Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          HquX8/rnvnBLX36lbeRp6Ay/RxvMzqEb0tGI9ijv3e4=
Subject key identifier:   F6:AE:2F:D0:79:0E:C7:86:0D:29:5A:F8:2C:ED:6E:57:8B:C9:CA:9D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2945DD966AEFD890716D4B0E7306CCACF43FCA15
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Thu 26 Feb 2026 12:23:09 +0000
ROA not before:           Thu 26 Feb 2026 12:18:09 +0000
ROA not after:            Thu 25 Feb 2027 12:23:09 +0000
asID:                     834
IP address blocks:        147.78.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:45:dd:96:6a:ef:d8:90:71:6d:4b:0e:73:06:cc:ac:f4:3f:ca:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 26 12:18:09 2026 GMT
            Not After : Feb 25 12:23:09 2027 GMT
        Subject: CN=F6AE2FD0790EC7860D295AF82CED6E578BC9CA9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d2:27:ef:c2:4b:69:c9:25:34:7f:a2:75:bc:
                    cd:af:e6:9e:fb:6b:05:ae:a8:c1:52:4c:91:09:d2:
                    19:47:57:13:53:a3:be:86:62:d8:ab:af:17:91:70:
                    dc:30:29:d6:4b:38:ea:67:f9:72:3d:ac:13:55:01:
                    d2:df:fc:d4:e9:ce:91:3f:f4:6a:ba:2a:c5:58:40:
                    5b:77:c1:08:9f:b0:24:62:ea:37:d4:61:e9:88:aa:
                    37:f4:bd:18:b2:64:c2:18:64:dd:ce:bd:55:e9:07:
                    2a:da:65:69:fc:d5:07:cc:15:61:50:26:a9:c6:45:
                    2a:97:18:12:50:14:5c:51:09:bf:cf:28:bd:8c:df:
                    0f:79:34:f0:3b:78:ed:0f:ac:33:7a:24:b8:2c:e4:
                    b8:13:92:d8:0c:ba:5b:5d:b5:da:d3:98:1f:1d:ea:
                    de:27:a9:cd:e4:7a:67:18:46:e4:0a:e7:a4:a5:43:
                    7e:a1:e5:8b:a1:f7:c7:4c:ad:0c:e8:f6:64:df:13:
                    a7:26:89:05:6b:ef:8c:c7:69:31:32:a7:28:d9:02:
                    ce:69:b6:b2:1c:95:88:9b:ae:0b:b3:a6:e6:61:13:
                    5a:22:3b:30:08:97:f2:7f:ba:d6:69:22:ba:63:26:
                    1d:62:42:50:57:fe:ae:ae:80:d1:c8:d8:8d:fe:30:
                    be:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:AE:2F:D0:79:0E:C7:86:0D:29:5A:F8:2C:ED:6E:57:8B:C9:CA:9D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ab:ac:eb:83:c1:2b:6d:7a:68:b1:57:58:a6:d8:8c:4d:85:
         65:79:a2:a7:8e:f0:18:f3:92:a3:b0:98:6d:8d:83:fd:58:a1:
         38:e2:f9:3c:4c:35:54:69:28:b6:67:dc:ee:82:07:40:88:87:
         48:a7:c5:c9:2e:58:42:dc:3a:88:88:36:d5:c9:0b:95:1a:1b:
         59:7a:f9:d1:3d:e1:eb:8e:70:d1:3b:a3:b6:a7:b8:3f:3c:8c:
         db:62:32:16:47:37:0d:76:c8:6b:68:da:e1:be:03:5e:26:38:
         62:20:5d:36:ea:1e:b4:57:68:41:fc:ba:dc:78:b8:91:da:28:
         15:1c:79:6e:1d:49:85:6f:41:0e:c7:49:65:0f:77:34:e6:b2:
         f7:d4:a6:55:c3:4f:a3:28:fe:66:59:f6:74:3c:ae:67:a5:a4:
         22:9a:0e:4a:18:6e:2b:e0:f6:3b:e8:f5:52:72:79:6b:3c:a6:
         d5:9c:44:25:5f:ae:d5:5d:ff:e0:d7:14:6b:a9:b6:04:5c:80:
         68:5d:2e:98:77:30:cb:7f:46:b1:f3:51:98:21:85:97:67:63:
         d2:1a:76:a5:31:fd:7d:c5:7c:04:dc:09:97:30:c4:3d:3d:3e:
         09:e1:f9:8e:7a:f7:fc:9a:10:f8:d4:0a:c4:09:5a:21:a9:5b:
         72:a1:a2:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUKUXdlmrv2JBxbUsOcwbMrPQ/yhUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAyMjYxMjE4MDlaFw0yNzAyMjUxMjIzMDlaMDMxMTAvBgNV
BAMTKEY2QUUyRkQwNzkwRUM3ODYwRDI5NUFGODJDRUQ2RTU3OEJDOUNBOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn0ifvwktpySU0f6J1vM2v5p77
awWuqMFSTJEJ0hlHVxNTo76GYtirrxeRcNwwKdZLOOpn+XI9rBNVAdLf/NTpzpE/
9Gq6KsVYQFt3wQifsCRi6jfUYemIqjf0vRiyZMIYZN3OvVXpByraZWn81QfMFWFQ
JqnGRSqXGBJQFFxRCb/PKL2M3w95NPA7eO0PrDN6JLgs5LgTktgMultdtdrTmB8d
6t4nqc3kemcYRuQK56SlQ36h5Yuh98dMrQzo9mTfE6cmiQVr74zHaTEypyjZAs5p
trIclYibrguzpuZhE1oiOzAIl/J/utZpIrpjJh1iQlBX/q6ugNHI2I3+ML5LAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQU9q4v0HkOx4YNKVr4LO1uV4vJyp0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk057MA0G
CSqGSIb3DQEBCwUAA4IBAQBMq6zrg8ErbXposVdYptiMTYVleaKnjvAY85KjsJht
jYP9WKE44vk8TDVUaSi2Z9zuggdAiIdIp8XJLlhC3DqIiDbVyQuVGhtZevnRPeHr
jnDRO6O2p7g/PIzbYjIWRzcNdshraNrhvgNeJjhiIF026h60V2hB/LrceLiR2igV
HHluHUmFb0EOx0llD3c05rL31KZVw0+jKP5mWfZ0PK5npaQimg5KGG4r4PY76PVS
cnlrPKbVnEQlX67VXf/g1xRrqbYEXIBoXS6YdzDLf0ax81GYIYWXZ2PSGnalMf19
xXwE3AmXMMQ9PT4J4fmOevf8mhD41ArECVohqVtyoaJq
-----END CERTIFICATE-----