Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          ai+OropJWq5H0rvLHyWpY9mN0GqdSciBgKrx3YADJ/Y=
Subject key identifier:   0C:3D:31:7A:08:FF:80:E8:E6:8D:A9:C4:85:50:47:46:23:FC:32:23
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0BF3968D6C822DBB264547AC5320636EEB54D813
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Mon 18 Nov 2024 09:31:34 +0000
ROA not before:           Mon 18 Nov 2024 09:26:34 +0000
ROA not after:            Mon 17 Nov 2025 09:31:34 +0000
asID:                     834
IP address blocks:        45.151.45.0/24 maxlen: 24
                          45.152.240.0/23 maxlen: 24
                          152.89.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:f3:96:8d:6c:82:2d:bb:26:45:47:ac:53:20:63:6e:eb:54:d8:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 18 09:26:34 2024 GMT
            Not After : Nov 17 09:31:34 2025 GMT
        Subject: CN=0C3D317A08FF80E8E68DA9C48550474623FC3223
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5a:c7:14:50:fd:78:b5:3c:f9:c7:81:8c:57:
                    8d:2e:e2:77:4d:14:26:3d:fa:bd:ed:18:77:96:89:
                    c8:6e:84:52:be:db:67:5f:4e:3d:33:d7:53:cd:25:
                    ff:2a:45:45:22:1e:7f:ae:38:d9:6e:40:77:30:44:
                    0f:2d:7f:77:49:0f:6c:5f:f3:ed:dd:e0:72:9b:9b:
                    f0:b7:aa:24:58:3b:a8:8d:3b:48:2a:bf:b7:01:2c:
                    08:6e:e0:f5:a0:3f:7b:e8:80:12:44:8b:9b:bb:7d:
                    d5:77:31:1c:be:c5:47:fe:4d:c1:21:f3:fa:46:ca:
                    e5:9b:8e:d2:83:16:d6:14:7e:3c:2b:7c:45:b0:05:
                    92:0d:d1:dd:94:26:43:fd:a2:cc:c6:2e:7f:e4:96:
                    eb:92:89:f9:d7:bb:c8:72:d4:bf:eb:ef:58:bb:05:
                    de:68:0e:d9:8b:c5:72:23:3a:43:e7:88:73:0e:46:
                    d0:38:c0:5c:7d:54:54:b9:66:8a:2d:a2:a4:69:4e:
                    80:bf:d1:05:cc:a2:01:57:c2:de:0c:4d:ac:4e:14:
                    ce:81:7c:21:34:7a:8f:d7:c1:5c:49:ae:af:65:91:
                    61:e0:f4:e5:b6:f7:8a:b2:53:c3:39:f0:0d:65:a6:
                    55:62:5d:7e:4f:f1:90:ef:c6:29:0d:69:a5:0a:b1:
                    26:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:3D:31:7A:08:FF:80:E8:E6:8D:A9:C4:85:50:47:46:23:FC:32:23
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.45.0/24
                  45.152.240.0/23
                  152.89.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:97:64:cc:a2:e7:65:88:ca:38:76:57:3d:9d:d5:ad:75:44:
         fc:ac:dd:fc:72:8c:63:62:e1:2b:3e:b9:31:c6:ba:fa:3e:2b:
         e4:e8:cf:24:99:b6:e4:01:fe:3d:d1:ce:d6:c1:a3:d3:c7:df:
         07:b6:29:0e:80:26:10:0d:a4:d0:aa:78:4a:f2:98:93:8b:0e:
         69:f7:ca:5c:27:d7:55:9e:84:b5:b2:f9:23:7c:95:f2:0c:a5:
         2e:49:45:8d:25:6d:84:b0:5b:10:ee:58:4b:25:79:30:b7:d6:
         50:29:32:70:a6:82:bf:8e:2e:f0:62:74:fa:8c:c1:8a:d6:0f:
         4c:2d:82:61:43:ba:c8:36:e7:3a:11:d2:ea:e5:e2:e0:19:28:
         27:56:d1:cf:0d:4f:10:22:e5:d0:bc:f3:b9:80:1c:42:c2:8e:
         be:09:60:0c:b4:13:83:2a:4f:22:c7:69:e5:a3:cd:50:8c:0e:
         28:b3:8d:d6:f5:e4:86:cf:c3:9d:96:24:d2:32:a1:c7:04:9e:
         ee:f7:24:32:e7:2c:66:d0:25:48:68:ee:9c:69:2b:b9:50:90:
         06:71:da:a2:d8:b9:14:bb:7f:57:a4:24:42:61:60:a6:51:17:
         49:b1:f6:b4:98:fe:d6:69:5b:de:b1:2e:f9:9c:32:95:0a:90:
         f0:e3:5f:11
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIUC/OWjWyCLbsmRUesUyBjbutU2BMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMTgwOTI2MzRaFw0yNTExMTcwOTMxMzRaMDMxMTAvBgNV
BAMTKDBDM0QzMTdBMDhGRjgwRThFNjhEQTlDNDg1NTA0NzQ2MjNGQzMyMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDWscUUP14tTz5x4GMV40u4ndN
FCY9+r3tGHeWichuhFK+22dfTj0z11PNJf8qRUUiHn+uONluQHcwRA8tf3dJD2xf
8+3d4HKbm/C3qiRYO6iNO0gqv7cBLAhu4PWgP3vogBJEi5u7fdV3MRy+xUf+TcEh
8/pGyuWbjtKDFtYUfjwrfEWwBZIN0d2UJkP9oszGLn/kluuSifnXu8hy1L/r71i7
Bd5oDtmLxXIjOkPniHMORtA4wFx9VFS5ZootoqRpToC/0QXMogFXwt4MTaxOFM6B
fCE0eo/XwVxJrq9lkWHg9OW294qyU8M58A1lplViXX5P8ZDvxikNaaUKsSYdAgMB
AAGjggITMIICDzAdBgNVHQ4EFgQUDD0xegj/gOjmjanEhVBHRiP8MiMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZctAwQB
LZjwAwQAmFn6MA0GCSqGSIb3DQEBCwUAA4IBAQDFl2TMoudliMo4dlc9ndWtdUT8
rN38coxjYuErPrkxxrr6Pivk6M8kmbbkAf490c7WwaPTx98HtikOgCYQDaTQqnhK
8piTiw5p98pcJ9dVnoS1svkjfJXyDKUuSUWNJW2EsFsQ7lhLJXkwt9ZQKTJwpoK/
ji7wYnT6jMGK1g9MLYJhQ7rINuc6EdLq5eLgGSgnVtHPDU8QIuXQvPO5gBxCwo6+
CWAMtBODKk8ix2nlo81QjA4os43W9eSGz8OdliTSMqHHBJ7u9yQy5yxm0CVIaO6c
aSu5UJAGcdqi2LkUu39XpCRCYWCmURdJsfa0mP7WaVvesS75nDKVCpDw418R
-----END CERTIFICATE-----