Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33302e302f32342d3234203d3e203631333137.roa
File:                     34362e3138332e33302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          eznERkc7DZbwVr+HCdvBRo/nv4eEoy29a9bx8QDzOz0=
Subject key identifier:   0C:66:2F:75:54:4F:64:AE:D1:EF:5F:4B:22:0C:82:00:0A:AD:8A:12
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       7856A9BEF7EF5CE2A9C33F4470D9E32D9D45DCA1
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33302e302f32342d3234203d3e203631333137.roa
Signing time:             Tue 02 Jul 2024 14:05:18 +0000
ROA not before:           Tue 02 Jul 2024 14:00:18 +0000
ROA not after:            Tue 01 Jul 2025 14:05:18 +0000
asID:                     61317
IP address blocks:        46.183.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:56:a9:be:f7:ef:5c:e2:a9:c3:3f:44:70:d9:e3:2d:9d:45:dc:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Jul  2 14:00:18 2024 GMT
            Not After : Jul  1 14:05:18 2025 GMT
        Subject: CN=0C662F75544F64AED1EF5F4B220C82000AAD8A12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:db:ca:12:e4:24:ab:c4:1b:c0:b3:b5:ab:d8:
                    3c:45:34:a2:44:a4:68:c9:11:3e:97:59:1a:e5:74:
                    8f:76:ca:0e:70:50:b0:bf:7f:72:39:36:a1:ee:9a:
                    19:6d:43:cf:c4:69:22:42:95:76:e2:69:e0:52:f2:
                    ac:2d:78:54:9e:c3:ef:c1:a4:b2:30:4c:fe:cb:2e:
                    3b:a6:01:68:97:c2:02:47:98:15:5b:9c:fe:e8:80:
                    17:22:d4:89:c3:94:ab:ee:4f:b1:fe:97:c3:89:88:
                    57:a9:e0:28:40:a1:85:85:33:50:e9:73:02:d8:6a:
                    31:bd:03:b7:56:87:86:fa:bb:3e:f2:18:57:8e:90:
                    8b:90:34:80:45:1f:bf:b9:66:6c:74:0a:ff:99:5c:
                    91:e2:00:42:3c:3b:37:01:99:4c:6b:bd:3c:6b:b9:
                    04:97:00:16:c4:ca:3f:63:d9:6a:00:ca:ec:d0:c5:
                    f7:cd:20:21:71:af:29:54:e5:20:a4:a6:c1:aa:a6:
                    40:9e:41:51:56:84:17:2c:93:e3:79:5b:a2:ce:b5:
                    c7:0e:f1:36:9e:a3:ce:4c:8d:61:3b:93:9c:18:40:
                    34:a9:e1:3d:7c:38:b7:b3:e7:7f:a4:93:34:a0:64:
                    8e:a9:fe:4f:bb:b7:6f:af:e4:53:12:58:65:d7:d0:
                    9c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:66:2F:75:54:4F:64:AE:D1:EF:5F:4B:22:0C:82:00:0A:AD:8A:12
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:2f:58:ff:0d:24:62:c2:1d:76:0c:52:8d:07:08:cd:ab:ae:
         21:0e:73:a0:4f:53:a2:76:99:db:dc:c3:49:09:ef:a0:0f:02:
         0f:83:ba:82:ac:55:57:c5:a3:5d:ce:f7:8a:7a:ca:bf:22:3e:
         6c:9c:d3:c1:e4:dd:d5:a4:1d:c6:e0:8e:7a:59:7a:92:d9:55:
         7a:b5:7b:27:95:31:20:fd:81:05:4c:2d:f5:66:63:56:e5:26:
         11:e0:d3:72:51:c5:a8:ff:7a:f2:ab:07:83:bf:3e:9f:65:fa:
         e1:c4:e4:d8:5d:05:f5:79:6f:34:2b:b5:ef:6a:6c:9b:62:3c:
         43:f2:fa:86:3a:77:62:70:dc:85:bd:cb:dd:8f:f6:2a:cf:5e:
         44:e2:1b:e2:43:63:38:74:c6:cf:0b:38:ee:f4:f5:e3:a9:8f:
         be:91:39:3a:4d:4b:4f:42:fc:f3:c1:1f:ed:83:e2:25:ac:84:
         d4:38:bf:ba:93:78:4c:f9:13:51:38:ea:ca:d9:3f:86:a6:90:
         07:32:82:b1:d8:bd:f9:4d:85:98:56:a5:cb:e0:40:48:b0:3c:
         2b:67:4c:94:91:c3:89:57:bd:8a:b2:5e:f3:52:71:8e:f8:74:
         30:35:f0:40:33:95:c7:f5:30:80:7b:9e:6d:1e:03:54:2a:91:
         cf:dd:78:2a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeFapvvfvXOKpwz9EcNnjLZ1F3KEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNDA3MDIxNDAwMThaFw0yNTA3MDExNDA1MThaMDMxMTAvBgNV
BAMTKDBDNjYyRjc1NTQ0RjY0QUVEMUVGNUY0QjIyMEM4MjAwMEFBRDhBMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh28oS5CSrxBvAs7Wr2DxFNKJE
pGjJET6XWRrldI92yg5wULC/f3I5NqHumhltQ8/EaSJClXbiaeBS8qwteFSew+/B
pLIwTP7LLjumAWiXwgJHmBVbnP7ogBci1InDlKvuT7H+l8OJiFep4ChAoYWFM1Dp
cwLYajG9A7dWh4b6uz7yGFeOkIuQNIBFH7+5Zmx0Cv+ZXJHiAEI8OzcBmUxrvTxr
uQSXABbEyj9j2WoAyuzQxffNICFxrylU5SCkpsGqpkCeQVFWhBcsk+N5W6LOtccO
8Taeo85MjWE7k5wYQDSp4T18OLez53+kkzSgZI6p/k+7t2+v5FMSWGXX0Jw5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDGYvdVRPZK7R719LIgyCAAqtihIwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMzMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC63
HjANBgkqhkiG9w0BAQsFAAOCAQEAOi9Y/w0kYsIddgxSjQcIzauuIQ5zoE9TonaZ
29zDSQnvoA8CD4O6gqxVV8WjXc73inrKvyI+bJzTweTd1aQdxuCOell6ktlVerV7
J5UxIP2BBUwt9WZjVuUmEeDTclHFqP968qsHg78+n2X64cTk2F0F9XlvNCu172ps
m2I8Q/L6hjp3YnDchb3L3Y/2Ks9eROIb4kNjOHTGzws47vT146mPvpE5Ok1LT0L8
88Ef7YPiJayE1Di/upN4TPkTUTjqytk/hqaQBzKCsdi9+U2FmFaly+BASLA8K2dM
lJHDiVe9irJe81Jxjvh0MDXwQDOVx/UwgHuebR4DVCqRz914Kg==
-----END CERTIFICATE-----