Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          o08WGEdzP1gU3bAAMJwIs2eZ8nSDdVXB/top+g9oJH4=
Subject key identifier:   2E:9A:1B:2D:2F:5A:81:EA:D3:27:71:6B:6B:11:27:A4:38:B1:7B:B6
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       50721E4EF4464FDF129FEE24E81520A92085447F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
Signing time:             Sun 19 Oct 2025 00:06:51 +0000
ROA not before:           Sun 19 Oct 2025 00:01:51 +0000
ROA not after:            Sun 18 Oct 2026 00:06:51 +0000
asID:                     834
IP address blocks:        143.20.37.0/24 maxlen: 24
                          143.20.41.0/24 maxlen: 24
                          143.20.102.0/24 maxlen: 24
                          143.20.131.0/24 maxlen: 24
                          143.20.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:18:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:72:1e:4e:f4:46:4f:df:12:9f:ee:24:e8:15:20:a9:20:85:44:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Oct 19 00:01:51 2025 GMT
            Not After : Oct 18 00:06:51 2026 GMT
        Subject: CN=2E9A1B2D2F5A81EAD327716B6B1127A438B17BB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:99:6c:ad:f0:16:05:9f:84:bd:c1:a3:c1:8c:
                    4d:ad:79:c6:92:d1:57:d9:04:b0:ca:bb:eb:84:b9:
                    e8:52:30:df:28:d0:ba:06:c0:31:ca:38:06:94:fe:
                    30:2e:30:c2:10:3a:ad:48:49:cb:47:0b:60:e9:89:
                    26:88:bb:62:53:2d:09:cb:21:d2:8a:ea:05:c8:04:
                    c5:53:22:5d:f7:95:22:ea:8a:70:b7:87:1f:bd:08:
                    b7:17:0a:1c:8c:08:57:81:fc:35:c4:18:25:78:1c:
                    1a:2b:14:d9:6e:49:f6:12:43:fe:f2:b0:3f:2a:88:
                    26:53:da:e8:28:cf:f8:e1:25:86:93:f6:f4:6b:12:
                    3a:7d:69:f7:1a:ec:1e:f6:bc:4a:94:6e:5f:a7:21:
                    8e:c5:52:f7:4d:35:be:c2:f9:47:8d:e0:fc:49:a5:
                    0e:58:c4:28:eb:30:a8:da:1f:b6:69:ff:aa:3b:bf:
                    d5:88:d2:8e:03:c3:fa:53:cb:1c:18:08:99:67:3d:
                    a0:cc:83:4b:32:89:51:ed:a3:1f:cd:8a:8c:6f:24:
                    ea:b9:39:53:70:21:f1:6f:79:de:8e:ca:42:2f:63:
                    ff:7b:a8:c1:7d:fa:4a:b5:9a:e4:f2:1b:e4:8e:67:
                    72:63:9c:51:69:65:63:ef:d7:89:c7:19:d9:e6:0b:
                    21:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:9A:1B:2D:2F:5A:81:EA:D3:27:71:6B:6B:11:27:A4:38:B1:7B:B6
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.37.0/24
                  143.20.41.0/24
                  143.20.102.0/24
                  143.20.131.0/24
                  143.20.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:94:e5:bb:79:8c:76:5b:d4:d2:f7:91:33:49:91:68:08:41:
         d7:56:0c:0c:ac:38:d5:17:0f:aa:83:cc:d9:c4:0b:ab:55:28:
         c8:46:24:f0:d6:58:2a:ee:6c:26:ed:3e:27:64:57:23:d1:34:
         47:aa:10:81:7c:dd:fe:f8:29:d2:7b:07:36:70:10:4a:22:8e:
         26:e4:36:d9:19:84:37:db:b7:33:13:bf:f5:d4:01:02:25:5e:
         9d:4e:51:a0:57:72:e8:7a:60:2f:e5:1f:d5:cd:96:6c:aa:36:
         29:cc:e3:6f:d1:f0:bd:da:e6:4d:68:80:6a:80:51:eb:f3:17:
         67:e3:7e:b3:ec:20:26:3d:ac:b9:35:30:46:f4:f3:85:d6:87:
         1b:9f:db:af:54:60:3f:38:87:84:18:bf:9c:48:87:ec:cb:d0:
         db:96:f8:d5:86:b0:b4:cb:bb:aa:25:51:06:dd:b9:58:72:c2:
         a5:9e:eb:88:d9:48:94:70:0f:00:77:17:f0:00:e8:f7:9a:5e:
         fb:4d:db:0d:46:aa:80:1c:7e:aa:f5:1d:47:2e:08:e1:8a:26:
         99:27:6b:06:54:a9:a6:95:7e:21:90:61:3e:c3:44:54:8d:f9:
         95:e1:8a:da:cf:04:e5:32:2e:3c:75:11:a3:6d:60:b1:d0:b3:
         69:48:1f:69
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIUUHIeTvRGT98Sn+4k6BUgqSCFRH8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMTkwMDAxNTFaFw0yNjEwMTgwMDA2NTFaMDMxMTAvBgNV
BAMTKDJFOUExQjJEMkY1QTgxRUFEMzI3NzE2QjZCMTEyN0E0MzhCMTdCQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZmWyt8BYFn4S9waPBjE2tecaS
0VfZBLDKu+uEuehSMN8o0LoGwDHKOAaU/jAuMMIQOq1ISctHC2DpiSaIu2JTLQnL
IdKK6gXIBMVTIl33lSLqinC3hx+9CLcXChyMCFeB/DXEGCV4HBorFNluSfYSQ/7y
sD8qiCZT2ugoz/jhJYaT9vRrEjp9afca7B72vEqUbl+nIY7FUvdNNb7C+UeN4PxJ
pQ5YxCjrMKjaH7Zp/6o7v9WI0o4Dw/pTyxwYCJlnPaDMg0syiVHtox/NioxvJOq5
OVNwIfFved6OykIvY/97qMF9+kq1muTyG+SOZ3JjnFFpZWPv14nHGdnmCyHVAgMB
AAGjggIfMIICGzAdBgNVHQ4EFgQULpobLS9agerTJ3FraxEnpDixe7YwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAjxQlAwQA
jxQpAwQAjxRmAwQAjxSDAwQAjxSGMA0GCSqGSIb3DQEBCwUAA4IBAQATlOW7eYx2
W9TS95EzSZFoCEHXVgwMrDjVFw+qg8zZxAurVSjIRiTw1lgq7mwm7T4nZFcj0TRH
qhCBfN3++CnSewc2cBBKIo4m5DbZGYQ327czE7/11AECJV6dTlGgV3LoemAv5R/V
zZZsqjYpzONv0fC92uZNaIBqgFHr8xdn436z7CAmPay5NTBG9POF1ocbn9uvVGA/
OIeEGL+cSIfsy9DblvjVhrC0y7uqJVEG3blYcsKlnuuI2UiUcA8AdxfwAOj3ml77
TdsNRqqAHH6q9R1HLgjhiiaZJ2sGVKmmlX4hkGE+w0RUjfmV4YrazwTlMi48dRGj
bWCx0LNpSB9p
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:43:34 2025 by rpki-client