Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          cuGwqNgzYl0xON+ecj88SL4YnGfyDSwVfCH0k3zihCo=
Subject key identifier:   4F:46:78:3E:9F:C1:9F:C7:7C:5E:91:CC:66:AD:60:96:E1:0B:C0:DE
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       65F4BC50C0C3FA4C30D47A654E9DD8725C2A8122
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Sun 20 Jul 2025 00:00:40 +0000
ROA not before:           Sat 19 Jul 2025 23:55:40 +0000
ROA not after:            Sun 19 Jul 2026 00:00:40 +0000
asID:                     834
IP address blocks:        45.149.185.0/24 maxlen: 24
                          193.151.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:f4:bc:50:c0:c3:fa:4c:30:d4:7a:65:4e:9d:d8:72:5c:2a:81:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul 19 23:55:40 2025 GMT
            Not After : Jul 19 00:00:40 2026 GMT
        Subject: CN=4F46783E9FC19FC77C5E91CC66AD6096E10BC0DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7c:06:a1:04:67:b0:31:76:f1:5a:49:e8:c0:
                    ee:91:33:a7:60:83:5d:e3:93:79:4a:1e:00:3b:dd:
                    7e:41:ee:54:91:f7:03:7d:71:1b:16:d3:2b:58:de:
                    3d:bd:1c:cd:53:b9:b9:0f:63:da:82:21:06:64:30:
                    66:62:36:6e:92:21:68:d2:88:f9:69:6e:6f:42:c6:
                    50:0e:5b:4b:2f:34:a2:d0:56:2d:60:cd:d3:8c:51:
                    da:89:74:c0:cc:32:eb:3d:45:85:8f:50:6b:a4:14:
                    3a:92:ed:f3:5c:6e:0a:7d:a1:2b:55:2c:ee:c1:61:
                    48:a4:db:a1:95:85:46:a6:75:25:60:f3:86:a1:f7:
                    35:3a:4b:cf:e2:53:75:b9:1e:dc:9e:5b:c4:da:15:
                    e0:24:d0:c9:17:e4:ee:32:07:06:8a:a1:9d:03:f4:
                    6f:c7:14:42:28:4b:b3:72:bb:f5:20:1d:d1:f1:55:
                    8e:65:3c:c9:d5:a0:3c:e2:a3:a1:c3:aa:a4:08:61:
                    b0:cc:4b:c3:88:d4:66:ee:3a:c9:ef:ae:5b:7b:61:
                    60:b8:87:9b:64:24:52:6a:4b:17:d7:c4:19:f7:5a:
                    79:93:e5:53:c2:78:f5:a7:8b:40:68:f4:bd:b8:16:
                    3a:b7:1c:32:5e:17:e1:bc:39:25:f6:42:a1:66:7d:
                    99:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:46:78:3E:9F:C1:9F:C7:7C:5E:91:CC:66:AD:60:96:E1:0B:C0:DE
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.185.0/24
                  193.151.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:d9:e4:25:b5:e4:ac:2a:4b:f6:07:b5:d9:0d:1c:f0:be:5b:
         ba:70:28:fe:0b:4e:60:5a:df:5b:91:53:55:7a:07:81:30:40:
         53:a5:94:52:c9:75:e7:06:2f:dd:72:d1:32:19:c2:e3:ce:5d:
         d3:50:a7:a9:88:4f:ad:1f:0e:c6:97:e9:ce:d6:47:52:b5:74:
         16:6a:6c:2e:ea:16:8c:b9:87:a2:55:2a:4e:3e:3b:2d:0e:49:
         b9:fd:95:78:e5:c2:de:d8:6c:65:33:04:27:42:29:ee:aa:78:
         5c:05:8b:70:4b:e9:b2:d2:3c:c8:39:b9:7d:79:12:89:e9:59:
         67:48:46:69:b6:38:84:cd:88:86:c1:74:db:f6:d8:63:22:93:
         01:f9:56:3a:ba:1f:f3:b6:8d:41:ad:0a:6a:68:da:7c:23:93:
         a5:52:d7:a2:2b:6f:b6:a5:d4:85:0e:2c:50:f1:90:0e:cd:9a:
         95:ae:e0:2c:75:80:fa:70:ec:6f:cd:63:40:e2:33:c0:94:76:
         3a:14:ed:46:ec:ef:21:d7:1e:84:0d:42:57:d5:8c:4c:dc:ab:
         bb:54:ac:c6:56:de:77:a5:01:92:5d:0b:0c:09:a9:c2:96:4e:
         b4:d3:8f:95:f0:ec:0c:fa:02:f4:8b:b0:9b:7d:6c:37:c9:e4:
         84:6b:cf:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZfS8UMDD+kww1HplTp3YclwqgSIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA3MTkyMzU1NDBaFw0yNjA3MTkwMDAwNDBaMDMxMTAvBgNV
BAMTKDRGNDY3ODNFOUZDMTlGQzc3QzVFOTFDQzY2QUQ2MDk2RTEwQkMwREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgfAahBGewMXbxWknowO6RM6dg
g13jk3lKHgA73X5B7lSR9wN9cRsW0ytY3j29HM1TubkPY9qCIQZkMGZiNm6SIWjS
iPlpbm9CxlAOW0svNKLQVi1gzdOMUdqJdMDMMus9RYWPUGukFDqS7fNcbgp9oStV
LO7BYUik26GVhUamdSVg84ah9zU6S8/iU3W5HtyeW8TaFeAk0MkX5O4yBwaKoZ0D
9G/HFEIoS7Nyu/UgHdHxVY5lPMnVoDzio6HDqqQIYbDMS8OI1GbuOsnvrlt7YWC4
h5tkJFJqSxfXxBn3WnmT5VPCePWni0Bo9L24Fjq3HDJeF+G8OSX2QqFmfZnDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUT0Z4Pp/Bn8d8XpHMZq1gluELwN4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZW5AwQA
wZe1MA0GCSqGSIb3DQEBCwUAA4IBAQDT2eQlteSsKkv2B7XZDRzwvlu6cCj+C05g
Wt9bkVNVegeBMEBTpZRSyXXnBi/dctEyGcLjzl3TUKepiE+tHw7Gl+nO1kdStXQW
amwu6haMuYeiVSpOPjstDkm5/ZV45cLe2GxlMwQnQinuqnhcBYtwS+my0jzIObl9
eRKJ6VlnSEZptjiEzYiGwXTb9thjIpMB+VY6uh/zto1BrQpqaNp8I5OlUteiK2+2
pdSFDixQ8ZAOzZqVruAsdYD6cOxvzWNA4jPAlHY6FO1G7O8h1x6EDUJX1YxM3Ku7
VKzGVt53pQGSXQsMCanClk6004+V8OwM+gL0i7CbfWw3yeSEa89f
-----END CERTIFICATE-----