Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          HGqOO3VXO5KhbIe3OtXzJqLWRr+etuNQqYnCUzgsl88=
Subject key identifier:   BC:79:50:50:E4:F8:B0:06:9F:67:B6:CF:26:47:79:50:66:E1:5F:43
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       684ADB9715F55A92B4A9AA27360792969016FF0C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Thu 02 May 2024 11:11:19 +0000
ROA not before:           Thu 02 May 2024 11:06:19 +0000
ROA not after:            Thu 01 May 2025 11:11:19 +0000
asID:                     834
IP address blocks:        45.152.240.0/23 maxlen: 24
                          45.158.10.0/23 maxlen: 24
                          185.155.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:4a:db:97:15:f5:5a:92:b4:a9:aa:27:36:07:92:96:90:16:ff:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May  2 11:06:19 2024 GMT
            Not After : May  1 11:11:19 2025 GMT
        Subject: CN=BC795050E4F8B0069F67B6CF2647795066E15F43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:cd:06:e8:2e:fd:7d:1a:68:cc:78:cb:ab:2c:
                    fa:98:d7:f8:ed:ed:38:b1:50:9b:75:8b:dd:47:c9:
                    fb:54:45:b7:10:3c:46:23:63:6b:e9:62:4a:c8:80:
                    1f:c6:b2:c6:78:c3:2d:75:f7:3d:38:59:f5:9d:76:
                    7e:23:4d:51:bf:91:62:0f:52:1d:c9:58:e4:42:53:
                    10:25:fd:0d:59:2a:e0:c6:a9:39:39:29:3e:33:8a:
                    b8:8d:04:63:76:1c:77:d0:0a:39:92:ae:43:62:c1:
                    74:0e:d9:92:e2:08:51:85:ae:e2:59:3c:b8:5b:30:
                    fb:85:73:b1:75:fb:82:2b:d9:56:c0:da:c5:03:c9:
                    13:05:b6:82:8d:5b:78:cc:4d:49:a6:26:fb:4e:49:
                    1a:1a:0a:58:f5:68:b1:f7:2b:c6:98:70:de:75:82:
                    46:95:26:c0:56:81:91:7f:38:43:70:66:84:ab:67:
                    b5:e8:b9:70:b0:d0:16:7a:8d:86:61:c8:94:66:ac:
                    cf:d5:31:3f:3f:12:29:eb:c0:72:06:21:6e:92:d9:
                    b8:9f:ee:6d:e8:ba:4f:d3:12:f2:5b:4c:5a:07:a4:
                    3f:0e:65:7c:8e:7d:ba:5c:8f:5b:e6:ba:43:fb:93:
                    7f:04:2f:b1:90:26:03:ed:9c:76:cb:5c:76:85:bc:
                    8a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:79:50:50:E4:F8:B0:06:9F:67:B6:CF:26:47:79:50:66:E1:5F:43
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.240.0/23
                  45.158.10.0/23
                  185.155.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:a3:93:87:1e:42:9c:5c:8d:af:c1:8f:d0:ae:29:bc:43:6d:
         2a:71:12:1f:6e:02:11:8b:2b:8c:3b:b9:e0:db:7e:ab:f8:9f:
         2f:02:ed:15:b6:9d:98:cb:d1:67:49:ba:74:68:9e:9d:9d:0a:
         b1:e8:6e:c1:71:e3:e8:0e:12:37:02:0e:5e:dc:da:38:16:69:
         7f:90:55:34:e8:33:92:e3:90:4d:67:7e:2e:32:81:2f:fc:23:
         40:75:5f:e4:ea:f6:de:df:96:51:61:f5:a8:8b:22:d3:48:f3:
         64:bc:d2:67:cf:42:b6:91:ac:01:6b:43:59:6d:27:ab:22:77:
         fe:5b:02:76:e9:f7:01:5c:67:f3:23:9d:c6:ad:09:6e:b4:bd:
         bf:c0:e1:83:fd:11:24:a9:98:3e:2d:52:f2:08:16:66:8c:ca:
         ac:3d:c6:68:55:fa:e3:f1:d4:bc:51:21:26:86:6a:75:19:36:
         79:bb:08:8d:5c:42:bb:50:dd:24:9a:eb:34:dc:3b:f9:d5:c1:
         40:9d:b4:53:1a:a4:91:70:f8:89:fe:bd:12:dc:21:18:38:70:
         43:ca:fa:03:c7:69:f8:dc:c9:ac:33:aa:0c:37:73:8a:be:ce:
         81:e7:27:98:aa:ce:7f:20:7a:84:3d:eb:f6:72:8c:14:df:d8:
         b7:7a:00:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIUaErblxX1WpK0qaonNgeSlpAW/wwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA1MDIxMTA2MTlaFw0yNTA1MDExMTExMTlaMDMxMTAvBgNV
BAMTKEJDNzk1MDUwRTRGOEIwMDY5RjY3QjZDRjI2NDc3OTUwNjZFMTVGNDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVzQboLv19GmjMeMurLPqY1/jt
7TixUJt1i91HyftURbcQPEYjY2vpYkrIgB/GssZ4wy119z04WfWddn4jTVG/kWIP
Uh3JWORCUxAl/Q1ZKuDGqTk5KT4ziriNBGN2HHfQCjmSrkNiwXQO2ZLiCFGFruJZ
PLhbMPuFc7F1+4Ir2VbA2sUDyRMFtoKNW3jMTUmmJvtOSRoaClj1aLH3K8aYcN51
gkaVJsBWgZF/OENwZoSrZ7XouXCw0BZ6jYZhyJRmrM/VMT8/EinrwHIGIW6S2bif
7m3ouk/TEvJbTFoHpD8OZXyOfbpcj1vmukP7k38EL7GQJgPtnHbLXHaFvIobAgMB
AAGjggITMIICDzAdBgNVHQ4EFgQUvHlQUOT4sAafZ7bPJkd5UGbhX0MwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLZjwAwQB
LZ4KAwQAuZvdMA0GCSqGSIb3DQEBCwUAA4IBAQAXo5OHHkKcXI2vwY/Qrim8Q20q
cRIfbgIRiyuMO7ng236r+J8vAu0Vtp2Yy9FnSbp0aJ6dnQqx6G7BcePoDhI3Ag5e
3No4Fml/kFU06DOS45BNZ34uMoEv/CNAdV/k6vbe35ZRYfWoiyLTSPNkvNJnz0K2
kawBa0NZbSerInf+WwJ26fcBXGfzI53GrQlutL2/wOGD/REkqZg+LVLyCBZmjMqs
PcZoVfrj8dS8USEmhmp1GTZ5uwiNXEK7UN0kmus03Dv51cFAnbRTGqSRcPiJ/r0S
3CEYOHBDyvoDx2n43MmsM6oMN3OKvs6B5yeYqs5/IHqEPev2cowU39i3egCA
-----END CERTIFICATE-----