Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          /WCjpHcgTsW3ZdR3HQbUg05dyNtoF5pThvKW24shCwQ=
Subject key identifier:   1F:FA:3E:80:69:49:0C:DB:77:D6:20:84:3F:A6:A7:69:7B:BE:77:3C
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4C140357E5403BD757526BB517F66BBE89D29B90
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa
Signing time:             Mon 20 Apr 2026 13:44:51 +0000
ROA not before:           Mon 20 Apr 2026 13:39:51 +0000
ROA not after:            Mon 19 Apr 2027 13:44:51 +0000
asID:                     834
IP address blocks:        141.11.63.0/24 maxlen: 24
                          141.11.108.0/24 maxlen: 24
                          141.11.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 13:21:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:14:03:57:e5:40:3b:d7:57:52:6b:b5:17:f6:6b:be:89:d2:9b:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 20 13:39:51 2026 GMT
            Not After : Apr 19 13:44:51 2027 GMT
        Subject: CN=1FFA3E8069490CDB77D620843FA6A7697BBE773C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:07:18:93:b3:5f:f0:f6:40:6f:92:38:37:5b:
                    68:2d:02:15:04:42:a1:2e:52:c0:cf:06:93:55:c3:
                    b7:14:c7:f7:c8:23:61:b9:2e:ca:b6:ef:f9:67:96:
                    00:77:60:b3:d3:0b:60:d0:2a:f9:12:fe:25:86:d4:
                    ba:88:d1:53:0c:d3:49:2b:b9:58:2a:de:61:3e:93:
                    3a:b6:f5:3e:96:5a:bb:26:95:37:5c:79:3f:d4:94:
                    83:b8:c7:48:9e:44:24:bd:ac:03:6e:59:2d:22:f6:
                    2f:c4:fc:1d:72:bc:ac:eb:d1:bf:8b:2a:9f:b4:29:
                    21:e4:ca:05:1a:f4:c0:23:06:d1:39:09:8b:a1:7a:
                    8c:67:39:fc:d9:2f:1e:d7:0e:01:3f:58:06:9f:b8:
                    0e:72:34:10:ad:36:d7:ba:64:1d:bb:69:a8:02:91:
                    10:83:96:30:55:86:eb:47:c2:75:9e:82:46:66:b0:
                    be:54:d6:2e:d7:53:1b:63:87:d3:75:01:4f:55:7f:
                    a1:04:2b:ad:c9:99:7a:b5:ec:a3:89:28:8c:f4:ea:
                    55:5f:c0:60:f6:01:79:7c:ad:00:9e:85:a1:a1:bc:
                    f3:04:27:c4:3d:7e:af:69:61:cc:f0:67:81:29:02:
                    8b:19:78:eb:c5:dd:f3:13:2a:42:48:b3:65:c8:e6:
                    34:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:FA:3E:80:69:49:0C:DB:77:D6:20:84:3F:A6:A7:69:7B:BE:77:3C
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.63.0/24
                  141.11.108.0/24
                  141.11.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:51:90:2b:83:7f:22:de:f1:f5:eb:7e:d8:98:43:f9:b9:64:
         d8:2f:94:8c:5d:2a:4d:fe:8d:2a:00:93:11:01:b5:04:f3:c1:
         3f:e0:88:ff:a8:7f:69:fd:e2:63:71:be:bd:36:de:65:09:3a:
         1e:60:9d:99:98:80:89:81:9a:9a:99:de:97:9c:7b:70:dd:90:
         f0:d4:bb:73:01:8f:26:cb:a3:29:8d:44:85:3e:8c:8e:1b:7f:
         26:df:64:e7:71:07:fe:a2:79:4f:04:d5:2d:1a:5a:ce:d2:8c:
         48:16:f8:87:bc:8b:7c:6d:45:aa:5d:77:44:27:c7:42:90:ea:
         be:c5:ab:9c:a3:9c:f4:6a:3b:e2:dc:a7:de:d7:28:10:a7:86:
         c7:87:b9:57:ef:cb:86:9a:e1:d8:b2:62:60:d4:89:85:ff:e9:
         bf:4b:15:12:a6:19:9d:83:ee:d6:87:e3:97:ab:1c:14:6b:bd:
         bb:0b:cf:26:79:da:4d:e7:c6:e2:26:20:67:6e:fe:66:78:6c:
         71:3e:75:3f:1e:7a:24:05:6e:f9:a0:9a:9d:38:9e:11:58:2a:
         48:9c:c5:c0:25:9c:2e:2e:b0:33:78:a9:31:b0:dc:fa:05:53:
         c0:f4:0d:b4:d7:8e:c9:68:cf:4d:57:6f:dd:7b:aa:5b:c3:10:
         f3:9e:da:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIUTBQDV+VAO9dXUmu1F/ZrvonSm5AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MjAxMzM5NTFaFw0yNzA0MTkxMzQ0NTFaMDMxMTAvBgNV
BAMTKDFGRkEzRTgwNjk0OTBDREI3N0Q2MjA4NDNGQTZBNzY5N0JCRTc3M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdBxiTs1/w9kBvkjg3W2gtAhUE
QqEuUsDPBpNVw7cUx/fII2G5Lsq27/lnlgB3YLPTC2DQKvkS/iWG1LqI0VMM00kr
uVgq3mE+kzq29T6WWrsmlTdceT/UlIO4x0ieRCS9rANuWS0i9i/E/B1yvKzr0b+L
Kp+0KSHkygUa9MAjBtE5CYuheoxnOfzZLx7XDgE/WAafuA5yNBCtNte6ZB27aagC
kRCDljBVhutHwnWegkZmsL5U1i7XUxtjh9N1AU9Vf6EEK63JmXq17KOJKIz06lVf
wGD2AXl8rQCehaGhvPMEJ8Q9fq9pYczwZ4EpAosZeOvF3fMTKkJIs2XI5jQ5AgMB
AAGjggITMIICDzAdBgNVHQ4EFgQUH/o+gGlJDNt31iCEP6anaXu+dzwwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQs/AwQA
jQtsAwQAjQuyMA0GCSqGSIb3DQEBCwUAA4IBAQDIUZArg38i3vH1637YmEP5uWTY
L5SMXSpN/o0qAJMRAbUE88E/4Ij/qH9p/eJjcb69Nt5lCToeYJ2ZmICJgZqamd6X
nHtw3ZDw1LtzAY8my6MpjUSFPoyOG38m32TncQf+onlPBNUtGlrO0oxIFviHvIt8
bUWqXXdEJ8dCkOq+xauco5z0ajvi3Kfe1ygQp4bHh7lX78uGmuHYsmJg1ImF/+m/
SxUSphmdg+7Wh+OXqxwUa727C88medpN58biJiBnbv5meGxxPnU/HnokBW75oJqd
OJ4RWCpInMXAJZwuLrAzeKkxsNz6BVPA9A20147JaM9NV2/de6pbwxDzntoO
-----END CERTIFICATE-----