Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          dwC3TIPAJovi1VhCe8ZEuuwpxOj0VYq+PZTxBjoHNM8=
Subject key identifier:   23:79:05:B5:6F:B1:47:FB:76:DE:30:6A:E9:ED:69:42:C3:1F:85:6F
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2731E50EB810BDDC7B31A5F9A9F2CE456372C7ED
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Wed 15 Apr 2026 00:02:45 +0000
ROA not before:           Tue 14 Apr 2026 23:57:45 +0000
ROA not after:            Wed 14 Apr 2027 00:02:45 +0000
asID:                     834
IP address blocks:        45.157.18.0/24 maxlen: 24
                          45.158.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:31:e5:0e:b8:10:bd:dc:7b:31:a5:f9:a9:f2:ce:45:63:72:c7:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 14 23:57:45 2026 GMT
            Not After : Apr 14 00:02:45 2027 GMT
        Subject: CN=237905B56FB147FB76DE306AE9ED6942C31F856F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a0:1a:e9:60:5c:a8:8f:64:f5:90:03:af:53:
                    0b:57:a8:e9:a9:4f:ee:f7:1e:9b:0f:87:73:98:5c:
                    14:dd:58:9c:82:70:53:fe:06:73:ac:a3:9a:50:70:
                    b9:c0:25:e7:97:39:28:ce:7d:7f:b9:7c:44:26:a9:
                    16:14:14:53:40:a4:83:da:a7:5f:47:72:a1:4c:83:
                    6a:b8:60:e2:fd:24:c9:0e:e5:5a:85:1c:37:5f:a0:
                    9d:04:84:e1:b5:ae:20:56:be:dd:fa:8c:05:c6:8b:
                    18:49:e9:23:27:b2:b3:4a:d9:a4:8d:5d:de:80:20:
                    2f:82:1c:bc:b0:65:c7:d5:71:d9:0c:96:b2:f6:67:
                    d2:c8:1a:a4:a3:1f:88:80:e8:50:40:bc:57:c4:58:
                    4b:fc:30:5a:1d:a0:ff:cc:da:5a:96:35:ab:6d:2f:
                    27:25:75:15:4a:54:dc:08:06:d5:75:e9:1f:e7:0e:
                    e3:02:47:af:27:71:a7:d0:8f:7d:36:b9:dc:fd:94:
                    52:06:51:12:30:78:e9:e5:21:09:8a:b6:89:d2:d1:
                    2c:f4:29:bf:d4:60:1e:09:c5:32:97:f6:97:17:b8:
                    7a:4e:70:14:dd:82:12:19:0f:06:9c:b8:1a:38:fb:
                    18:d2:71:8d:bc:35:76:ff:75:26:08:42:e0:9f:45:
                    b4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:79:05:B5:6F:B1:47:FB:76:DE:30:6A:E9:ED:69:42:C3:1F:85:6F
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.18.0/24
                  45.158.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:61:28:5b:b0:8d:f1:9d:c8:aa:d5:7b:5f:24:46:8b:73:a1:
         33:27:92:a2:72:e6:56:4c:7b:cc:17:55:fe:c2:f3:11:e1:b1:
         3b:3c:a6:52:ff:48:21:28:1c:00:32:0c:59:bf:70:07:52:47:
         61:18:60:78:00:62:9c:bd:33:e8:95:e5:d8:9b:dc:d2:cd:92:
         5c:85:67:cf:4c:60:ce:06:80:88:ff:2b:d4:d2:f2:c5:b1:f4:
         91:e7:39:8b:45:94:3e:cc:a7:f0:97:3f:b5:b7:3c:d9:39:7f:
         27:7f:90:bf:79:24:46:7a:c6:9d:84:50:9a:50:2d:a5:28:fd:
         16:0f:d0:ef:cb:34:28:b4:2a:ea:21:7b:d9:09:ca:6e:06:82:
         44:88:6f:63:60:73:80:30:95:07:98:b9:7b:46:f8:26:38:6c:
         4a:e5:ef:18:13:71:01:af:9d:9a:84:e1:7a:3a:53:45:03:11:
         b1:a9:83:b0:e7:e3:b3:52:ca:39:e4:10:2d:bb:48:29:a8:4a:
         12:c4:19:02:f2:60:88:71:49:69:4e:f5:69:e0:e2:ff:82:be:
         61:43:71:16:02:5b:1b:3b:0d:cd:c0:58:bc:fd:37:5f:ad:28:
         7e:c3:b9:ee:f4:29:dd:0d:04:b7:fa:53:c6:b6:b5:5b:55:6a:
         12:4d:bc:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUJzHlDrgQvdx7MaX5qfLORWNyx+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA0MTQyMzU3NDVaFw0yNzA0MTQwMDAyNDVaMDMxMTAvBgNV
BAMTKDIzNzkwNUI1NkZCMTQ3RkI3NkRFMzA2QUU5RUQ2OTQyQzMxRjg1NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4oBrpYFyoj2T1kAOvUwtXqOmp
T+73HpsPh3OYXBTdWJyCcFP+BnOso5pQcLnAJeeXOSjOfX+5fEQmqRYUFFNApIPa
p19HcqFMg2q4YOL9JMkO5VqFHDdfoJ0EhOG1riBWvt36jAXGixhJ6SMnsrNK2aSN
Xd6AIC+CHLywZcfVcdkMlrL2Z9LIGqSjH4iA6FBAvFfEWEv8MFodoP/M2lqWNatt
LycldRVKVNwIBtV16R/nDuMCR68ncafQj302udz9lFIGURIweOnlIQmKtonS0Sz0
Kb/UYB4JxTKX9pcXuHpOcBTdghIZDwacuBo4+xjScY28NXb/dSYIQuCfRbTbAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUI3kFtW+xR/t23jBq6e1pQsMfhW8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ0SAwQA
LZ4JMA0GCSqGSIb3DQEBCwUAA4IBAQBtYShbsI3xnciq1XtfJEaLc6EzJ5KicuZW
THvMF1X+wvMR4bE7PKZS/0ghKBwAMgxZv3AHUkdhGGB4AGKcvTPoleXYm9zSzZJc
hWfPTGDOBoCI/yvU0vLFsfSR5zmLRZQ+zKfwlz+1tzzZOX8nf5C/eSRGesadhFCa
UC2lKP0WD9DvyzQotCrqIXvZCcpuBoJEiG9jYHOAMJUHmLl7RvgmOGxK5e8YE3EB
r52ahOF6OlNFAxGxqYOw5+OzUso55BAtu0gpqEoSxBkC8mCIcUlpTvVp4OL/gr5h
Q3EWAlsbOw3NwFi8/TdfrSh+w7nu9CndDQS3+lPGtrVbVWoSTbxl
-----END CERTIFICATE-----