Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          zqrmrWhvbNurI14Li176bKkySzgE6rqFPPItd+L60vI=
Subject key identifier:   B3:78:A2:A5:40:A4:EB:89:75:E1:5E:CB:E9:5A:98:31:FA:9F:93:5F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0937FD6D278EB77BA92F3358051AC7AD5C099BB1
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa
Signing time:             Wed 11 Jun 2025 11:43:58 +0000
ROA not before:           Wed 11 Jun 2025 11:38:58 +0000
ROA not after:            Wed 10 Jun 2026 11:43:58 +0000
asID:                     834
IP address blocks:        141.11.230.0/23 maxlen: 24
                          141.11.236.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:37:fd:6d:27:8e:b7:7b:a9:2f:33:58:05:1a:c7:ad:5c:09:9b:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 11 11:38:58 2025 GMT
            Not After : Jun 10 11:43:58 2026 GMT
        Subject: CN=B378A2A540A4EB8975E15ECBE95A9831FA9F935F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5c:67:bd:1d:0d:ea:af:6d:39:57:25:bf:46:
                    31:58:2e:91:b8:41:26:68:df:7f:9d:0d:30:7b:0a:
                    be:c6:c5:32:e7:47:44:4a:f8:79:23:24:2b:b1:ab:
                    af:80:0a:f9:10:2a:7f:e8:db:fb:24:af:16:ee:92:
                    03:78:f2:40:7a:42:50:c0:73:31:c3:73:32:2a:a2:
                    20:d1:f7:88:4b:e1:46:6c:72:4a:0d:2e:c4:9f:8b:
                    17:68:d1:46:69:13:d6:55:4a:4b:33:cf:c5:02:e9:
                    4b:77:2e:87:14:2b:17:4b:73:8d:6e:17:53:dc:bc:
                    3a:4b:17:20:d1:27:b5:09:ef:3c:3e:c4:08:b6:31:
                    fc:bb:5b:88:76:44:ad:6d:2b:4f:04:c1:0a:84:80:
                    b4:b5:85:c6:1f:34:58:12:6d:0c:25:52:25:80:b7:
                    50:0c:66:b1:6d:1a:c5:bf:4d:28:00:d1:d2:10:2c:
                    7e:32:a9:cb:26:37:f1:f4:a0:92:1e:ea:d9:24:72:
                    68:45:b5:28:ab:9a:4b:ae:e3:aa:28:b4:9e:e4:e0:
                    b5:37:e9:7e:9b:78:07:4a:c4:83:f7:a3:04:ee:b6:
                    bc:7c:da:e0:4d:7f:fe:22:cb:7e:d8:ef:e2:91:dd:
                    eb:95:50:66:80:d9:2b:fb:60:82:ef:3c:d8:82:e2:
                    42:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:78:A2:A5:40:A4:EB:89:75:E1:5E:CB:E9:5A:98:31:FA:9F:93:5F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.230.0/23
                  141.11.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:29:89:62:3f:35:cf:04:2d:48:92:4b:8c:0e:25:6a:22:98:
         b0:b7:cd:e5:65:41:c8:69:52:ef:62:33:a5:d6:17:c9:e3:a8:
         f4:c3:c3:e6:e0:f1:29:2e:fa:06:59:f0:38:f0:2b:25:10:86:
         18:21:28:32:58:e4:3c:bc:96:e5:33:53:f7:14:a8:60:e9:f2:
         f3:03:7a:5d:71:a5:13:88:a6:a2:e6:16:ad:db:0d:37:38:3f:
         95:b2:c4:62:3d:3c:9e:c3:8e:41:a0:e6:3f:da:0a:3f:d3:e4:
         99:b9:b3:d8:61:5e:b3:32:ee:06:36:73:9f:92:76:9f:cd:0f:
         18:31:da:c1:f0:d7:18:fd:fa:5b:88:78:47:d0:28:3d:ea:24:
         7a:c1:26:46:ff:03:40:ff:10:ec:25:df:9e:ce:15:d6:35:a6:
         d8:dc:66:09:b8:b5:db:1f:6f:d1:61:5f:ba:c2:d4:e5:e3:67:
         2e:c3:5c:b0:de:1b:36:96:e6:4d:26:b6:b4:11:4f:07:a7:ec:
         bb:89:03:ae:e7:71:37:a8:4e:15:ad:11:ad:28:2f:bf:ae:50:
         14:d5:40:ac:cb:74:41:8c:c2:c5:57:4a:ed:40:61:b2:a8:96:
         15:f7:ec:ac:8f:6b:08:de:9e:f1:db:2b:ee:c9:40:2e:12:25:
         9e:cc:67:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUCTf9bSeOt3upLzNYBRrHrVwJm7EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MTExMTM4NThaFw0yNjA2MTAxMTQzNThaMDMxMTAvBgNV
BAMTKEIzNzhBMkE1NDBBNEVCODk3NUUxNUVDQkU5NUE5ODMxRkE5RjkzNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8XGe9HQ3qr205VyW/RjFYLpG4
QSZo33+dDTB7Cr7GxTLnR0RK+HkjJCuxq6+ACvkQKn/o2/skrxbukgN48kB6QlDA
czHDczIqoiDR94hL4UZsckoNLsSfixdo0UZpE9ZVSkszz8UC6Ut3LocUKxdLc41u
F1PcvDpLFyDRJ7UJ7zw+xAi2Mfy7W4h2RK1tK08EwQqEgLS1hcYfNFgSbQwlUiWA
t1AMZrFtGsW/TSgA0dIQLH4yqcsmN/H0oJIe6tkkcmhFtSirmkuu46ootJ7k4LU3
6X6beAdKxIP3owTutrx82uBNf/4iy37Y7+KR3euVUGaA2Sv7YILvPNiC4kKXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUs3iipUCk64l14V7L6VqYMfqfk18wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBjQvmAwQB
jQvsMA0GCSqGSIb3DQEBCwUAA4IBAQAiKYliPzXPBC1IkkuMDiVqIpiwt83lZUHI
aVLvYjOl1hfJ46j0w8Pm4PEpLvoGWfA48CslEIYYISgyWOQ8vJblM1P3FKhg6fLz
A3pdcaUTiKai5hat2w03OD+VssRiPTyew45BoOY/2go/0+SZubPYYV6zMu4GNnOf
knafzQ8YMdrB8NcY/fpbiHhH0Cg96iR6wSZG/wNA/xDsJd+ezhXWNabY3GYJuLXb
H2/RYV+6wtTl42cuw1yw3hs2luZNJra0EU8Hp+y7iQOu53E3qE4VrRGtKC+/rlAU
1UCsy3RBjMLFV0rtQGGyqJYV9+ysj2sI3p7x2yvuyUAuEiWezGew
-----END CERTIFICATE-----