Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          bDrXB77xYjpifLHfmQWiel7X6vUperdO5Flu9hCTRl4=
Subject key identifier:   30:61:36:FB:21:3C:AB:DC:1C:E9:B1:25:56:7E:F6:54:93:E7:5A:E5
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6D0742C02C48EE2ED76A7E92321459EE6A657F36
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Fri 26 Jun 2026 12:24:51 +0000
ROA not before:           Fri 26 Jun 2026 12:19:51 +0000
ROA not after:            Fri 25 Jun 2027 12:24:51 +0000
asID:                     834
IP address blocks:        45.153.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 21:08:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:07:42:c0:2c:48:ee:2e:d7:6a:7e:92:32:14:59:ee:6a:65:7f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 26 12:19:51 2026 GMT
            Not After : Jun 25 12:24:51 2027 GMT
        Subject: CN=306136FB213CABDC1CE9B125567EF65493E75AE5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1c:5b:52:2e:93:83:ea:58:9b:0c:82:e0:02:
                    9b:58:0f:83:db:e9:f7:24:c8:d0:88:82:ae:ad:f6:
                    fd:a1:e0:c6:14:83:d1:fb:e1:fc:7d:4a:24:41:b0:
                    df:df:2d:f2:e6:a5:72:af:77:f0:f2:fe:d0:3f:ab:
                    60:d5:7b:35:60:8f:e5:09:c0:81:1d:76:ff:af:39:
                    34:e5:28:2c:5c:38:1a:75:fe:f8:9a:63:3d:63:bb:
                    41:fc:0b:d3:03:2e:07:fa:43:78:17:c2:97:6e:1c:
                    8f:ab:a7:e1:ca:e7:5b:31:13:7a:1d:4f:65:c6:75:
                    d4:0e:24:37:06:2e:3a:dd:42:45:2e:12:fb:ad:aa:
                    1a:37:70:6f:52:b2:c3:4c:0c:b6:ad:be:5c:6e:1e:
                    00:06:69:06:cc:cb:a3:d1:1a:bc:0d:ef:35:01:de:
                    57:5e:6c:fe:98:b2:24:85:5a:1a:11:cb:33:ee:af:
                    ca:1f:d4:59:05:b6:0e:48:2e:ed:7e:cd:d0:89:d3:
                    d6:23:22:ed:6f:cd:39:a5:31:f8:82:96:c7:11:f7:
                    f9:b5:dc:4c:3f:ea:ce:97:86:f2:a1:df:2f:5c:20:
                    52:b6:63:ab:68:86:f8:ab:d9:f5:1c:62:c7:c5:e9:
                    33:3b:38:c7:ba:1d:4f:7e:43:9f:81:7d:d8:b9:6c:
                    56:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:61:36:FB:21:3C:AB:DC:1C:E9:B1:25:56:7E:F6:54:93:E7:5A:E5
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:73:c7:8f:64:00:86:37:3d:48:d3:ca:8a:e2:fa:f0:44:93:
         6c:50:bb:5a:71:05:66:01:2f:cf:6a:fc:d8:7a:97:ac:76:09:
         6d:bc:61:ac:2f:9b:f7:f2:bf:1e:6b:4a:83:15:bd:f7:9e:8a:
         b2:38:24:f4:1a:9f:ec:ec:c9:7e:16:28:b4:e2:e9:65:63:1c:
         92:21:8b:1d:13:64:7e:9d:8c:bb:5c:35:e8:49:5c:10:b7:72:
         ba:b4:71:c3:b1:7d:87:ee:97:2d:b2:4c:0a:20:44:8a:4e:ae:
         d8:1b:aa:8d:5b:44:53:51:cf:9e:d0:75:82:79:44:8a:5f:e6:
         91:f0:89:00:96:b6:ef:73:b5:0a:11:db:12:1e:d4:e6:68:e5:
         a7:70:d5:8c:d1:f7:06:f4:e4:ac:6f:06:d6:0c:dc:25:8e:97:
         f8:5d:55:fe:be:38:af:76:3a:09:3a:72:59:bd:91:11:2b:6f:
         cc:c5:e3:c4:3e:a9:04:da:1e:3f:c0:18:cd:12:a5:36:4f:ac:
         30:98:a5:35:7c:73:0c:0c:d7:49:19:c0:04:17:d8:72:ab:a2:
         71:6e:fd:7c:20:dd:75:94:33:79:61:ad:c0:c3:4f:26:58:56:
         23:c8:7d:e8:b2:22:e7:6f:95:ed:4e:c3:20:be:d9:ec:22:c3:
         ff:b2:a0:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUbQdCwCxI7i7Xan6SMhRZ7mplfzYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MjYxMjE5NTFaFw0yNzA2MjUxMjI0NTFaMDMxMTAvBgNV
BAMTKDMwNjEzNkZCMjEzQ0FCREMxQ0U5QjEyNTU2N0VGNjU0OTNFNzVBRTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxHFtSLpOD6libDILgAptYD4Pb
6fckyNCIgq6t9v2h4MYUg9H74fx9SiRBsN/fLfLmpXKvd/Dy/tA/q2DVezVgj+UJ
wIEddv+vOTTlKCxcOBp1/viaYz1ju0H8C9MDLgf6Q3gXwpduHI+rp+HK51sxE3od
T2XGddQOJDcGLjrdQkUuEvutqho3cG9SssNMDLatvlxuHgAGaQbMy6PRGrwN7zUB
3ldebP6YsiSFWhoRyzPur8of1FkFtg5ILu1+zdCJ09YjIu1vzTmlMfiClscR9/m1
3Ew/6s6XhvKh3y9cIFK2Y6tohvir2fUcYsfF6TM7OMe6HU9+Q5+Bfdi5bFbfAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUMGE2+yE8q9wc6bElVn72VJPnWuUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZkHMA0G
CSqGSIb3DQEBCwUAA4IBAQDOc8ePZACGNz1I08qK4vrwRJNsULtacQVmAS/PavzY
epesdgltvGGsL5v38r8ea0qDFb33noqyOCT0Gp/s7Ml+Fii04ullYxySIYsdE2R+
nYy7XDXoSVwQt3K6tHHDsX2H7pctskwKIESKTq7YG6qNW0RTUc+e0HWCeUSKX+aR
8IkAlrbvc7UKEdsSHtTmaOWncNWM0fcG9OSsbwbWDNwljpf4XVX+vjivdjoJOnJZ
vZERK2/MxePEPqkE2h4/wBjNEqU2T6wwmKU1fHMMDNdJGcAEF9hyq6Jxbv18IN11
lDN5Ya3Aw08mWFYjyH3osiLnb5XtTsMgvtnsIsP/sqBs
-----END CERTIFICATE-----