Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          EfYlhtc9t0+bFAr4MFwh+kkZ5CafnUhp7hAp3pSW1sU=
Subject key identifier:   8F:65:EA:9D:F2:38:3A:E5:07:9B:1E:EF:82:84:49:3F:D4:CD:B5:12
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       6DD5B4B5F36EBA83D389D9862CF32BECA4C26ABC
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS834.roa
Signing time:             Thu 18 Sep 2025 09:18:24 +0000
ROA not before:           Thu 18 Sep 2025 09:13:24 +0000
ROA not after:            Thu 17 Sep 2026 09:18:24 +0000
asID:                     834
IP address blocks:        188.119.69.0/24 maxlen: 24
                          193.32.187.0/24 maxlen: 24
                          193.32.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 09:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:d5:b4:b5:f3:6e:ba:83:d3:89:d9:86:2c:f3:2b:ec:a4:c2:6a:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Sep 18 09:13:24 2025 GMT
            Not After : Sep 17 09:18:24 2026 GMT
        Subject: CN=8F65EA9DF2383AE5079B1EEF8284493FD4CDB512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7d:b4:95:ef:71:48:34:2b:fa:88:20:21:ad:
                    99:01:be:d8:51:7d:ff:c6:12:07:db:f3:ff:d9:97:
                    85:e7:80:81:1b:53:74:3f:92:3e:1a:f9:5c:49:56:
                    58:d4:dc:47:f6:99:81:1a:5a:24:b1:1f:97:ec:02:
                    de:ac:a0:d9:2f:78:fb:ca:2d:d4:58:02:9d:ed:08:
                    98:b9:13:9f:65:2e:34:6a:dc:ac:cc:b9:47:00:6a:
                    93:35:82:17:86:e2:a7:6c:e3:53:c9:c9:67:07:23:
                    ea:d0:9d:66:b6:2c:e0:cf:ba:31:dd:5e:03:03:5d:
                    1f:0c:8b:2d:e5:b8:3c:eb:b1:26:65:dd:bf:18:7a:
                    20:12:d9:06:ff:99:fb:4c:9f:c1:9e:25:1b:c4:a6:
                    5d:bf:0f:08:8b:b6:28:e9:b0:48:b3:b9:cb:90:14:
                    87:e6:b7:c4:d0:3c:29:a6:aa:d5:db:c0:9b:99:ec:
                    44:74:79:99:87:4b:ba:e6:bd:c0:23:34:36:96:ee:
                    1a:ff:5c:9d:e9:f7:24:b2:d1:f6:4a:39:04:d1:da:
                    e1:cb:e6:cc:75:43:80:cd:cd:41:4e:26:68:c6:bd:
                    cf:46:1e:4d:f9:5f:62:dc:e0:d3:11:0c:a5:b4:fb:
                    a3:a5:91:69:98:d6:6b:48:5d:11:97:7b:37:b6:05:
                    dc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:65:EA:9D:F2:38:3A:E5:07:9B:1E:EF:82:84:49:3F:D4:CD:B5:12
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.69.0/24
                  193.32.187.0/24
                  193.32.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:e0:56:b6:79:c4:cc:ad:8d:45:f1:df:64:ab:0b:77:30:d4:
         7a:b0:ff:6e:28:c5:c1:60:e8:21:2d:15:41:ec:d2:4b:a7:2e:
         f2:17:48:72:ce:97:d0:c5:c8:aa:1c:45:d1:b5:a1:a7:32:e2:
         d9:d6:09:c2:d0:c1:a0:85:fe:d1:fa:66:3b:b2:ef:cb:b4:c4:
         9a:37:d7:c0:e8:b9:00:de:16:a9:e4:5d:ec:d2:a1:66:46:73:
         74:96:25:cc:db:3b:c4:f0:15:fe:16:70:3f:ac:90:2c:f5:6d:
         79:01:35:00:74:eb:35:b9:74:68:d8:2c:a2:0e:6d:c6:d4:61:
         26:4e:84:a9:65:0d:69:1d:2b:1f:5c:06:50:e3:1e:6c:3a:aa:
         4c:62:72:97:f9:b8:b7:85:86:ae:9b:e1:95:85:dc:66:48:4e:
         34:23:eb:07:fd:be:8a:35:ed:e8:89:02:32:93:85:ef:bb:5c:
         bf:74:9f:a4:9c:e8:39:69:e7:09:b7:22:2a:5b:ee:a3:c2:81:
         a9:6f:c2:bc:b8:2f:6c:75:7d:ae:6c:66:18:86:03:1f:a5:7c:
         53:0a:b1:2a:91:c2:b7:f9:38:a6:39:60:a8:69:da:07:2d:8b:
         83:fa:82:73:96:ea:18:b4:eb:7a:c2:1a:db:81:ef:97:aa:da:
         11:dc:e5:e5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIUbdW0tfNuuoPTidmGLPMr7KTCarwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA5MTgwOTEzMjRaFw0yNjA5MTcwOTE4MjRaMDMxMTAvBgNV
BAMTKDhGNjVFQTlERjIzODNBRTUwNzlCMUVFRjgyODQ0OTNGRDRDREI1MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbfbSV73FINCv6iCAhrZkBvthR
ff/GEgfb8//Zl4XngIEbU3Q/kj4a+VxJVljU3Ef2mYEaWiSxH5fsAt6soNkvePvK
LdRYAp3tCJi5E59lLjRq3KzMuUcAapM1gheG4qds41PJyWcHI+rQnWa2LODPujHd
XgMDXR8Miy3luDzrsSZl3b8YeiAS2Qb/mftMn8GeJRvEpl2/DwiLtijpsEizucuQ
FIfmt8TQPCmmqtXbwJuZ7ER0eZmHS7rmvcAjNDaW7hr/XJ3p9ySy0fZKOQTR2uHL
5sx1Q4DNzUFOJmjGvc9GHk35X2Lc4NMRDKW0+6OlkWmY1mtIXRGXeze2BdwlAgMB
AAGjggITMIICDzAdBgNVHQ4EFgQUj2XqnfI4OuUHmx7vgoRJP9TNtRIwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvHdFAwQA
wSC7AwQAwSDOMA0GCSqGSIb3DQEBCwUAA4IBAQCB4Fa2ecTMrY1F8d9kqwt3MNR6
sP9uKMXBYOghLRVB7NJLpy7yF0hyzpfQxciqHEXRtaGnMuLZ1gnC0MGghf7R+mY7
su/LtMSaN9fA6LkA3hap5F3s0qFmRnN0liXM2zvE8BX+FnA/rJAs9W15ATUAdOs1
uXRo2CyiDm3G1GEmToSpZQ1pHSsfXAZQ4x5sOqpMYnKX+bi3hYaum+GVhdxmSE40
I+sH/b6KNe3oiQIyk4Xvu1y/dJ+knOg5aecJtyIqW+6jwoGpb8K8uC9sdX2ubGYY
hgMfpXxTCrEqkcK3+TimOWCoadoHLYuD+oJzluoYtOt6whrbge+XqtoR3OXl
-----END CERTIFICATE-----