Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          63mcoAWZcxvxoRXsf3CF2Cv99p2VvwaP+J9zbxMJDR4=
Subject key identifier:   F1:26:AB:4F:4E:32:5C:BF:92:6A:3E:5B:ED:01:23:2A:4B:F8:09:C5
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6C404140A75BBB8593057B2E6458116322F91BEE
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Fri 05 Sep 2025 19:41:33 +0000
ROA not before:           Fri 05 Sep 2025 19:36:33 +0000
ROA not after:            Fri 04 Sep 2026 19:41:33 +0000
asID:                     834
IP address blocks:        45.155.19.0/24 maxlen: 24
                          147.78.121.0/24 maxlen: 24
                          193.151.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:40:41:40:a7:5b:bb:85:93:05:7b:2e:64:58:11:63:22:f9:1b:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep  5 19:36:33 2025 GMT
            Not After : Sep  4 19:41:33 2026 GMT
        Subject: CN=F126AB4F4E325CBF926A3E5BED01232A4BF809C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:6d:26:4d:55:40:df:15:74:fb:08:1c:59:69:
                    3f:33:bb:6c:e9:57:16:bd:41:58:0c:65:7f:23:19:
                    7b:22:d3:e0:2f:a4:22:f8:d8:6e:ad:68:35:31:68:
                    08:88:09:36:46:7f:1a:4d:3e:2a:bf:a1:7d:d9:6a:
                    ba:56:33:e2:d6:02:5a:8d:8b:d1:04:95:48:f0:82:
                    1d:eb:c8:87:10:89:fb:f6:c4:3b:99:b3:42:ac:79:
                    4d:4c:39:38:7b:6c:fa:ae:ad:e7:5a:90:75:f2:5f:
                    79:cc:ca:a0:15:20:ab:1e:b3:da:7d:73:3b:f0:ba:
                    8e:14:c2:7a:6c:94:06:43:55:15:38:04:c7:c2:20:
                    95:79:85:29:c8:d4:98:17:34:85:97:73:90:5f:e1:
                    61:9d:87:22:4e:8b:cb:0e:89:89:c8:d6:b3:7c:c9:
                    ca:d2:60:73:90:25:f7:f4:c5:65:39:b3:5b:37:24:
                    9e:35:58:29:02:84:14:57:7b:a5:a0:40:01:61:d6:
                    91:fc:f9:f6:c8:2f:84:5b:be:b4:21:dd:80:e2:17:
                    55:9e:66:36:55:e1:94:72:5d:55:f5:ba:e5:52:7b:
                    cc:8e:77:60:f4:34:b5:aa:72:82:d5:b9:a2:4c:a7:
                    c8:08:dd:b5:45:1c:1e:bc:8b:1e:21:05:f1:94:74:
                    9b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:26:AB:4F:4E:32:5C:BF:92:6A:3E:5B:ED:01:23:2A:4B:F8:09:C5
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.19.0/24
                  147.78.121.0/24
                  193.151.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:52:64:ac:2c:fe:a0:fd:68:5b:39:12:26:e9:27:0f:93:d7:
         5d:87:60:f5:92:53:d5:1e:2f:80:74:74:14:3b:41:70:2b:6e:
         38:10:73:22:51:a2:d7:ca:60:8b:f8:c4:0e:d1:45:d3:a5:be:
         05:cb:20:32:28:0b:10:79:25:62:04:bb:5d:58:49:d4:16:10:
         a9:b7:cc:4c:b9:98:43:7a:0d:31:56:56:93:bb:e3:53:0a:b9:
         bf:8a:b9:a5:04:2e:15:d8:fb:00:25:50:7a:42:ff:82:09:f5:
         57:97:83:91:d7:de:76:5e:e7:14:47:cc:e7:98:a7:8d:5e:c6:
         ca:bb:e2:05:15:44:a0:ff:5d:53:69:06:6a:68:00:94:fd:4b:
         d6:13:07:65:2a:e7:8b:57:fa:f5:f6:2e:68:2c:cc:71:1d:27:
         49:01:68:e8:46:09:7c:e2:dd:14:6d:b0:b4:05:74:3d:cf:c9:
         e3:4b:04:04:88:53:0a:54:83:ed:d2:0f:db:72:28:8e:7c:70:
         d2:4e:cc:ea:28:82:52:19:e4:41:f9:5c:02:85:8d:06:17:05:
         0a:66:63:b9:10:5a:e6:21:1e:d8:8f:28:02:df:27:9d:ef:65:
         65:35:75:3a:f0:fd:d4:f1:08:44:b5:d4:db:9d:7f:32:23:9f:
         bd:34:65:5f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIUbEBBQKdbu4WTBXsuZFgRYyL5G+4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA5MDUxOTM2MzNaFw0yNjA5MDQxOTQxMzNaMDMxMTAvBgNV
BAMTKEYxMjZBQjRGNEUzMjVDQkY5MjZBM0U1QkVEMDEyMzJBNEJGODA5QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKbSZNVUDfFXT7CBxZaT8zu2zp
Vxa9QVgMZX8jGXsi0+AvpCL42G6taDUxaAiICTZGfxpNPiq/oX3ZarpWM+LWAlqN
i9EElUjwgh3ryIcQifv2xDuZs0KseU1MOTh7bPquredakHXyX3nMyqAVIKses9p9
czvwuo4UwnpslAZDVRU4BMfCIJV5hSnI1JgXNIWXc5Bf4WGdhyJOi8sOiYnI1rN8
ycrSYHOQJff0xWU5s1s3JJ41WCkChBRXe6WgQAFh1pH8+fbIL4RbvrQh3YDiF1We
ZjZV4ZRyXVX1uuVSe8yOd2D0NLWqcoLVuaJMp8gI3bVFHB68ix4hBfGUdJu7AgMB
AAGjggITMIICDzAdBgNVHQ4EFgQU8SarT04yXL+Saj5b7QEjKkv4CcUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZsTAwQA
k055AwQAwZe1MA0GCSqGSIb3DQEBCwUAA4IBAQByUmSsLP6g/WhbORIm6ScPk9dd
h2D1klPVHi+AdHQUO0FwK244EHMiUaLXymCL+MQO0UXTpb4FyyAyKAsQeSViBLtd
WEnUFhCpt8xMuZhDeg0xVlaTu+NTCrm/irmlBC4V2PsAJVB6Qv+CCfVXl4OR1952
XucUR8znmKeNXsbKu+IFFUSg/11TaQZqaACU/UvWEwdlKueLV/r19i5oLMxxHSdJ
AWjoRgl84t0UbbC0BXQ9z8njSwQEiFMKVIPt0g/bciiOfHDSTszqKIJSGeRB+VwC
hY0GFwUKZmO5EFrmIR7YjygC3yed72VlNXU68P3U8QhEtdTbnX8yI5+9NGVf
-----END CERTIFICATE-----