ea:c7:d9:e3:b3:29:59:2f:09:3a:4a:ea:ea:e2:99:
                    4a:be:32:2b:e1:bb:9d:41:44:68:c7:21:52:f3:d6:
                    16:b5:82:73:ff:7e:e0:e5:2a:72:18:3f:4a:4b:f5:
                    c1:d1:5f:ce:f8:f8:93:9a:1c:4c:d4:61:9f:89:ae:
                    6e:83:ed:ca:c2:0f:b0:f1:8f:95:1b:cf:f1:f6:c8:
                    b2:99:fe:7f:16:78:17:28:8c:b7:9f:82:30:60:42:
                    7b:fd:c9:2e:37:a7:77:98:3c:de:e0:04:c5:59:d9:
                    c2:b4:14:cf:81:dd:b9:0d:91:a9:29:f7:dd:36:b9:
                    8e:10:47:41:44:33:5c:32:e8:53:5e:67:33:08:c2:
                    36:1e:55:10:8a:f5:dd:35:a1:e1:08:6f:47:dc:4e:
                    52:66:06:c7:c1:35:13:7d:52:85:11:f6:3b:95:51:
                    8e:51:eb:d8:36:42:da:ca:50:cd:97:f9:3a:db:e7:
                    c1:38:d3:78:34:17:fa:c6:27:ab:56:36:2f:30:e5:
                    98:47:09:80:e4:2f:f4:7f:f4:18:d6:2a:c0:32:62:
                    0c:70:16:34:da:03:ed:27:05:a0:17:23:40:3a:56:
                    85:7b:b3:5f:f5:b8:6a:02:55:7f:3f:f3:cc:77:d7:
                    87:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:90:3D:56:68:91:69:1D:65:62:20:F4:76:48:78:94:D8:53:B6:59
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:e2:d8:3d:22:80:09:01:86:2b:86:47:04:eb:37:89:83:e3:
         27:91:17:bb:68:2a:4e:d0:c2:af:ba:66:c7:28:db:17:00:7f:
         6e:04:4f:58:f4:3c:60:4a:63:4d:ee:74:86:f3:67:45:39:14:
         39:d2:42:d6:66:6c:91:1c:d3:62:f3:f8:ed:91:43:36:f5:06:
         7d:a6:08:70:6d:d2:33:c7:bf:eb:b3:19:b4:da:cb:00:92:ca:
         39:a1:26:61:43:69:d5:44:1a:f9:f5:50:53:d5:53:e1:d5:a6:
         a6:7e:0f:55:2f:da:ff:28:8f:6c:81:51:22:24:43:51:62:e4:
         f6:40:54:78:87:43:21:b5:89:bb:c0:fd:73:c3:d8:9c:aa:a0:
         f0:47:1a:c7:74:1f:a7:11:ea:63:65:68:53:db:10:85:08:1c:
         ef:99:6c:aa:b4:fd:00:d1:2b:23:24:d8:67:0e:e4:94:85:c2:
         2c:11:10:88:c9:4d:56:d8:ae:e6:7f:68:39:05:5c:6a:ef:61:
         f4:7f:ab:3b:74:0b:86:de:89:6e:50:01:85:1a:6d:c7:7e:7e:
         35:03:81:e4:4d:3c:8c:d7:a7:62:97:8c:38:0f:03:23:00:e1:
         4e:8a:06:3e:73:b9:e0:91:cb:e9:4c:07:a0:fd:f3:a1:0b:e3:
         2c:4e:16:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUTSfVs0d4RSPkrhhNM1KK/Jg8Mr8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTEwMTgwOTExMThaFw0yNjEwMTcwOTE2MThaMDMxMTAvBgNV
BAMTKERCOTAzRDU2Njg5MTY5MUQ2NTYyMjBGNDc2NDg3ODk0RDg1M0I2NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf0jI1Ox7xShnc9h1FcurH2eOz
KVkvCTpK6urimUq+Mivhu51BRGjHIVLz1ha1gnP/fuDlKnIYP0pL9cHRX874+JOa
HEzUYZ+Jrm6D7crCD7Dxj5Ubz/H2yLKZ/n8WeBcojLefgjBgQnv9yS43p3eYPN7g
BMVZ2cK0FM+B3bkNkakp9902uY4QR0FEM1wy6FNeZzMIwjYeVRCK9d01oeEIb0fc
TlJmBsfBNRN9UoUR9juVUY5R69g2QtrKUM2X+Trb58E403g0F/rGJ6tWNi8w5ZhH
CYDkL/R/9BjWKsAyYgxwFjTaA+0nBaAXI0A6VoV7s1/1uGoCVX8/88x314evAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQU25A9VmiRaR1lYiD0dkh4lNhTtlkwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSC6MA0G
CSqGSIb3DQEBCwUAA4IBAQCn4tg9IoAJAYYrhkcE6zeJg+MnkRe7aCpO0MKvumbH
KNsXAH9uBE9Y9DxgSmNN7nSG82dFORQ50kLWZmyRHNNi8/jtkUM29QZ9pghwbdIz
x7/rsxm02ssAkso5oSZhQ2nVRBr59VBT1VPh1aamfg9VL9r/KI9sgVEiJENRYuT2
QFR4h0MhtYm7wP1zw9icqqDwRxrHdB+nEepjZWhT2xCFCBzvmWyqtP0A0SsjJNhn
DuSUhcIsERCIyU1W2K7mf2g5BVxq72H0f6s7dAuG3oluUAGFGm3Hfn41A4HkTTyM
16dil4w4DwMjAOFOigY+c7ngkcvpTAeg/fOhC+MsThYr
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:43:34 2025 by rpki-client