Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          t92T5tejb54bGRUaPCSUUCkpkSWd2bk/MRADdlSWihk=
Subject key identifier:   40:F0:08:D5:84:1D:A1:D1:3A:59:0C:EE:B0:51:A0:A3:80:0A:DE:B5
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       418F7DD3336B506EF3B181DF678945D30419F572
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Tue 03 Jun 2025 13:21:46 +0000
ROA not before:           Tue 03 Jun 2025 13:16:46 +0000
ROA not after:            Tue 02 Jun 2026 13:21:46 +0000
asID:                     834
IP address blocks:        45.152.240.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 02:13:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:8f:7d:d3:33:6b:50:6e:f3:b1:81:df:67:89:45:d3:04:19:f5:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun  3 13:16:46 2025 GMT
            Not After : Jun  2 13:21:46 2026 GMT
        Subject: CN=40F008D5841DA1D13A590CEEB051A0A3800ADEB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f8:ca:ff:e0:4f:60:66:08:38:fc:82:67:a8:
                    f2:88:02:bc:7f:8b:3a:08:99:8f:38:f3:07:bd:26:
                    48:84:32:c7:87:ec:c6:99:5a:ed:13:c6:d8:af:f2:
                    38:fd:d6:7f:f4:5c:ab:8c:31:96:67:65:f8:17:f6:
                    41:db:46:eb:f8:4c:85:fc:33:12:ee:81:88:5c:5a:
                    75:81:99:30:9e:83:b6:f3:36:dd:c0:8a:42:65:f6:
                    7c:a4:a0:f0:72:6d:ee:47:3e:de:e5:3c:9f:48:e6:
                    50:36:1d:87:c6:40:7a:c6:f4:01:d3:13:ad:cc:a9:
                    87:14:ad:41:c3:67:13:9e:a9:ee:62:c6:3c:97:ba:
                    76:32:80:60:50:c2:8e:83:24:4a:a8:7d:7c:74:37:
                    9f:e5:7f:f4:cb:17:05:8b:b6:7c:ce:73:8b:c6:c9:
                    61:40:05:84:6e:db:fc:3a:ab:35:7c:d6:99:39:23:
                    00:73:3f:ad:5e:ff:da:39:37:14:70:e3:ee:27:e1:
                    c6:a4:59:67:26:81:6d:d4:70:3c:18:b6:4a:1f:d8:
                    0a:22:eb:3c:d8:89:4e:42:a7:93:14:d0:d7:2d:6c:
                    f0:52:92:8d:30:6f:d9:33:59:59:8b:7b:a4:ab:6f:
                    19:19:30:6c:e6:3c:d2:f8:9a:76:b2:90:ea:55:b3:
                    8d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F0:08:D5:84:1D:A1:D1:3A:59:0C:EE:B0:51:A0:A3:80:0A:DE:B5
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:30:1b:17:b2:05:cb:fa:8a:97:40:40:ce:95:b4:74:70:4f:
         21:15:73:f5:b3:42:ab:6a:64:c2:e2:e0:d2:28:15:8d:ce:16:
         8e:c4:a2:57:9d:6c:b9:eb:88:02:fc:0a:fc:5d:df:3f:f8:50:
         dd:a4:5c:14:9c:9e:4e:4f:e4:0f:b4:33:db:5a:70:e3:17:b5:
         15:de:4d:85:74:03:80:2b:25:7d:5a:1d:4c:9f:07:20:d3:a0:
         39:5e:e0:38:b3:97:c0:dd:0f:16:85:fd:56:1f:22:4c:1c:8c:
         bf:b6:fa:8c:08:03:f9:b1:6b:0c:57:6c:b6:fc:bf:b3:3e:2c:
         ef:31:01:9f:35:39:e9:0f:da:b9:4d:39:3c:b2:3a:63:6e:2b:
         c1:56:b1:bb:7e:aa:02:7e:37:a1:93:e5:df:08:b3:f7:a4:85:
         89:27:1e:e6:51:b4:c4:fe:c0:a6:64:f2:38:02:e5:cc:55:35:
         72:c4:eb:10:a7:b6:c9:f7:54:4c:e1:d6:df:bf:66:da:5c:bd:
         21:23:fb:a5:0f:93:a5:9b:e5:fd:9c:fa:64:78:23:8f:a2:ba:
         d5:f3:da:60:46:ed:7d:3f:b8:c5:33:5b:48:e5:b2:01:81:7f:
         58:0e:08:70:17:67:de:80:00:b4:fe:7b:00:8d:7a:8e:8b:24:
         24:94:bb:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUQY990zNrUG7zsYHfZ4lF0wQZ9XIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA2MDMxMzE2NDZaFw0yNjA2MDIxMzIxNDZaMDMxMTAvBgNV
BAMTKDQwRjAwOEQ1ODQxREExRDEzQTU5MENFRUIwNTFBMEEzODAwQURFQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe+Mr/4E9gZgg4/IJnqPKIArx/
izoImY848we9JkiEMseH7MaZWu0Txtiv8jj91n/0XKuMMZZnZfgX9kHbRuv4TIX8
MxLugYhcWnWBmTCeg7bzNt3AikJl9nykoPBybe5HPt7lPJ9I5lA2HYfGQHrG9AHT
E63MqYcUrUHDZxOeqe5ixjyXunYygGBQwo6DJEqofXx0N5/lf/TLFwWLtnzOc4vG
yWFABYRu2/w6qzV81pk5IwBzP61e/9o5NxRw4+4n4cakWWcmgW3UcDwYtkof2Aoi
6zzYiU5Cp5MU0NctbPBSko0wb9kzWVmLe6SrbxkZMGzmPNL4mnaykOpVs43lAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUQPAI1YQdodE6WQzusFGgo4AK3rUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZjwMA0G
CSqGSIb3DQEBCwUAA4IBAQCNMBsXsgXL+oqXQEDOlbR0cE8hFXP1s0KramTC4uDS
KBWNzhaOxKJXnWy564gC/Ar8Xd8/+FDdpFwUnJ5OT+QPtDPbWnDjF7UV3k2FdAOA
KyV9Wh1Mnwcg06A5XuA4s5fA3Q8Whf1WHyJMHIy/tvqMCAP5sWsMV2y2/L+zPizv
MQGfNTnpD9q5TTk8sjpjbivBVrG7fqoCfjehk+XfCLP3pIWJJx7mUbTE/sCmZPI4
AuXMVTVyxOsQp7bJ91RM4dbfv2baXL0hI/ulD5Olm+X9nPpkeCOPorrV89pgRu19
P7jFM1tI5bIBgX9YDghwF2fegAC0/nsAjXqOiyQklLt0
-----END CERTIFICATE-----