Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          YXLgximnwe5x9bY8jDr5D6t5uTq80ifWqZPZjSOK/T4=
Subject key identifier:   C3:C2:E6:31:E1:12:C0:25:E9:44:20:85:C7:BE:D0:67:6B:43:F5:B2
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3292FC29BACE4E4D501D9CFACCBF3032EE5B4A70
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Wed 23 Apr 2025 14:24:42 +0000
ROA not before:           Wed 23 Apr 2025 14:19:42 +0000
ROA not after:            Wed 22 Apr 2026 14:24:42 +0000
asID:                     834
IP address blocks:        45.152.240.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Apr 2025 19:30:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:92:fc:29:ba:ce:4e:4d:50:1d:9c:fa:cc:bf:30:32:ee:5b:4a:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 23 14:19:42 2025 GMT
            Not After : Apr 22 14:24:42 2026 GMT
        Subject: CN=C3C2E631E112C025E9442085C7BED0676B43F5B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b0:05:ef:35:82:a6:f0:95:4a:b2:0c:14:5c:
                    c8:66:a8:46:00:c5:75:ef:66:75:93:ef:0b:55:0c:
                    2b:1e:c1:ca:bb:c1:67:41:7a:64:f3:e4:2e:52:66:
                    5f:99:f8:0d:a8:c4:98:e9:10:4d:87:c3:0f:3c:44:
                    7f:f5:eb:2a:38:bf:4a:8a:bf:81:d6:69:40:fd:7e:
                    b1:24:78:af:87:5a:7d:e6:18:df:b3:66:80:bc:38:
                    96:fe:30:f3:9e:a9:15:d5:db:5c:71:02:8d:8e:69:
                    50:6c:9d:14:15:fa:1d:85:22:93:90:13:d9:30:3f:
                    40:73:69:ad:01:f2:b9:aa:49:ab:52:bf:0c:34:f1:
                    5b:53:69:0f:b7:0e:53:cf:15:a1:80:af:7e:da:fb:
                    11:78:e8:42:29:61:20:84:9e:c6:13:7a:5e:f8:68:
                    68:a5:67:09:33:b4:7f:60:1f:89:68:27:2a:31:dc:
                    fc:63:e0:63:29:05:09:77:61:f6:7d:6a:2c:e7:97:
                    4e:da:a0:94:36:cc:e7:98:05:53:dd:a6:94:d0:71:
                    bf:3f:a1:70:bd:34:e4:b9:38:e1:c4:a1:c9:e2:11:
                    65:2e:66:5e:5d:13:bb:74:25:32:8d:7a:50:be:4c:
                    ae:f0:e6:8d:c5:ad:9c:83:d7:9e:d7:0b:f6:d4:a3:
                    79:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C2:E6:31:E1:12:C0:25:E9:44:20:85:C7:BE:D0:67:6B:43:F5:B2
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d5:8c:3b:58:04:ed:8d:b4:89:23:fc:9d:df:0c:f7:d9:aa:85:
         14:d2:43:32:ec:23:57:e5:c1:7d:60:85:c9:11:fd:36:74:7e:
         f1:19:49:1c:eb:95:b7:7b:9d:33:3d:75:aa:c1:50:83:21:5b:
         a2:51:98:1a:28:e9:c9:74:05:bb:77:c5:17:2e:b4:cb:21:1d:
         01:91:cf:10:2b:ce:3b:8a:79:0d:51:1a:e1:5f:39:af:5c:c4:
         13:eb:c5:c6:c7:c7:29:7d:06:fb:3d:2d:99:98:c0:2c:b0:bc:
         0a:6d:47:ca:0a:26:a0:84:14:27:ec:0b:70:0a:29:1a:8e:55:
         b5:4f:21:75:53:1b:6e:54:62:f1:46:80:b6:85:52:5e:44:14:
         6c:97:a1:5c:58:56:6b:15:71:6a:04:31:12:27:80:78:9a:56:
         5d:d5:15:28:04:d9:85:21:e2:37:38:e8:08:b4:37:a0:ef:cb:
         9d:b3:73:c5:77:e2:4b:4b:09:36:16:d7:ed:f1:28:38:c5:be:
         0d:56:b2:52:d1:a2:34:89:22:25:3e:ba:1f:dd:b0:dc:fc:11:
         d6:ae:54:8c:80:cf:e4:b3:59:c3:4a:81:7f:a4:ac:89:8a:02:
         d1:ce:62:58:52:21:46:62:a5:2f:91:71:91:36:bb:8c:79:bb:
         ff:ad:d4:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUMpL8KbrOTk1QHZz6zL8wMu5bSnAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA0MjMxNDE5NDJaFw0yNjA0MjIxNDI0NDJaMDMxMTAvBgNV
BAMTKEMzQzJFNjMxRTExMkMwMjVFOTQ0MjA4NUM3QkVEMDY3NkI0M0Y1QjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxsAXvNYKm8JVKsgwUXMhmqEYA
xXXvZnWT7wtVDCsewcq7wWdBemTz5C5SZl+Z+A2oxJjpEE2Hww88RH/16yo4v0qK
v4HWaUD9frEkeK+HWn3mGN+zZoC8OJb+MPOeqRXV21xxAo2OaVBsnRQV+h2FIpOQ
E9kwP0Bzaa0B8rmqSatSvww08VtTaQ+3DlPPFaGAr37a+xF46EIpYSCEnsYTel74
aGilZwkztH9gH4loJyox3Pxj4GMpBQl3YfZ9aiznl07aoJQ2zOeYBVPdppTQcb8/
oXC9NOS5OOHEocniEWUuZl5dE7t0JTKNelC+TK7w5o3FrZyD157XC/bUo3mdAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUw8LmMeESwCXpRCCFx77QZ2tD9bIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZjwMA0G
CSqGSIb3DQEBCwUAA4IBAQDVjDtYBO2NtIkj/J3fDPfZqoUU0kMy7CNX5cF9YIXJ
Ef02dH7xGUkc65W3e50zPXWqwVCDIVuiUZgaKOnJdAW7d8UXLrTLIR0Bkc8QK847
inkNURrhXzmvXMQT68XGx8cpfQb7PS2ZmMAssLwKbUfKCiaghBQn7AtwCikajlW1
TyF1UxtuVGLxRoC2hVJeRBRsl6FcWFZrFXFqBDESJ4B4mlZd1RUoBNmFIeI3OOgI
tDeg78uds3PFd+JLSwk2Ftft8Sg4xb4NVrJS0aI0iSIlProf3bDc/BHWrlSMgM/k
s1nDSoF/pKyJigLRzmJYUiFGYqUvkXGRNruMebv/rdQk
-----END CERTIFICATE-----