Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          c9z9+zM/5Exw7Tei4UaUetsTd//5coQBnZHq1+4y/0I=
Subject key identifier:   C9:37:2C:54:23:8E:1D:84:8D:87:80:BE:B3:B6:84:E1:81:62:04:FA
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       144CB7C4938C3179A011EDA39B46EE7C47EF3507
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa
Signing time:             Wed 15 Apr 2026 12:47:25 +0000
ROA not before:           Wed 15 Apr 2026 12:42:25 +0000
ROA not after:            Wed 14 Apr 2027 12:47:25 +0000
asID:                     834
IP address blocks:        141.11.37.0/24 maxlen: 24
                          141.11.63.0/24 maxlen: 24
                          141.11.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:4c:b7:c4:93:8c:31:79:a0:11:ed:a3:9b:46:ee:7c:47:ef:35:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 15 12:42:25 2026 GMT
            Not After : Apr 14 12:47:25 2027 GMT
        Subject: CN=C9372C54238E1D848D8780BEB3B684E1816204FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:11:e7:64:36:7b:84:73:df:4e:74:14:ea:9a:
                    bc:d3:c9:d8:54:ee:54:7e:b8:e9:82:94:0e:b7:fd:
                    2c:cb:57:d4:36:fc:21:e3:f1:15:44:61:26:73:19:
                    bf:1a:4c:a2:53:b7:74:c2:2b:e5:8c:5f:12:39:87:
                    7a:87:57:b1:65:f5:4e:d8:b6:40:65:30:82:cb:5b:
                    87:d8:c0:f4:e4:5d:4f:d4:43:01:1d:3e:a3:01:1a:
                    a7:8c:6f:ef:62:b0:d0:47:c6:0b:52:a0:e2:04:9f:
                    20:56:40:db:c3:3b:58:d3:2c:88:6c:c2:47:12:e1:
                    29:fc:c9:1e:44:b2:53:4c:51:78:a1:0f:5d:f0:bf:
                    61:41:59:cd:8e:87:e9:d1:33:f9:4e:e6:d5:d0:a6:
                    a6:52:b6:bf:8c:37:e0:07:0d:9b:28:7c:be:a9:56:
                    eb:c3:c9:9b:f4:4b:bd:c0:4d:ff:ad:b8:df:08:8d:
                    66:7f:3e:c5:f3:92:63:48:31:9b:27:a3:0f:c0:1e:
                    27:9e:d1:6f:21:d6:5b:11:d9:c1:74:2c:9c:8a:a9:
                    b6:12:97:d5:fe:1a:f6:0b:dd:ac:58:b5:fd:e4:81:
                    2f:4e:4b:89:f8:ea:c2:33:a9:20:ac:eb:c0:5d:ea:
                    c3:f2:cb:2d:62:a0:1e:03:06:24:e2:a8:67:1e:ca:
                    e1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:37:2C:54:23:8E:1D:84:8D:87:80:BE:B3:B6:84:E1:81:62:04:FA
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.37.0/24
                  141.11.63.0/24
                  141.11.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:bb:53:f8:6a:a9:38:d4:c8:1e:b4:8b:0e:2e:66:b3:2f:2c:
         f6:8b:21:9a:bb:9e:c4:ab:a5:df:03:34:30:f4:f4:8d:c6:d4:
         36:a9:60:f0:2b:d5:32:fa:c8:e6:ed:17:03:68:eb:a8:8b:31:
         bf:e1:f1:de:c7:73:db:b4:94:dc:e3:0a:a5:06:69:2c:29:f4:
         a9:3b:5c:c0:75:47:fd:15:75:e3:70:0e:d1:b4:99:3e:c1:eb:
         48:a7:51:17:fe:9d:72:e8:50:ef:c9:da:5b:fd:84:68:95:d0:
         1e:53:be:cc:69:8d:34:1b:51:53:ef:06:50:a4:85:fc:20:17:
         16:be:c1:d6:dc:b5:b0:e3:64:28:bc:4a:7a:43:69:79:30:ed:
         e2:2c:31:45:77:8a:d1:85:9d:88:f2:76:2b:0a:a3:c3:b1:af:
         01:cb:2a:39:b4:1a:35:db:16:05:a5:fe:f9:80:5f:ac:2c:88:
         b2:41:f1:44:42:8f:15:c6:e6:b3:ff:92:bf:10:d9:90:49:57:
         a6:81:6d:7c:53:04:cd:10:ec:64:c1:78:31:46:6d:f0:fe:7a:
         14:c5:99:15:5e:d7:b0:1d:51:af:0e:b1:44:92:cd:35:88:12:
         a4:92:48:2b:29:1b:36:11:ec:2e:cb:23:a3:f3:38:f3:98:d5:
         79:66:ab:0d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIUFEy3xJOMMXmgEe2jm0bufEfvNQcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MTUxMjQyMjVaFw0yNzA0MTQxMjQ3MjVaMDMxMTAvBgNV
BAMTKEM5MzcyQzU0MjM4RTFEODQ4RDg3ODBCRUIzQjY4NEUxODE2MjA0RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTEedkNnuEc99OdBTqmrzTydhU
7lR+uOmClA63/SzLV9Q2/CHj8RVEYSZzGb8aTKJTt3TCK+WMXxI5h3qHV7Fl9U7Y
tkBlMILLW4fYwPTkXU/UQwEdPqMBGqeMb+9isNBHxgtSoOIEnyBWQNvDO1jTLIhs
wkcS4Sn8yR5EslNMUXihD13wv2FBWc2Oh+nRM/lO5tXQpqZStr+MN+AHDZsofL6p
VuvDyZv0S73ATf+tuN8IjWZ/PsXzkmNIMZsnow/AHiee0W8h1lsR2cF0LJyKqbYS
l9X+GvYL3axYtf3kgS9OS4n46sIzqSCs68Bd6sPyyy1ioB4DBiTiqGceyuG7AgMB
AAGjggITMIICDzAdBgNVHQ4EFgQUyTcsVCOOHYSNh4C+s7aE4YFiBPowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQslAwQA
jQs/AwQAjQuyMA0GCSqGSIb3DQEBCwUAA4IBAQC7u1P4aqk41MgetIsOLmazLyz2
iyGau57Eq6XfAzQw9PSNxtQ2qWDwK9Uy+sjm7RcDaOuoizG/4fHex3PbtJTc4wql
BmksKfSpO1zAdUf9FXXjcA7RtJk+wetIp1EX/p1y6FDvydpb/YRoldAeU77MaY00
G1FT7wZQpIX8IBcWvsHW3LWw42QovEp6Q2l5MO3iLDFFd4rRhZ2I8nYrCqPDsa8B
yyo5tBo12xYFpf75gF+sLIiyQfFEQo8Vxuaz/5K/ENmQSVemgW18UwTNEOxkwXgx
Rm3w/noUxZkVXtewHVGvDrFEks01iBKkkkgrKRs2EewuyyOj8zjzmNV5ZqsN
-----END CERTIFICATE-----