Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32382e302f32342d3234203d3e203631333137.roa
File:                     34362e3138332e32382e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          EQc8ZSWRYu3w3yABE1KT+uLZnchUtUDhUBMKc9gsz8U=
Subject key identifier:   D1:90:68:00:0E:54:33:6B:DB:63:0D:F6:5C:DA:A2:C0:21:67:7E:58
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       1389B4507BD2A22060D1C8705180674C890BE99F
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32382e302f32342d3234203d3e203631333137.roa
Signing time:             Tue 03 Jun 2025 14:54:08 +0000
ROA not before:           Tue 03 Jun 2025 14:49:08 +0000
ROA not after:            Tue 02 Jun 2026 14:54:08 +0000
asID:                     61317
IP address blocks:        46.183.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:89:b4:50:7b:d2:a2:20:60:d1:c8:70:51:80:67:4c:89:0b:e9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Jun  3 14:49:08 2025 GMT
            Not After : Jun  2 14:54:08 2026 GMT
        Subject: CN=D19068000E54336BDB630DF65CDAA2C021677E58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:29:9f:bd:ca:60:c0:8d:ef:67:f5:ca:ff:ae:
                    f2:86:03:97:e8:6c:3a:0a:27:0b:21:b9:5b:21:42:
                    8f:3e:a8:7a:1b:5d:7b:98:a7:18:b2:ac:1b:63:a5:
                    c9:78:07:d2:c4:6b:70:5b:b0:45:d8:6d:9d:5d:1c:
                    65:98:12:a1:9a:9c:f6:f0:e1:d4:6a:80:6d:b2:e4:
                    e7:78:af:2f:07:e8:42:94:69:61:2e:7d:a2:b4:21:
                    b1:a8:e0:77:99:0e:4c:a4:ac:e2:74:1a:21:80:b8:
                    83:a2:49:6f:ad:a3:b7:69:1f:d7:e2:80:cc:07:b9:
                    33:b6:27:ed:4f:1c:84:c6:78:d5:d4:c5:95:99:64:
                    23:a7:1d:12:52:c5:d9:30:7b:07:bb:f1:bb:9d:d3:
                    0e:ed:6b:ca:c3:3c:e7:d6:3b:eb:c1:42:f2:88:86:
                    65:2a:a6:19:9f:d9:c8:03:d7:58:cd:a6:10:68:4c:
                    c1:c1:91:b8:24:fb:c4:03:8a:27:a1:90:22:d5:e5:
                    9c:44:bc:8a:5a:df:3a:5a:49:34:2e:2d:cd:58:0a:
                    fe:21:03:67:09:31:08:42:02:f0:e3:7e:9c:fd:9e:
                    38:3f:ad:5b:9f:45:d4:b7:65:c3:73:81:01:81:85:
                    b4:d2:f9:b0:5b:b6:50:b7:00:15:08:ca:c7:1c:94:
                    5e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:90:68:00:0E:54:33:6B:DB:63:0D:F6:5C:DA:A2:C0:21:67:7E:58
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32382e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ac:d2:64:96:e9:69:58:59:e8:84:25:ab:54:5b:e9:f7:80:
         f8:e8:d5:d4:a0:c3:fa:f7:e8:66:15:10:26:b5:cb:ce:76:06:
         3e:28:92:16:13:e8:a5:58:a2:65:57:e7:2d:73:96:fc:fc:ea:
         e0:3c:11:4c:61:24:c0:75:53:9b:fb:38:6e:42:b6:fb:de:b1:
         55:73:eb:ab:9e:01:86:43:91:b5:0c:7a:9d:3c:de:56:7c:65:
         2e:43:50:49:2e:3e:69:b7:9e:21:90:70:8a:cc:b7:c4:3f:9b:
         87:2f:09:0b:e1:e0:2a:84:85:a6:54:e6:59:a9:be:64:52:52:
         34:07:1e:0f:b0:22:a3:aa:5f:3f:6a:20:a5:4d:03:95:79:c5:
         1b:34:e8:30:bf:58:6b:a8:12:a9:aa:43:d7:63:9d:8f:da:19:
         0a:f6:b7:b8:1a:27:c6:2d:57:74:dc:8c:79:ff:a4:aa:7d:98:
         58:ab:4a:20:aa:ed:ef:14:35:fe:3c:cc:29:6b:8a:6b:aa:73:
         7e:0a:6a:06:ad:84:33:e8:3c:e0:a7:83:b7:0d:cf:c3:ac:48:
         e3:89:93:57:87:93:e0:0c:ef:59:33:9c:1f:65:cb:99:67:b7:
         68:af:3b:94:6c:8a:38:28:56:dc:9f:fb:2b:4b:7d:f3:60:da:
         dd:73:c9:89
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUE4m0UHvSoiBg0chwUYBnTIkL6Z8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNTA2MDMxNDQ5MDhaFw0yNjA2MDIxNDU0MDhaMDMxMTAvBgNV
BAMTKEQxOTA2ODAwMEU1NDMzNkJEQjYzMERGNjVDREFBMkMwMjE2NzdFNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVKZ+9ymDAje9n9cr/rvKGA5fo
bDoKJwshuVshQo8+qHobXXuYpxiyrBtjpcl4B9LEa3BbsEXYbZ1dHGWYEqGanPbw
4dRqgG2y5Od4ry8H6EKUaWEufaK0IbGo4HeZDkykrOJ0GiGAuIOiSW+to7dpH9fi
gMwHuTO2J+1PHITGeNXUxZWZZCOnHRJSxdkwewe78bud0w7ta8rDPOfWO+vBQvKI
hmUqphmf2cgD11jNphBoTMHBkbgk+8QDiiehkCLV5ZxEvIpa3zpaSTQuLc1YCv4h
A2cJMQhCAvDjfpz9njg/rVufRdS3ZcNzgQGBhbTS+bBbtlC3ABUIyscclF7vAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0ZBoAA5UM2vbYw32XNqiwCFnflgwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC63
HDANBgkqhkiG9w0BAQsFAAOCAQEAPazSZJbpaVhZ6IQlq1Rb6feA+OjV1KDD+vfo
ZhUQJrXLznYGPiiSFhPopViiZVfnLXOW/Pzq4DwRTGEkwHVTm/s4bkK2+96xVXPr
q54BhkORtQx6nTzeVnxlLkNQSS4+abeeIZBwisy3xD+bhy8JC+HgKoSFplTmWam+
ZFJSNAceD7Aio6pfP2ogpU0DlXnFGzToML9Ya6gSqapD12Odj9oZCva3uBonxi1X
dNyMef+kqn2YWKtKIKrt7xQ1/jzMKWuKa6pzfgpqBq2EM+g84KeDtw3Pw6xI44mT
V4eT4AzvWTOcH2XLmWe3aK87lGyKOChW3J/7K0t982Da3XPJiQ==
-----END CERTIFICATE-----