Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32362e302f32342d3234203d3e2039303039.roa
File:                     34362e3138332e32362e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          rC2FvchwzfGA4vzUPkVFGhR46h/VRe0cV/cq1q/zL0c=
Subject key identifier:   BE:EF:F8:66:AF:DE:14:4A:4D:B9:52:79:D4:B3:31:E4:BC:1A:E9:45
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       1BC5FA0ACA89C3961D25F0D3DD8221CE4E46CC12
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32362e302f32342d3234203d3e2039303039.roa
Signing time:             Fri 12 Jan 2024 09:57:24 +0000
ROA not before:           Fri 12 Jan 2024 09:52:24 +0000
ROA not after:            Fri 10 Jan 2025 09:57:24 +0000
asID:                     9009
IP address blocks:        46.183.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 13:32:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:c5:fa:0a:ca:89:c3:96:1d:25:f0:d3:dd:82:21:ce:4e:46:cc:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Jan 12 09:52:24 2024 GMT
            Not After : Jan 10 09:57:24 2025 GMT
        Subject: CN=BEEFF866AFDE144A4DB95279D4B331E4BC1AE945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:59:85:49:b0:6d:a1:6c:6b:e3:4a:e7:18:4f:
                    bc:db:90:42:97:a9:39:4a:2d:59:1d:7f:88:e8:74:
                    d4:ba:87:18:54:bc:09:75:19:44:ec:5a:19:3f:8d:
                    94:0e:31:a6:85:c9:c6:fc:34:17:cf:ae:99:8f:54:
                    c6:dc:65:d9:59:e3:89:1e:94:73:0c:97:52:c7:36:
                    9c:a3:ea:04:be:56:30:af:d9:a9:98:14:1f:a6:c2:
                    25:07:8a:1e:e3:e4:7e:6c:9f:52:63:d2:96:dd:3a:
                    99:eb:9f:e5:7e:db:4a:36:14:9f:34:62:0f:e0:ff:
                    47:87:94:15:d8:de:a5:1f:f9:59:d9:9a:20:49:9e:
                    7b:32:6b:c2:89:61:68:0d:46:a5:e9:60:ef:c6:12:
                    50:44:17:39:e3:46:28:ab:56:5e:a0:e6:5a:53:a9:
                    73:c4:50:1a:46:cb:78:f1:1d:d9:99:1d:1b:72:43:
                    ab:ab:2d:85:5e:4f:d5:88:fc:42:70:96:bb:95:b8:
                    ca:e9:13:b5:1d:24:44:a8:8d:e1:f7:95:36:ca:f5:
                    b8:13:8e:02:0a:7e:a6:9b:25:b5:cc:03:4c:70:a3:
                    54:29:3b:da:a1:b6:38:cb:47:fd:8a:71:96:af:ed:
                    a7:9a:42:c2:60:7c:85:19:ca:9d:60:75:bb:5a:31:
                    45:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:EF:F8:66:AF:DE:14:4A:4D:B9:52:79:D4:B3:31:E4:BC:1A:E9:45
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32362e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:60:6d:40:72:a5:cd:a9:b7:c7:c8:cc:f5:67:10:2e:2a:26:
         d7:11:77:5b:ce:a3:8a:68:e8:31:8f:7d:c7:23:7c:67:30:92:
         45:b7:fb:af:9f:63:dc:fb:ed:9d:5f:e4:7e:f9:fb:ae:de:7a:
         4d:74:eb:6d:2f:1f:bd:b6:ad:32:d2:ee:e2:9c:da:96:93:f2:
         ed:4b:14:df:24:83:04:44:2a:66:0b:29:1e:8f:d3:99:bd:f5:
         e8:3d:8c:e1:2a:7f:0c:1b:43:87:be:7e:87:b8:4e:17:91:9b:
         53:7a:9e:db:8e:2d:3f:62:bc:c2:00:dd:55:06:28:cc:5a:c7:
         1c:66:df:d0:2b:ab:32:04:ef:28:c2:bf:2c:27:1c:26:03:c4:
         25:b4:6b:c3:41:c1:af:bd:15:3c:44:42:62:43:7a:25:b2:26:
         a1:fe:e7:7f:1a:de:6e:c9:cc:02:d2:c5:56:f7:96:b8:30:5b:
         34:a8:49:0a:7c:bf:33:88:78:80:03:b5:00:f4:d8:7f:6e:7e:
         0e:4e:5a:c3:f3:38:91:6a:a1:40:e0:50:a7:f8:34:22:b4:c0:
         67:33:e6:cf:e3:88:52:98:de:71:fb:e3:71:fd:62:1b:45:34:
         13:3b:57:1b:d7:db:f3:aa:a2:f0:fc:d0:d0:00:c0:34:c2:1b:
         b5:60:da:fd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUG8X6CsqJw5YdJfDT3YIhzk5GzBIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNDAxMTIwOTUyMjRaFw0yNTAxMTAwOTU3MjRaMDMxMTAvBgNV
BAMTKEJFRUZGODY2QUZERTE0NEE0REI5NTI3OUQ0QjMzMUU0QkMxQUU5NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLWYVJsG2hbGvjSucYT7zbkEKX
qTlKLVkdf4jodNS6hxhUvAl1GUTsWhk/jZQOMaaFycb8NBfPrpmPVMbcZdlZ44ke
lHMMl1LHNpyj6gS+VjCv2amYFB+mwiUHih7j5H5sn1Jj0pbdOpnrn+V+20o2FJ80
Yg/g/0eHlBXY3qUf+VnZmiBJnnsya8KJYWgNRqXpYO/GElBEFznjRiirVl6g5lpT
qXPEUBpGy3jxHdmZHRtyQ6urLYVeT9WI/EJwlruVuMrpE7UdJESojeH3lTbK9bgT
jgIKfqabJbXMA0xwo1QpO9qhtjjLR/2KcZav7aeaQsJgfIUZyp1gdbtaMUXpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUvu/4Zq/eFEpNuVJ51LMx5Lwa6UUwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMjM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAutxow
DQYJKoZIhvcNAQELBQADggEBALJgbUBypc2pt8fIzPVnEC4qJtcRd1vOo4po6DGP
fccjfGcwkkW3+6+fY9z77Z1f5H75+67eek10620vH722rTLS7uKc2paT8u1LFN8k
gwREKmYLKR6P05m99eg9jOEqfwwbQ4e+foe4TheRm1N6ntuOLT9ivMIA3VUGKMxa
xxxm39ArqzIE7yjCvywnHCYDxCW0a8NBwa+9FTxEQmJDeiWyJqH+538a3m7JzALS
xVb3lrgwWzSoSQp8vzOIeIADtQD02H9ufg5OWsPzOJFqoUDgUKf4NCK0wGcz5s/j
iFKY3nH743H9YhtFNBM7VxvX2/OqovD80NAAwDTCG7Vg2v0=
-----END CERTIFICATE-----