Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
File:                     AS834.roa (raw, json)
Hash identifier:          oOGCBZGYrV/TVZqnxVP83VA1sbDGCVnpZV+lyR01oEY=
Subject key identifier:   F4:25:E7:42:51:56:4E:69:96:D0:F9:C0:AF:14:33:48:CE:95:4B:6D
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       360AEB335A47C347F6A5E60952BC6C409A359AF1
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
Signing time:             Fri 01 Aug 2025 09:07:05 +0000
ROA not before:           Fri 01 Aug 2025 09:02:05 +0000
ROA not after:            Fri 31 Jul 2026 09:07:05 +0000
asID:                     834
IP address blocks:        143.20.43.0/24 maxlen: 24
                          143.20.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 19:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:0a:eb:33:5a:47:c3:47:f6:a5:e6:09:52:bc:6c:40:9a:35:9a:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Aug  1 09:02:05 2025 GMT
            Not After : Jul 31 09:07:05 2026 GMT
        Subject: CN=F425E74251564E6996D0F9C0AF143348CE954B6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:68:51:bd:79:cd:7a:15:7a:db:20:40:04:d5:
                    7d:e2:07:13:69:bb:7b:1b:be:a4:b5:3c:3a:41:c3:
                    fd:46:5e:20:cd:87:6d:91:28:13:b2:fd:23:eb:56:
                    89:f9:2d:3a:12:91:29:82:33:dd:22:77:e9:0f:42:
                    d5:c1:f8:b5:79:56:4e:c8:8b:60:64:fb:b6:ea:a4:
                    b8:e5:28:2d:72:32:cb:97:23:f0:70:33:42:79:58:
                    53:d6:ec:5c:5e:9d:d2:be:f3:89:7f:5a:5f:cc:3d:
                    6c:ba:c1:72:c6:29:78:74:19:20:37:d5:be:64:5b:
                    38:2d:15:99:ac:90:ea:3f:14:3d:af:8b:27:90:57:
                    cd:f5:eb:f1:13:50:b2:4b:03:e5:73:2c:89:93:3c:
                    af:1a:94:c5:37:b4:82:b6:b5:93:1e:eb:66:d1:dd:
                    43:18:d0:74:23:6c:42:84:d7:e0:a6:55:39:b8:1c:
                    84:dd:53:70:28:0b:c3:74:c1:0a:4a:54:1d:2c:ac:
                    b0:2f:ce:5a:45:48:52:d0:60:97:de:5b:40:fd:77:
                    da:4e:a5:6c:42:04:8e:89:f8:07:c4:c2:f0:57:f6:
                    ab:2b:d9:46:96:34:c9:a6:c6:23:2d:fd:10:16:b8:
                    19:2d:39:4a:b8:0b:53:63:f3:ad:5b:8d:74:cb:41:
                    14:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:25:E7:42:51:56:4E:69:96:D0:F9:C0:AF:14:33:48:CE:95:4B:6D
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.43.0/24
                  143.20.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:60:e0:dd:5f:c6:95:40:47:57:0d:49:57:20:22:de:80:e9:
         0e:f8:90:1c:a3:9e:ef:a7:ee:6b:12:64:08:39:ef:6e:48:4d:
         c2:95:9a:78:80:fe:4e:c8:1a:32:54:04:a9:0d:ee:ee:80:a5:
         87:2e:b7:29:7a:96:95:70:d3:46:f4:ba:df:44:55:62:24:e7:
         6a:9d:ce:12:1b:da:c0:8e:55:35:db:e2:d9:43:05:8f:b3:86:
         1a:c4:53:84:75:32:07:50:13:23:9c:33:2a:a0:7c:39:88:53:
         86:2a:8c:35:7d:fb:97:9d:0e:f4:1e:4c:58:8a:68:c4:d7:6d:
         e5:67:1e:2a:ee:bc:2b:56:43:e4:ed:c1:67:17:bc:39:d9:38:
         cc:91:9a:4f:84:75:5c:67:00:d8:8f:f5:42:cc:27:e0:8b:13:
         40:b8:af:82:79:fa:9b:3c:8c:1a:dd:85:0b:70:29:38:c3:a0:
         92:26:c1:bb:a4:02:d8:9e:90:51:f1:0a:c3:f8:c1:f1:40:a0:
         dc:bf:a7:4b:73:2e:6b:82:f7:6e:91:d2:ff:46:16:e1:08:56:
         ba:6b:f7:cf:1f:67:bf:fe:2e:e4:11:ed:fc:04:58:b1:d5:e2:
         b7:1f:47:c1:55:d6:32:9d:a2:b6:04:d1:41:c0:e9:45:32:88:
         af:75:51:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNgrrM1pHw0f2peYJUrxsQJo1mvEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MDEwOTAyMDVaFw0yNjA3MzEwOTA3MDVaMDMxMTAvBgNV
BAMTKEY0MjVFNzQyNTE1NjRFNjk5NkQwRjlDMEFGMTQzMzQ4Q0U5NTRCNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcaFG9ec16FXrbIEAE1X3iBxNp
u3sbvqS1PDpBw/1GXiDNh22RKBOy/SPrVon5LToSkSmCM90id+kPQtXB+LV5Vk7I
i2Bk+7bqpLjlKC1yMsuXI/BwM0J5WFPW7FxendK+84l/Wl/MPWy6wXLGKXh0GSA3
1b5kWzgtFZmskOo/FD2viyeQV8316/ETULJLA+VzLImTPK8alMU3tIK2tZMe62bR
3UMY0HQjbEKE1+CmVTm4HITdU3AoC8N0wQpKVB0srLAvzlpFSFLQYJfeW0D9d9pO
pWxCBI6J+AfEwvBX9qsr2UaWNMmmxiMt/RAWuBktOUq4C1Nj861bjXTLQRTFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU9CXnQlFWTmmW0PnArxQzSM6VS20wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjxQrAwQA
jxRjMA0GCSqGSIb3DQEBCwUAA4IBAQCcYODdX8aVQEdXDUlXICLegOkO+JAco57v
p+5rEmQIOe9uSE3ClZp4gP5OyBoyVASpDe7ugKWHLrcpepaVcNNG9LrfRFViJOdq
nc4SG9rAjlU12+LZQwWPs4YaxFOEdTIHUBMjnDMqoHw5iFOGKow1ffuXnQ70HkxY
imjE123lZx4q7rwrVkPk7cFnF7w52TjMkZpPhHVcZwDYj/VCzCfgixNAuK+Cefqb
PIwa3YULcCk4w6CSJsG7pALYnpBR8QrD+MHxQKDcv6dLcy5rgvdukdL/RhbhCFa6
a/fPH2e//i7kEe38BFix1eK3H0fBVdYynaK2BNFBwOlFMoivdVFD
-----END CERTIFICATE-----