Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32352e302f32342d3234203d3e203633303233.roa
File:                     34362e3138332e32352e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier:          4jq0qwMJqWtfRUuzz3vPyKHtua4FM5/8Y3cvVGfTKBM=
Subject key identifier:   1E:AF:66:B7:1E:89:01:B7:41:77:CF:C7:CE:AF:7D:D5:3B:5D:C0:2D
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       2C38485C9CBE21BAAF48616476769093D0EE6CC0
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32352e302f32342d3234203d3e203633303233.roa
Signing time:             Mon 21 Apr 2025 10:54:03 +0000
ROA not before:           Mon 21 Apr 2025 10:49:03 +0000
ROA not after:            Mon 20 Apr 2026 10:54:03 +0000
asID:                     63023
IP address blocks:        46.183.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 03:50:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:38:48:5c:9c:be:21:ba:af:48:61:64:76:76:90:93:d0:ee:6c:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Apr 21 10:49:03 2025 GMT
            Not After : Apr 20 10:54:03 2026 GMT
        Subject: CN=1EAF66B71E8901B74177CFC7CEAF7DD53B5DC02D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ed:a8:bc:e7:17:b5:7e:a2:6e:61:06:08:a9:
                    96:ef:f8:ed:7c:61:0c:9f:9c:df:28:21:6e:ec:d2:
                    40:59:d7:30:b6:a7:5a:1f:7c:6d:d5:3a:94:63:dd:
                    6e:65:eb:f3:77:2c:45:5c:dc:5e:e4:60:a1:91:cf:
                    49:23:61:91:c6:e9:5c:4e:45:c9:77:7c:72:a5:66:
                    77:8f:f4:92:3b:59:68:22:d9:81:f7:11:b7:49:e7:
                    ee:d6:cb:a4:6b:63:c8:bb:f5:be:4f:91:6c:57:ef:
                    4c:a0:1d:a5:ae:1f:83:b8:26:01:c9:4d:5b:48:b2:
                    f7:44:af:a6:45:d8:01:f2:bc:59:53:3d:af:5f:90:
                    4c:06:f5:61:0c:20:33:96:b3:fe:6b:cf:aa:3b:a7:
                    e7:18:72:84:81:fc:53:31:66:96:b3:7d:e7:4f:48:
                    4c:83:56:5a:52:08:94:4b:17:e7:b3:16:05:2c:1c:
                    cb:dc:d6:de:06:63:2e:b1:fb:c4:42:d9:47:6f:bc:
                    1f:16:22:25:f3:3f:4b:60:50:a2:e5:64:92:24:5f:
                    2c:81:46:91:05:12:47:ef:05:1a:5e:f9:ab:2b:70:
                    a4:e2:a2:2c:a0:c7:54:48:a5:84:f8:72:bc:b4:6b:
                    b4:87:84:ef:5e:1d:54:28:68:dd:44:04:53:09:77:
                    0e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:AF:66:B7:1E:89:01:B7:41:77:CF:C7:CE:AF:7D:D5:3B:5D:C0:2D
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32352e302f32342d3234203d3e203633303233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:16:bb:91:73:25:e8:a4:f2:08:11:23:f3:cc:cc:7d:b9:46:
         a8:df:73:ec:08:5f:4c:b9:f6:e3:6a:e3:b8:8c:10:61:66:35:
         30:2c:fc:da:5d:47:76:8a:49:5a:1a:ec:fc:d6:55:e8:dc:bb:
         d7:f1:1e:85:5a:3d:4a:a4:3a:53:37:97:5e:8a:a9:c1:f3:55:
         4f:bc:16:29:b4:f5:3f:e4:77:34:3d:27:59:77:ab:0a:19:c0:
         11:49:56:92:b6:fc:82:48:45:0f:ad:1a:5a:b8:d0:25:ef:0a:
         97:3b:4d:2c:06:42:99:19:dd:44:95:b8:e8:43:7d:9b:f6:c6:
         a2:93:6b:03:14:7d:0d:22:a8:53:96:89:6b:29:47:fb:8f:85:
         0f:b4:fb:51:8a:bc:94:d0:45:d3:2e:99:0f:a8:e9:f4:12:7c:
         cc:62:4e:6a:fb:94:02:e5:cf:09:9b:9e:e6:58:2c:2d:85:43:
         0a:a7:4b:2a:99:53:af:3d:e0:ac:1e:85:09:55:f0:27:55:28:
         6e:62:dd:75:21:bb:1c:19:19:73:88:3e:ed:05:3f:4e:94:65:
         0e:58:b9:51:23:32:4e:3a:e1:2c:b4:cb:d5:d0:53:a8:02:8d:
         f0:80:fb:a2:36:a2:65:a6:69:62:91:67:06:8a:02:6d:7a:8b:
         0f:b3:e5:9b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULDhIXJy+IbqvSGFkdnaQk9DubMAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNTA0MjExMDQ5MDNaFw0yNjA0MjAxMDU0MDNaMDMxMTAvBgNV
BAMTKDFFQUY2NkI3MUU4OTAxQjc0MTc3Q0ZDN0NFQUY3REQ1M0I1REMwMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN7ai85xe1fqJuYQYIqZbv+O18
YQyfnN8oIW7s0kBZ1zC2p1offG3VOpRj3W5l6/N3LEVc3F7kYKGRz0kjYZHG6VxO
Rcl3fHKlZneP9JI7WWgi2YH3EbdJ5+7Wy6RrY8i79b5PkWxX70ygHaWuH4O4JgHJ
TVtIsvdEr6ZF2AHyvFlTPa9fkEwG9WEMIDOWs/5rz6o7p+cYcoSB/FMxZpazfedP
SEyDVlpSCJRLF+ezFgUsHMvc1t4GYy6x+8RC2UdvvB8WIiXzP0tgUKLlZJIkXyyB
RpEFEkfvBRpe+asrcKTioiygx1RIpYT4cry0a7SHhO9eHVQoaN1EBFMJdw7nAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHq9mtx6JAbdBd8/Hzq991TtdwC0wHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMjM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzMwMzIzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC63
GTANBgkqhkiG9w0BAQsFAAOCAQEAYxa7kXMl6KTyCBEj88zMfblGqN9z7AhfTLn2
42rjuIwQYWY1MCz82l1HdopJWhrs/NZV6Ny71/EehVo9SqQ6UzeXXoqpwfNVT7wW
KbT1P+R3ND0nWXerChnAEUlWkrb8gkhFD60aWrjQJe8KlztNLAZCmRndRJW46EN9
m/bGopNrAxR9DSKoU5aJaylH+4+FD7T7UYq8lNBF0y6ZD6jp9BJ8zGJOavuUAuXP
CZue5lgsLYVDCqdLKplTrz3grB6FCVXwJ1UobmLddSG7HBkZc4g+7QU/TpRlDli5
USMyTjrhLLTL1dBTqAKN8ID7ojaiZaZpYpFnBooCbXqLD7Plmw==
-----END CERTIFICATE-----