Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          pn3ZDXd85148iaG8gzfUJ3+4xEY3P7L9OK5ZiPmR7oQ=
Subject key identifier:   A5:C9:97:C6:03:11:D4:45:55:C2:B6:F8:A5:B3:22:7C:FE:CC:41:65
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1D2278AA97E69ED0F9EBE1836B4E64ADF3DCC2F3
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Tue 01 Apr 2025 10:01:31 +0000
ROA not before:           Tue 01 Apr 2025 09:56:31 +0000
ROA not after:            Tue 31 Mar 2026 10:01:31 +0000
asID:                     834
IP address blocks:        45.152.240.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:22:78:aa:97:e6:9e:d0:f9:eb:e1:83:6b:4e:64:ad:f3:dc:c2:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  1 09:56:31 2025 GMT
            Not After : Mar 31 10:01:31 2026 GMT
        Subject: CN=A5C997C60311D44555C2B6F8A5B3227CFECC4165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c8:4d:0c:ce:59:ea:c0:ab:34:9d:82:40:23:
                    90:bc:77:d9:30:7f:23:dd:bb:b6:30:82:b5:f1:7d:
                    5a:f1:ac:41:57:de:7c:89:72:82:9e:02:97:ac:43:
                    70:95:4a:df:f8:65:1c:b5:ef:56:b4:ee:44:31:53:
                    7f:f8:14:75:4e:0b:f9:23:17:d7:3b:ea:ed:e1:66:
                    34:2f:c7:86:9b:3f:48:99:38:7b:49:5c:0a:82:e1:
                    64:f1:7f:c9:23:13:ff:dd:70:cf:68:e5:f5:e1:a5:
                    74:42:ac:fb:fe:dd:fa:c2:11:5e:9e:df:b0:d5:e1:
                    c9:28:1c:94:ad:46:f1:a3:55:ad:9a:e7:2b:4e:7b:
                    84:ef:6a:e2:3c:b9:91:40:12:dd:47:c7:43:2b:8a:
                    d4:d4:a5:c0:36:5a:77:04:6e:a7:5f:65:ca:2f:3b:
                    9e:3e:23:23:db:2a:4a:c8:ea:9e:cf:36:1f:8c:96:
                    59:ae:13:89:91:30:f5:d5:9e:67:c1:a6:91:3e:08:
                    29:ae:32:b0:d4:d9:cb:bb:4c:64:9d:3f:b6:69:13:
                    69:35:da:14:19:2d:95:f3:f5:49:52:b7:54:eb:65:
                    88:83:7c:60:e6:05:fa:83:9a:1d:8c:06:52:5f:c1:
                    f9:ea:4f:1f:91:68:87:be:c4:c7:03:2b:ab:26:a5:
                    94:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:C9:97:C6:03:11:D4:45:55:C2:B6:F8:A5:B3:22:7C:FE:CC:41:65
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:75:fd:9d:12:5d:4d:c9:14:00:1f:d3:39:46:66:af:12:93:
         aa:0d:f9:72:05:e3:b3:34:ad:13:78:07:ea:2f:42:9f:64:e2:
         45:83:6b:1d:7b:fb:d6:fd:57:83:ff:ed:54:ec:53:f4:f1:c4:
         48:d8:e3:c9:0f:1c:8e:81:3b:05:fe:9e:21:de:13:be:7e:98:
         bf:61:fe:58:bd:79:3c:93:b8:a5:23:d1:52:33:b8:72:8d:13:
         28:c5:5e:27:05:da:36:27:dd:60:80:b8:0c:d9:9e:4b:72:d6:
         c6:be:3e:d3:64:cc:9c:9f:ce:0c:64:58:e5:cb:78:42:ea:08:
         7c:bb:5a:9b:44:90:87:15:e8:00:bf:d8:34:ab:93:7c:49:79:
         53:02:1b:cb:08:60:b1:7e:0c:5b:0e:47:35:02:d1:30:1d:e1:
         b4:d4:cf:97:28:49:0e:84:9b:fb:d9:9c:a1:d5:a7:d1:2b:82:
         5d:d1:99:04:46:e8:ae:b0:fa:74:0f:d5:35:53:30:68:fc:fb:
         67:03:1c:ad:ce:f9:e4:1a:be:b6:75:67:d5:53:06:8b:88:5e:
         32:56:85:68:de:19:c5:04:1b:db:c2:c8:70:80:83:b5:a1:12:
         2a:08:2c:8c:6b:80:a8:50:73:3b:e6:dd:8b:a2:67:6a:e9:2e:
         fc:a3:c4:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUHSJ4qpfmntD56+GDa05krfPcwvMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA0MDEwOTU2MzFaFw0yNjAzMzExMDAxMzFaMDMxMTAvBgNV
BAMTKEE1Qzk5N0M2MDMxMUQ0NDU1NUMyQjZGOEE1QjMyMjdDRkVDQzQxNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdyE0MzlnqwKs0nYJAI5C8d9kw
fyPdu7YwgrXxfVrxrEFX3nyJcoKeApesQ3CVSt/4ZRy171a07kQxU3/4FHVOC/kj
F9c76u3hZjQvx4abP0iZOHtJXAqC4WTxf8kjE//dcM9o5fXhpXRCrPv+3frCEV6e
37DV4ckoHJStRvGjVa2a5ytOe4TvauI8uZFAEt1Hx0MritTUpcA2WncEbqdfZcov
O54+IyPbKkrI6p7PNh+MllmuE4mRMPXVnmfBppE+CCmuMrDU2cu7TGSdP7ZpE2k1
2hQZLZXz9UlSt1TrZYiDfGDmBfqDmh2MBlJfwfnqTx+RaIe+xMcDK6smpZQJAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUpcmXxgMR1EVVwrb4pbMifP7MQWUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZjwMA0G
CSqGSIb3DQEBCwUAA4IBAQBIdf2dEl1NyRQAH9M5RmavEpOqDflyBeOzNK0TeAfq
L0KfZOJFg2sde/vW/VeD/+1U7FP08cRI2OPJDxyOgTsF/p4h3hO+fpi/Yf5YvXk8
k7ilI9FSM7hyjRMoxV4nBdo2J91ggLgM2Z5LctbGvj7TZMycn84MZFjly3hC6gh8
u1qbRJCHFegAv9g0q5N8SXlTAhvLCGCxfgxbDkc1AtEwHeG01M+XKEkOhJv72Zyh
1afRK4Jd0ZkERuiusPp0D9U1UzBo/PtnAxytzvnkGr62dWfVUwaLiF4yVoVo3hnF
BBvbwshwgIO1oRIqCCyMa4CoUHM75t2Lomdq6S78o8SW
-----END CERTIFICATE-----