Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32392e302f32342d3234203d3e20313734.roa
File:                     34362e3138332e32392e302f32342d3234203d3e20313734.roa (raw, json)
Hash identifier:          +2zC2IoOcCso/mftEuke8EnaYM8a1UxQtmNUmYAEM7o=
Subject key identifier:   57:A3:53:F5:17:BB:34:62:11:56:6C:31:71:9B:7F:FF:E1:A9:0E:A5
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       24292C70489361150A4DDC16BC7CE4F0DB2C2CB1
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32392e302f32342d3234203d3e20313734.roa
Signing time:             Thu 10 Jul 2025 12:54:13 +0000
ROA not before:           Thu 10 Jul 2025 12:49:13 +0000
ROA not after:            Thu 09 Jul 2026 12:54:13 +0000
asID:                     174
IP address blocks:        46.183.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:29:2c:70:48:93:61:15:0a:4d:dc:16:bc:7c:e4:f0:db:2c:2c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Jul 10 12:49:13 2025 GMT
            Not After : Jul  9 12:54:13 2026 GMT
        Subject: CN=57A353F517BB346211566C31719B7FFFE1A90EA5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d2:20:01:18:a7:78:a2:82:88:2d:4d:9b:41:
                    39:65:31:8e:2f:84:9e:23:00:8a:9a:85:ee:4e:6f:
                    78:15:e4:7c:3d:76:d2:4b:13:4f:dd:99:f0:0e:c5:
                    5d:65:98:cb:3f:94:88:0c:04:49:77:b8:88:9f:89:
                    1d:70:2c:5c:be:af:11:41:66:ad:bf:1f:eb:5c:3e:
                    98:05:e2:d3:1d:05:7e:7b:fe:c0:3a:5e:21:26:dc:
                    a5:13:a6:fd:8e:0b:58:b3:c8:09:8e:98:fc:2b:2f:
                    c0:6e:8a:1b:b5:e0:c3:9c:d5:fc:75:ac:bd:6d:77:
                    fb:a5:cb:42:b3:55:20:11:8a:bb:3c:e1:f8:5a:55:
                    78:62:a2:53:47:5d:b2:f6:e4:bd:c9:bf:df:e8:49:
                    6d:4a:e8:01:13:e4:97:91:23:fb:29:4b:62:87:a9:
                    2b:29:df:fe:7c:33:30:d1:26:0c:63:cc:34:37:57:
                    44:eb:aa:37:c6:11:00:62:46:4b:c8:32:c4:a8:b4:
                    f9:81:67:25:4b:ee:44:6d:3a:c3:11:00:7d:5c:5f:
                    f7:97:c7:87:ab:d1:d5:d9:98:3e:74:c5:a2:e3:0d:
                    1b:28:2e:e8:71:0d:78:4f:cf:bc:89:c4:ca:99:a0:
                    a0:7c:18:12:fa:cf:02:a7:fa:98:27:da:be:0a:9e:
                    5d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:A3:53:F5:17:BB:34:62:11:56:6C:31:71:9B:7F:FF:E1:A9:0E:A5
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32392e302f32342d3234203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:05:f5:64:f5:ac:4c:ad:9f:ca:1b:03:d2:f9:3a:d8:c9:c8:
         a2:9a:91:9e:aa:d7:b7:b7:34:21:4b:05:e6:f5:31:5c:2d:d7:
         79:b9:5c:fd:30:bf:4d:54:8f:82:03:9a:5c:a7:a4:be:28:9b:
         9f:b9:98:c7:05:5c:58:4a:a9:95:ba:4a:e9:a5:b9:ce:ee:47:
         03:13:7e:66:6f:cb:08:13:f8:3b:78:9f:22:7d:20:23:6d:79:
         7a:a2:3e:eb:ec:b1:c5:dd:7d:4b:e3:75:88:a5:99:bd:8c:de:
         a2:13:d9:04:e5:7c:85:1c:96:99:b7:5d:c8:90:1d:e6:87:1e:
         54:94:92:2e:f4:c0:6f:de:b3:22:84:01:84:a7:85:22:c4:02:
         ab:ce:c5:5a:66:7a:b5:b7:3e:c8:99:15:b2:b0:6c:43:b4:28:
         29:2a:14:13:40:c3:fe:e4:3f:7d:47:d4:35:42:03:ae:2b:62:
         e8:c3:48:07:94:e3:3a:40:af:a9:71:aa:7c:83:fd:1a:18:bf:
         ef:ce:60:12:b2:52:76:a3:c8:dc:75:00:04:40:2e:c1:ab:f3:
         eb:58:bf:40:15:ab:70:0b:7f:ad:a9:2a:70:b4:cc:7a:7f:03:
         24:2f:ab:36:24:5a:1c:71:eb:21:1a:f5:7f:63:db:4a:f1:72:
         df:ab:26:4f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUJCkscEiTYRUKTdwWvHzk8NssLLEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNTA3MTAxMjQ5MTNaFw0yNjA3MDkxMjU0MTNaMDMxMTAvBgNV
BAMTKDU3QTM1M0Y1MTdCQjM0NjIxMTU2NkMzMTcxOUI3RkZGRTFBOTBFQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL0iABGKd4ooKILU2bQTllMY4v
hJ4jAIqahe5Ob3gV5Hw9dtJLE0/dmfAOxV1lmMs/lIgMBEl3uIifiR1wLFy+rxFB
Zq2/H+tcPpgF4tMdBX57/sA6XiEm3KUTpv2OC1izyAmOmPwrL8Buihu14MOc1fx1
rL1td/uly0KzVSARirs84fhaVXhiolNHXbL25L3Jv9/oSW1K6AET5JeRI/spS2KH
qSsp3/58MzDRJgxjzDQ3V0TrqjfGEQBiRkvIMsSotPmBZyVL7kRtOsMRAH1cX/eX
x4er0dXZmD50xaLjDRsoLuhxDXhPz7yJxMqZoKB8GBL6zwKn+pgn2r4Knl33AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUV6NT9Re7NGIRVmwxcZt//+GpDqUwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMjM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALrcdMA0G
CSqGSIb3DQEBCwUAA4IBAQCWBfVk9axMrZ/KGwPS+TrYyciimpGeqte3tzQhSwXm
9TFcLdd5uVz9ML9NVI+CA5pcp6S+KJufuZjHBVxYSqmVukrppbnO7kcDE35mb8sI
E/g7eJ8ifSAjbXl6oj7r7LHF3X1L43WIpZm9jN6iE9kE5XyFHJaZt13IkB3mhx5U
lJIu9MBv3rMihAGEp4UixAKrzsVaZnq1tz7ImRWysGxDtCgpKhQTQMP+5D99R9Q1
QgOuK2Low0gHlOM6QK+pcap8g/0aGL/vzmASslJ2o8jcdQAEQC7Bq/PrWL9AFatw
C3+tqSpwtMx6fwMkL6s2JFocceshGvV/Y9tK8XLfqyZP
-----END CERTIFICATE-----