Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32382e302f32342d3234203d3e203631333137.roa
File:                     34362e3138332e32382e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          93WlArlicDYcrFXuyD5oQHa3ZB3bdIjadlrADmzUdDQ=
Subject key identifier:   BF:90:9F:0E:D1:68:73:23:E7:B0:61:E0:77:69:FA:A4:CD:BD:ED:6D
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       5E845DDB3F87F6ADA92FB79DCD421172C6F1C8F6
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32382e302f32342d3234203d3e203631333137.roa
Signing time:             Tue 02 Jul 2024 14:05:18 +0000
ROA not before:           Tue 02 Jul 2024 14:00:18 +0000
ROA not after:            Tue 01 Jul 2025 14:05:18 +0000
asID:                     61317
IP address blocks:        46.183.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:84:5d:db:3f:87:f6:ad:a9:2f:b7:9d:cd:42:11:72:c6:f1:c8:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Jul  2 14:00:18 2024 GMT
            Not After : Jul  1 14:05:18 2025 GMT
        Subject: CN=BF909F0ED1687323E7B061E07769FAA4CDBDED6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0f:a5:c0:34:d8:03:64:50:dd:6c:50:6f:1b:
                    c5:2e:70:ed:b8:2f:a9:ac:5a:2d:10:29:58:e2:bd:
                    bb:5d:a8:de:a6:a6:82:9e:c3:42:93:a9:cf:71:fa:
                    83:51:d1:de:ba:91:f8:d4:22:a9:c9:ca:02:34:9c:
                    c7:fc:f1:02:4e:c6:98:9e:77:65:1b:04:45:e2:1e:
                    10:d7:8a:dc:0e:7d:c3:35:c9:02:09:e2:76:ec:69:
                    f2:b3:d3:5b:98:64:d4:23:2c:07:fb:18:5d:86:15:
                    c1:50:49:44:cd:1d:85:7c:b9:b5:2e:cf:97:55:93:
                    f2:1b:cb:ca:48:a5:a8:ed:c8:fa:cb:c1:2d:08:c9:
                    22:db:1b:d6:a1:02:f2:43:10:b2:c7:ed:1b:1b:5a:
                    44:64:f7:84:d0:44:79:b3:d6:8e:06:c8:03:fe:a0:
                    33:45:25:15:74:bf:05:4e:6a:59:56:25:1a:fe:9a:
                    65:eb:36:50:1d:22:c0:1f:cd:bc:9a:7e:52:da:b4:
                    79:55:1a:cd:de:1a:f9:1c:74:e4:90:a0:9c:2b:cc:
                    4d:09:28:df:96:a0:df:6e:39:e5:0f:22:0d:7e:57:
                    21:8b:1d:d8:de:26:c3:ce:19:be:0f:07:97:cc:8e:
                    43:d9:ed:08:63:26:09:b2:27:40:72:2e:f6:c7:79:
                    e9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:90:9F:0E:D1:68:73:23:E7:B0:61:E0:77:69:FA:A4:CD:BD:ED:6D
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32382e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:98:ac:fb:f9:3c:38:24:d1:5e:29:d6:ac:09:76:36:7d:cd:
         40:fb:6e:ef:ac:fe:33:0e:17:40:d2:2c:d9:14:35:9b:25:4b:
         91:52:d8:98:a0:21:8b:d3:e4:a9:78:dd:41:72:33:15:80:98:
         0a:22:de:07:75:4a:17:29:b8:ed:b6:74:33:01:54:04:9e:75:
         b4:51:ab:d9:1e:30:f3:a3:50:b6:53:d3:23:12:81:eb:93:7f:
         8d:70:cd:13:eb:3a:8c:9d:b5:88:13:46:f0:d7:97:65:bc:f3:
         b5:fa:d6:06:29:80:d2:6c:da:02:8c:10:06:d3:86:23:d1:f9:
         21:d4:9b:0b:dc:a7:04:1f:71:55:0f:47:9e:ff:c4:01:0a:fa:
         bf:08:bf:64:36:dc:71:67:62:ec:4e:6f:f8:d8:6a:3b:f1:f2:
         03:08:ae:47:ba:e9:3d:9d:7d:c6:ff:72:a4:e8:b2:7e:00:4a:
         79:1f:b5:60:cf:c2:b2:ad:f4:6d:95:b3:51:e6:5b:80:30:f8:
         2c:a3:58:f7:13:76:92:be:9d:8b:bc:1d:33:89:1b:56:d7:a4:
         db:6c:7b:dd:fc:c8:99:84:94:8e:7b:ed:4d:7d:13:ca:6c:26:
         da:05:a4:ac:74:e9:ec:7f:08:c4:c2:6c:c7:a0:c1:93:29:0b:
         a5:85:2a:9c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXoRd2z+H9q2pL7edzUIRcsbxyPYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNDA3MDIxNDAwMThaFw0yNTA3MDExNDA1MThaMDMxMTAvBgNV
BAMTKEJGOTA5RjBFRDE2ODczMjNFN0IwNjFFMDc3NjlGQUE0Q0RCREVENkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDED6XANNgDZFDdbFBvG8UucO24
L6msWi0QKVjivbtdqN6mpoKew0KTqc9x+oNR0d66kfjUIqnJygI0nMf88QJOxpie
d2UbBEXiHhDXitwOfcM1yQIJ4nbsafKz01uYZNQjLAf7GF2GFcFQSUTNHYV8ubUu
z5dVk/Iby8pIpajtyPrLwS0IySLbG9ahAvJDELLH7RsbWkRk94TQRHmz1o4GyAP+
oDNFJRV0vwVOallWJRr+mmXrNlAdIsAfzbyaflLatHlVGs3eGvkcdOSQoJwrzE0J
KN+WoN9uOeUPIg1+VyGLHdjeJsPOGb4PB5fMjkPZ7QhjJgmyJ0ByLvbHeenLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUv5CfDtFocyPnsGHgd2n6pM297W0wHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC63
HDANBgkqhkiG9w0BAQsFAAOCAQEAgJis+/k8OCTRXinWrAl2Nn3NQPtu76z+Mw4X
QNIs2RQ1myVLkVLYmKAhi9PkqXjdQXIzFYCYCiLeB3VKFym47bZ0MwFUBJ51tFGr
2R4w86NQtlPTIxKB65N/jXDNE+s6jJ21iBNG8NeXZbzztfrWBimA0mzaAowQBtOG
I9H5IdSbC9ynBB9xVQ9Hnv/EAQr6vwi/ZDbccWdi7E5v+NhqO/HyAwiuR7rpPZ19
xv9ypOiyfgBKeR+1YM/Csq30bZWzUeZbgDD4LKNY9xN2kr6di7wdM4kbVtek22x7
3fzImYSUjnvtTX0Tymwm2gWkrHTp7H8IxMJsx6DBkykLpYUqnA==
-----END CERTIFICATE-----