Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          WuDrV4TPhp65evUSI0NPXxYKmuTMkpzBXzIQjKHz13g=
Subject key identifier:   13:47:61:69:0E:12:E5:DD:8F:1E:9A:00:21:04:DF:81:69:6B:AC:71
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       41B3840F5DB22A9BB52B3A427282B51ED5A3A733
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa
Signing time:             Fri 01 Aug 2025 00:02:38 +0000
ROA not before:           Thu 31 Jul 2025 23:57:38 +0000
ROA not after:            Fri 31 Jul 2026 00:02:38 +0000
asID:                     834
IP address blocks:        45.152.242.0/24 maxlen: 24
                          45.154.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:b3:84:0f:5d:b2:2a:9b:b5:2b:3a:42:72:82:b5:1e:d5:a3:a7:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul 31 23:57:38 2025 GMT
            Not After : Jul 31 00:02:38 2026 GMT
        Subject: CN=134761690E12E5DD8F1E9A002104DF81696BAC71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c4:bc:09:c2:15:53:a8:28:87:36:45:43:df:
                    b4:7a:35:e4:d2:9a:b3:97:01:05:70:07:b1:b0:b8:
                    28:96:d7:9a:bb:19:96:b9:9f:a1:b8:78:34:a0:90:
                    3f:22:26:4a:1b:dc:36:7a:d2:0f:7d:d3:aa:ed:96:
                    58:79:5f:e6:1d:d2:7a:4e:69:85:cf:a1:4d:1d:7c:
                    df:bd:44:7c:6d:b7:ef:44:12:0e:22:80:c6:04:4a:
                    4e:30:a2:3c:8a:1a:6b:a9:a8:ac:a0:15:75:cb:3f:
                    9c:dd:6d:b8:8b:8e:b0:04:79:78:ef:f4:8f:d0:76:
                    ee:fc:54:b9:bf:f2:ef:62:29:6a:b5:67:dc:7c:5d:
                    79:39:2a:04:0e:34:e4:43:f1:19:7d:ea:1f:9c:20:
                    f9:89:7f:67:c7:5c:08:27:55:23:eb:72:6b:ed:07:
                    0f:c3:5e:81:49:bb:3e:ee:48:f0:cc:5d:74:7c:ee:
                    a7:40:10:76:9d:ed:ea:a8:a7:40:af:81:3a:7b:dc:
                    00:87:f9:5a:83:22:65:bb:7a:29:20:87:84:31:86:
                    43:53:fe:30:cb:25:a9:fa:e2:e1:47:52:7c:78:33:
                    cc:44:4b:54:29:91:be:30:d4:10:0e:b7:22:67:8b:
                    1f:79:4a:82:4b:c2:35:b5:0b:23:aa:48:12:62:fa:
                    33:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:47:61:69:0E:12:E5:DD:8F:1E:9A:00:21:04:DF:81:69:6B:AC:71
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.242.0/24
                  45.154.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:21:6e:9e:2c:21:ec:39:01:c9:30:07:15:be:aa:93:ab:06:
         9b:9b:5e:61:9e:50:c4:ec:40:80:25:21:38:89:66:d2:17:77:
         f4:d1:89:5f:2a:65:de:52:a1:5b:f3:b9:af:bd:7f:f9:5e:00:
         9d:6e:dc:08:b8:f1:df:99:a0:d4:54:9e:d7:3b:ae:e0:6e:16:
         9e:21:95:63:5c:95:f7:c6:10:84:cf:18:32:2f:44:dc:fd:47:
         05:49:fc:2e:ba:e6:eb:2b:32:27:7a:ee:b7:e2:98:5a:c4:c4:
         f2:08:eb:0b:6e:6c:a7:be:22:34:90:86:e4:b4:74:12:dc:b6:
         23:d3:81:16:3a:3d:3d:e6:72:74:10:2e:83:ce:6e:1e:9b:08:
         c8:3c:0a:29:fe:d6:25:78:01:db:90:5c:cf:63:92:9d:14:0e:
         ba:30:8e:ed:69:ef:56:fd:04:1b:99:f6:e7:0a:b6:5f:96:33:
         26:85:2a:2f:e1:db:52:c2:a3:7e:47:fb:46:4d:ad:a9:57:3e:
         1d:f9:ac:03:f3:3a:11:8e:40:ee:21:b0:80:bd:84:c5:82:e3:
         3d:24:37:78:11:88:bc:8e:77:a2:22:93:a0:47:cd:d8:74:97:
         5a:56:fd:4c:bb:a8:fb:71:ae:14:0a:49:2a:58:97:1b:a7:3f:
         56:4b:3a:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQbOED12yKpu1KzpCcoK1HtWjpzMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA3MzEyMzU3MzhaFw0yNjA3MzEwMDAyMzhaMDMxMTAvBgNV
BAMTKDEzNDc2MTY5MEUxMkU1REQ4RjFFOUEwMDIxMDRERjgxNjk2QkFDNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwxLwJwhVTqCiHNkVD37R6NeTS
mrOXAQVwB7GwuCiW15q7GZa5n6G4eDSgkD8iJkob3DZ60g9906rtllh5X+Yd0npO
aYXPoU0dfN+9RHxtt+9EEg4igMYESk4wojyKGmupqKygFXXLP5zdbbiLjrAEeXjv
9I/Qdu78VLm/8u9iKWq1Z9x8XXk5KgQONORD8Rl96h+cIPmJf2fHXAgnVSPrcmvt
Bw/DXoFJuz7uSPDMXXR87qdAEHad7eqop0CvgTp73ACH+VqDImW7eikgh4QxhkNT
/jDLJan64uFHUnx4M8xES1Qpkb4w1BAOtyJnix95SoJLwjW1CyOqSBJi+jNbAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUE0dhaQ4S5d2PHpoAIQTfgWlrrHEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZjyAwQA
LZpqMA0GCSqGSIb3DQEBCwUAA4IBAQA/IW6eLCHsOQHJMAcVvqqTqwabm15hnlDE
7ECAJSE4iWbSF3f00YlfKmXeUqFb87mvvX/5XgCdbtwIuPHfmaDUVJ7XO67gbhae
IZVjXJX3xhCEzxgyL0Tc/UcFSfwuuubrKzIneu634phaxMTyCOsLbmynviI0kIbk
tHQS3LYj04EWOj095nJ0EC6Dzm4emwjIPAop/tYleAHbkFzPY5KdFA66MI7tae9W
/QQbmfbnCrZfljMmhSov4dtSwqN+R/tGTa2pVz4d+awD8zoRjkDuIbCAvYTFguM9
JDd4EYi8jneiIpOgR83YdJdaVv1Mu6j7ca4UCkkqWJcbpz9WSzo3
-----END CERTIFICATE-----