Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32342e302f32332d3234203d3e20383334.roa
File:                     34362e3138332e32342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          YPW+AYg/pNJ8t2pRaCdpVryq43u+UNJU+NYKBEiUHvk=
Subject key identifier:   39:E5:54:5B:34:A2:42:46:73:B7:25:F2:E1:97:23:AF:1A:50:21:71
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       79FB4B880DB72CC778DB2DE70A5685ABBCD9F6AF
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32342e302f32332d3234203d3e20383334.roa
Signing time:             Fri 12 Apr 2024 00:02:30 +0000
ROA not before:           Thu 11 Apr 2024 23:57:30 +0000
ROA not after:            Fri 11 Apr 2025 00:02:30 +0000
asID:                     834
IP address blocks:        46.183.24.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:fb:4b:88:0d:b7:2c:c7:78:db:2d:e7:0a:56:85:ab:bc:d9:f6:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Apr 11 23:57:30 2024 GMT
            Not After : Apr 11 00:02:30 2025 GMT
        Subject: CN=39E5545B34A2424673B725F2E19723AF1A502171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:01:c4:36:13:77:0e:1a:3c:78:8a:cb:c6:60:
                    d8:10:02:a0:67:8e:9b:e7:15:1c:3f:92:aa:f8:88:
                    33:20:0f:18:42:32:26:b4:4a:65:77:ed:10:56:0d:
                    d8:93:8b:2e:d2:e9:b0:40:7a:cc:4c:04:a1:86:8d:
                    70:df:66:3d:34:f8:a3:4f:d6:7b:a8:6f:23:9b:ca:
                    44:d0:fa:84:eb:d2:b2:dd:4d:37:ee:28:b7:31:4c:
                    41:3d:60:bb:53:e4:d2:2a:0c:c6:f8:1f:4c:21:fe:
                    aa:df:1f:fe:dc:ab:26:fa:6a:ae:5b:38:40:bc:cf:
                    16:b6:f6:ff:66:ae:35:04:b8:2a:c6:35:3e:99:f9:
                    e2:32:1a:00:31:14:57:7b:a9:9f:7d:d1:b1:49:d8:
                    75:33:27:0a:01:fc:ef:54:b5:70:f3:a2:b1:ad:de:
                    c2:16:39:c4:2e:5c:62:8d:68:b5:6a:8e:19:4d:ee:
                    f7:08:23:28:a6:d4:8b:f2:36:b2:08:b8:dc:82:d3:
                    d4:58:43:f5:f7:ce:4b:fe:f6:2b:33:b9:0e:85:0a:
                    30:81:8f:f0:57:4d:df:13:b8:be:7b:01:12:58:36:
                    d3:80:9b:a4:6b:fd:99:32:57:4e:e6:b6:6d:47:49:
                    f0:10:eb:bf:0a:d8:98:5e:67:b2:87:e8:96:f2:76:
                    79:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:E5:54:5B:34:A2:42:46:73:B7:25:F2:E1:97:23:AF:1A:50:21:71
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32342e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:05:48:4d:a1:0d:48:2a:e7:8a:b3:f2:2b:c1:54:5c:07:c7:
         c2:02:c0:cf:3b:37:a5:39:33:35:c6:41:71:1c:38:80:63:5e:
         bb:83:31:3e:cc:07:66:4d:e6:bf:82:2a:a1:97:c6:8e:9e:27:
         43:38:b3:b2:93:c3:94:bc:7e:9f:c6:a7:be:8c:6d:94:cf:4a:
         03:15:03:b1:28:b8:e6:73:af:66:25:29:9f:02:a4:18:a0:31:
         fc:b8:ae:00:e7:89:fc:9a:b8:a8:49:b4:af:26:9f:9a:f5:e2:
         1b:ce:78:26:be:9e:f9:16:74:72:f6:e3:86:76:53:e7:9c:8d:
         57:9e:39:6c:65:fd:9a:0b:f1:47:0b:15:ae:bb:df:23:f1:33:
         25:a1:00:3b:9b:ca:3d:66:de:27:cc:0f:4e:91:30:73:48:db:
         74:6f:c5:9d:62:9b:99:7a:36:64:61:e3:80:7a:7d:39:fd:50:
         c7:90:50:7d:45:76:89:27:d0:d7:22:62:5b:0e:22:1e:c0:c2:
         1c:c2:e1:af:29:94:b3:43:24:99:45:49:76:74:2f:3d:39:e7:
         7e:ee:e7:67:8a:e2:4e:92:d0:70:eb:99:40:0d:49:11:40:09:
         7b:bb:ac:33:24:28:f7:3a:2c:9b:49:f7:49:92:25:41:f4:b6:
         12:58:65:44
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUeftLiA23LMd42y3nClaFq7zZ9q8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNDA0MTEyMzU3MzBaFw0yNTA0MTEwMDAyMzBaMDMxMTAvBgNV
BAMTKDM5RTU1NDVCMzRBMjQyNDY3M0I3MjVGMkUxOTcyM0FGMUE1MDIxNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAAcQ2E3cOGjx4isvGYNgQAqBn
jpvnFRw/kqr4iDMgDxhCMia0SmV37RBWDdiTiy7S6bBAesxMBKGGjXDfZj00+KNP
1nuobyObykTQ+oTr0rLdTTfuKLcxTEE9YLtT5NIqDMb4H0wh/qrfH/7cqyb6aq5b
OEC8zxa29v9mrjUEuCrGNT6Z+eIyGgAxFFd7qZ990bFJ2HUzJwoB/O9UtXDzorGt
3sIWOcQuXGKNaLVqjhlN7vcIIyim1IvyNrIIuNyC09RYQ/X3zkv+9iszuQ6FCjCB
j/BXTd8TuL57ARJYNtOAm6Rr/ZkyV07mtm1HSfAQ678K2JheZ7KH6JbydnlnAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUOeVUWzSiQkZztyXy4ZcjrxpQIXEwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMjM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLrcYMA0G
CSqGSIb3DQEBCwUAA4IBAQBpBUhNoQ1IKueKs/IrwVRcB8fCAsDPOzelOTM1xkFx
HDiAY167gzE+zAdmTea/giqhl8aOnidDOLOyk8OUvH6fxqe+jG2Uz0oDFQOxKLjm
c69mJSmfAqQYoDH8uK4A54n8mrioSbSvJp+a9eIbzngmvp75FnRy9uOGdlPnnI1X
njlsZf2aC/FHCxWuu98j8TMloQA7m8o9Zt4nzA9OkTBzSNt0b8WdYpuZejZkYeOA
en05/VDHkFB9RXaJJ9DXImJbDiIewMIcwuGvKZSzQySZRUl2dC89Oed+7udniuJO
ktBw65lADUkRQAl7u6wzJCj3OiybSfdJkiVB9LYSWGVE
-----END CERTIFICATE-----