Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          82J7UA3wqkacRx/G9+Gu23+2A1TvHQV9hnsm3HHnjRI=
Subject key identifier:   55:44:FD:E3:8D:14:07:85:A0:D1:0E:77:48:B1:11:28:1B:67:EC:01
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       649273A1400823FC26628BF1FEC27150864AEC49
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS834.roa
Signing time:             Fri 27 Jun 2025 09:53:28 +0000
ROA not before:           Fri 27 Jun 2025 09:48:28 +0000
ROA not after:            Fri 26 Jun 2026 09:53:28 +0000
asID:                     834
IP address blocks:        193.32.205.0/24 maxlen: 24
                          193.187.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:92:73:a1:40:08:23:fc:26:62:8b:f1:fe:c2:71:50:86:4a:ec:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jun 27 09:48:28 2025 GMT
            Not After : Jun 26 09:53:28 2026 GMT
        Subject: CN=5544FDE38D140785A0D10E7748B111281B67EC01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b3:3e:bb:d9:cd:e3:31:3b:8a:90:f5:b3:3d:
                    62:e7:46:52:e9:b2:83:a1:dc:72:4c:6f:bc:59:0d:
                    a0:2f:6c:85:69:7e:4e:09:66:26:40:74:55:fe:1f:
                    35:47:9f:da:2a:59:3e:04:01:ca:7e:79:e6:c1:d7:
                    df:f1:e5:22:f1:05:4b:ca:a4:89:80:05:74:5a:e7:
                    6c:d5:d2:b0:22:8d:b4:b6:f0:72:67:66:c6:2f:4d:
                    e4:f0:57:a3:60:17:44:48:36:34:78:ad:44:2c:fd:
                    6c:78:ec:3a:38:d4:04:df:bc:9a:e9:41:b1:f1:8a:
                    e5:13:76:27:17:b0:aa:5a:e8:2f:3b:8d:9d:a0:a9:
                    84:6f:a9:58:62:7b:2c:b5:d2:42:e9:ce:0f:9e:33:
                    8d:49:b6:e4:3f:2b:fc:15:b4:03:1a:ca:98:f7:d3:
                    62:a1:6d:05:11:10:44:17:a6:95:57:7a:6a:c0:8a:
                    30:ec:e4:ad:27:f8:e5:ec:5a:2e:8d:36:b7:d9:d5:
                    c0:cf:8f:95:f9:2b:50:5a:d3:6c:94:3e:6a:f7:a7:
                    49:52:2a:bf:59:84:c1:71:8d:a2:b7:93:db:e8:54:
                    c5:6c:93:26:f3:6b:4f:85:70:3f:a8:6a:f5:dd:15:
                    32:a7:b3:f4:86:c3:d1:e7:f4:a0:88:28:c7:56:8c:
                    44:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:44:FD:E3:8D:14:07:85:A0:D1:0E:77:48:B1:11:28:1B:67:EC:01
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.205.0/24
                  193.187.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:86:03:41:c6:6d:ff:c6:e5:64:22:1d:e8:0e:09:05:3f:0d:
         df:ea:fb:29:41:62:dc:9e:16:95:fb:27:c0:b6:6c:0f:1a:aa:
         cf:cc:c1:d1:05:85:c7:93:db:f7:d0:33:de:52:b3:e0:63:1b:
         0e:31:f4:5b:7d:18:d7:12:88:a9:a7:b0:99:80:ab:d5:6d:26:
         c1:dd:08:83:6c:78:17:f7:f2:63:62:29:1b:b7:e0:59:37:23:
         93:59:09:ba:c1:47:ef:c5:8c:46:67:05:ff:20:90:d6:b4:9d:
         e0:45:06:f8:ab:8e:e7:2b:b4:c3:46:42:ce:d5:23:51:3b:2d:
         f3:58:26:07:25:a8:9c:7f:d1:13:bd:df:b6:84:08:08:13:48:
         5d:78:a3:96:1f:19:06:55:87:d8:85:56:e8:26:dd:a2:1f:46:
         c9:2d:ef:0b:ad:5a:8a:91:2c:65:c7:e5:77:88:29:74:85:9b:
         7f:6a:cf:4f:fb:af:8c:24:5b:f9:cc:14:df:15:52:15:df:1a:
         c0:29:ea:39:11:90:ef:ff:cc:ca:8f:ac:de:43:86:74:6a:1d:
         93:6b:a0:6f:a4:30:e9:5f:3d:09:3c:b5:69:ba:fd:9b:2d:f2:
         fc:b9:94:92:6b:fe:e3:a3:72:89:79:0b:66:c6:9f:23:23:0e:
         46:a4:bf:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZJJzoUAII/wmYovx/sJxUIZK7EkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA2MjcwOTQ4MjhaFw0yNjA2MjYwOTUzMjhaMDMxMTAvBgNV
BAMTKDU1NDRGREUzOEQxNDA3ODVBMEQxMEU3NzQ4QjExMTI4MUI2N0VDMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3sz672c3jMTuKkPWzPWLnRlLp
soOh3HJMb7xZDaAvbIVpfk4JZiZAdFX+HzVHn9oqWT4EAcp+eebB19/x5SLxBUvK
pImABXRa52zV0rAijbS28HJnZsYvTeTwV6NgF0RINjR4rUQs/Wx47Do41ATfvJrp
QbHxiuUTdicXsKpa6C87jZ2gqYRvqVhieyy10kLpzg+eM41JtuQ/K/wVtAMaypj3
02KhbQUREEQXppVXemrAijDs5K0n+OXsWi6NNrfZ1cDPj5X5K1Ba02yUPmr3p0lS
Kr9ZhMFxjaK3k9voVMVskybza0+FcD+oavXdFTKns/SGw9Hn9KCIKMdWjET9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUVUT9440UB4Wg0Q53SLERKBtn7AEwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSDNAwQA
wbuEMA0GCSqGSIb3DQEBCwUAA4IBAQCBhgNBxm3/xuVkIh3oDgkFPw3f6vspQWLc
nhaV+yfAtmwPGqrPzMHRBYXHk9v30DPeUrPgYxsOMfRbfRjXEoipp7CZgKvVbSbB
3QiDbHgX9/JjYikbt+BZNyOTWQm6wUfvxYxGZwX/IJDWtJ3gRQb4q47nK7TDRkLO
1SNROy3zWCYHJaicf9ETvd+2hAgIE0hdeKOWHxkGVYfYhVboJt2iH0bJLe8LrVqK
kSxlx+V3iCl0hZt/as9P+6+MJFv5zBTfFVIV3xrAKeo5EZDv/8zKj6zeQ4Z0ah2T
a6BvpDDpXz0JPLVpuv2bLfL8uZSSa/7jo3KJeQtmxp8jIw5GpL8j
-----END CERTIFICATE-----