Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          fOAC5jgZ2QRqRBUqVyBvSaP410D7kpS/La6egvHpRaI=
Subject key identifier:   95:18:CA:09:8A:CE:F2:63:15:E7:A8:80:90:5C:B7:4A:62:F3:15:D7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       49B72872D78DDE41D523F77618BC2C11954894C1
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa
Signing time:             Sat 13 Jun 2026 03:02:45 +0000
ROA not before:           Sat 13 Jun 2026 02:57:45 +0000
ROA not after:            Sat 12 Jun 2027 03:02:45 +0000
asID:                     834
IP address blocks:        141.11.88.0/23 maxlen: 24
                          141.11.192.0/24 maxlen: 24
                          141.11.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:b7:28:72:d7:8d:de:41:d5:23:f7:76:18:bc:2c:11:95:48:94:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 13 02:57:45 2026 GMT
            Not After : Jun 12 03:02:45 2027 GMT
        Subject: CN=9518CA098ACEF26315E7A880905CB74A62F315D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:09:18:57:fb:a1:fe:59:38:5f:25:3e:9b:2e:
                    c7:8a:03:b5:6b:88:00:6b:23:a1:19:d1:03:df:51:
                    2f:35:bb:83:68:67:02:5c:07:94:fb:09:0c:bf:f8:
                    3a:e8:73:49:45:13:29:a8:79:48:cd:50:c6:c8:98:
                    54:d3:47:4c:58:23:2e:ba:a4:36:8f:57:a8:2f:9c:
                    eb:f2:b1:44:7c:cb:79:61:73:ed:f1:6b:4a:14:a3:
                    ce:c6:1d:b3:0d:f5:e5:e8:52:9e:4b:26:ba:ab:ba:
                    7a:29:9a:63:5a:10:f5:9f:32:af:6b:df:43:98:c6:
                    b8:57:fe:30:94:7b:6c:0a:c7:2c:1a:84:4c:58:13:
                    17:16:25:c2:67:1b:1a:2e:e1:e5:bc:b0:0d:ee:91:
                    07:0d:92:5c:2c:99:7f:37:44:b7:e9:ca:7d:fc:ff:
                    63:9f:f4:56:89:79:35:80:e4:ac:c3:12:1f:de:69:
                    db:49:27:c1:db:a9:57:4f:81:1a:55:d9:ab:08:04:
                    47:36:94:76:52:40:bd:83:c8:40:7d:a2:ea:ca:1e:
                    3c:4d:3c:9a:7c:8e:ee:68:50:41:51:1b:e5:40:e7:
                    d2:9b:47:ce:3c:17:47:c9:6f:2b:e3:0b:b9:e8:0c:
                    af:de:4d:87:e9:a3:c9:ea:0b:35:da:0e:8e:58:9f:
                    6c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:18:CA:09:8A:CE:F2:63:15:E7:A8:80:90:5C:B7:4A:62:F3:15:D7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.88.0/23
                  141.11.192.0/24
                  141.11.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:d4:87:f6:e5:5c:de:78:5d:cb:6f:75:32:1f:cf:75:6e:dc:
         99:da:55:5f:80:2b:e5:f9:06:e9:79:82:b2:a2:a9:93:18:5b:
         47:14:3d:53:4c:17:58:01:c9:80:9e:a8:45:46:c2:79:a8:a8:
         b4:1a:2e:bb:fe:9f:17:d4:68:f6:4d:8e:6a:52:3b:f5:c2:ed:
         3e:df:4c:58:41:4a:61:bb:52:5a:87:24:2d:4f:6f:fb:e8:9f:
         59:5b:5c:c6:de:0e:6b:14:fd:a9:a7:18:38:95:1d:a2:c6:7d:
         ef:79:48:ad:d1:7b:98:bb:c4:3d:89:71:a3:78:ec:44:59:7c:
         f4:e6:e1:cf:3f:97:b2:22:5e:fb:0c:ee:ec:75:4c:be:ce:c0:
         8d:88:b1:53:47:b8:d8:f4:ad:a5:aa:9b:cf:1b:a7:9e:d9:fc:
         e2:1d:c8:26:43:87:b7:6e:1b:bd:ae:61:be:10:e2:5b:ca:8b:
         f4:f2:0e:f5:25:8c:b3:52:3e:b0:ca:e8:b8:ff:5a:a9:23:b3:
         07:d9:05:53:8a:e8:f4:80:35:b5:0b:b2:7a:dc:97:a2:fb:31:
         bb:ae:86:f8:05:77:29:bc:91:ae:92:22:f7:af:ec:e8:1c:d5:
         04:66:dc:06:43:88:c4:b0:93:73:80:36:29:32:4a:5e:68:ca:
         62:00:76:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIUSbcocteN3kHVI/d2GLwsEZVIlMEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MTMwMjU3NDVaFw0yNzA2MTIwMzAyNDVaMDMxMTAvBgNV
BAMTKDk1MThDQTA5OEFDRUYyNjMxNUU3QTg4MDkwNUNCNzRBNjJGMzE1RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOCRhX+6H+WThfJT6bLseKA7Vr
iABrI6EZ0QPfUS81u4NoZwJcB5T7CQy/+Droc0lFEymoeUjNUMbImFTTR0xYIy66
pDaPV6gvnOvysUR8y3lhc+3xa0oUo87GHbMN9eXoUp5LJrqrunopmmNaEPWfMq9r
30OYxrhX/jCUe2wKxywahExYExcWJcJnGxou4eW8sA3ukQcNklwsmX83RLfpyn38
/2Of9FaJeTWA5KzDEh/eadtJJ8HbqVdPgRpV2asIBEc2lHZSQL2DyEB9ourKHjxN
PJp8ju5oUEFRG+VA59KbR848F0fJbyvjC7noDK/eTYfpo8nqCzXaDo5Yn2zTAgMB
AAGjggITMIICDzAdBgNVHQ4EFgQUlRjKCYrO8mMV56iAkFy3SmLzFdcwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBjQtYAwQA
jQvAAwQAjQvTMA0GCSqGSIb3DQEBCwUAA4IBAQAN1If25VzeeF3Lb3UyH891btyZ
2lVfgCvl+QbpeYKyoqmTGFtHFD1TTBdYAcmAnqhFRsJ5qKi0Gi67/p8X1Gj2TY5q
Ujv1wu0+30xYQUphu1JahyQtT2/76J9ZW1zG3g5rFP2ppxg4lR2ixn3veUit0XuY
u8Q9iXGjeOxEWXz05uHPP5eyIl77DO7sdUy+zsCNiLFTR7jY9K2lqpvPG6ee2fzi
HcgmQ4e3bhu9rmG+EOJbyov08g71JYyzUj6wyui4/1qpI7MH2QVTiuj0gDW1C7J6
3Jei+zG7rob4BXcpvJGukiL3r+zoHNUEZtwGQ4jEsJNzgDYpMkpeaMpiAHYZ
-----END CERTIFICATE-----