Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e203439393831.roa
File:                     34362e3138332e33312e302f32342d3234203d3e203439393831.roa (raw, json)
Hash identifier:          4SgUg02tThJbdAaEmVPuS6soKb1hRdiyWl1jwdMe4YE=
Subject key identifier:   3B:0C:57:71:88:FA:4D:61:4F:66:C3:A2:F4:21:6F:ED:22:5B:F0:48
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       2A4C0465D8D02BB4F8201956493937020FD0EB61
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e203439393831.roa
Signing time:             Fri 02 Feb 2024 15:34:03 +0000
ROA not before:           Fri 02 Feb 2024 15:29:03 +0000
ROA not after:            Fri 31 Jan 2025 15:34:03 +0000
asID:                     49981
IP address blocks:        46.183.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:4c:04:65:d8:d0:2b:b4:f8:20:19:56:49:39:37:02:0f:d0:eb:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Feb  2 15:29:03 2024 GMT
            Not After : Jan 31 15:34:03 2025 GMT
        Subject: CN=3B0C577188FA4D614F66C3A2F4216FED225BF048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ab:f9:82:19:38:ef:2a:f5:46:14:33:77:6d:
                    61:e3:67:32:40:cf:8d:8e:45:ff:a2:81:59:8b:ed:
                    b2:d1:c6:f5:50:92:9e:41:73:e0:8e:f1:9c:13:dd:
                    55:a5:47:96:77:a9:e2:37:08:b7:03:6f:59:2c:a0:
                    cb:d6:6c:c0:d4:20:e4:a7:c3:f0:a8:1c:19:e7:75:
                    b0:f9:45:fc:fa:a7:74:87:f7:bb:93:4b:fd:a1:e5:
                    34:06:0c:4c:5b:f7:3c:c3:94:0b:de:99:5b:a3:48:
                    1f:7a:fa:56:87:b3:b3:e5:0f:dc:61:bf:f9:ac:13:
                    ab:a4:95:8f:83:85:67:1e:53:b7:f6:7e:d9:f2:cc:
                    52:cf:ee:07:23:63:d1:70:f3:40:fc:8b:58:9f:2f:
                    b8:72:8d:f3:04:b7:44:30:19:1a:59:b7:7a:ed:b8:
                    a6:bc:57:e0:a9:05:d4:d7:6d:fe:bb:4b:d4:ab:d7:
                    cb:b3:09:50:69:75:89:e8:5d:a0:9d:8b:8b:ff:a1:
                    19:6c:ed:1c:ba:b4:14:5f:fa:c3:5c:cc:06:7d:a1:
                    0a:02:74:83:8e:cd:3b:07:db:e5:6f:6b:da:f8:ab:
                    3f:6f:35:cc:c1:42:f4:cc:e2:b2:d8:d3:dd:79:6b:
                    80:71:f3:e3:6d:1c:11:cd:81:a6:10:c6:e8:d5:61:
                    1f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:0C:57:71:88:FA:4D:61:4F:66:C3:A2:F4:21:6F:ED:22:5B:F0:48
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e203439393831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:7b:c2:f2:5b:5a:50:1b:49:61:be:7d:12:00:0d:3b:cb:17:
         44:79:bd:61:63:dc:5c:6e:68:4c:9f:e9:67:77:d6:67:33:70:
         c3:ca:22:f5:0d:fd:57:82:97:eb:c9:96:24:7e:7d:cb:e3:e7:
         5a:ca:1b:ac:08:d6:6c:47:2b:15:62:fb:01:b2:d1:71:58:dd:
         8f:6c:65:4a:69:b2:fd:b9:02:ee:c2:ed:89:52:63:7a:ab:89:
         13:37:0d:cf:69:0b:d8:54:7e:4d:d9:97:1e:b1:47:1b:ef:7f:
         ad:16:51:68:88:0f:ce:cd:01:36:be:99:d5:99:81:99:76:d2:
         2e:af:76:0b:58:72:3d:e1:57:01:58:89:14:04:c8:23:4c:53:
         e8:c8:9d:2a:28:6f:74:9b:77:8b:51:c6:bc:8c:13:99:d2:a4:
         cd:b1:34:ed:42:ba:09:1e:97:38:3d:24:da:04:33:9d:79:76:
         46:0b:e2:33:36:e2:36:67:63:b8:6a:16:ec:bb:15:0d:0f:0b:
         0d:cc:46:86:6a:46:51:61:a0:b8:a2:6b:e8:62:ea:79:25:ba:
         2e:7f:18:ff:16:c6:1a:cc:57:3b:e2:e2:ae:5c:c9:76:dc:ef:
         de:92:8d:5c:e4:78:3d:0e:9b:c6:7a:39:22:a9:1d:f1:d9:05:
         f4:51:e3:6a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKkwEZdjQK7T4IBlWSTk3Ag/Q62EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNDAyMDIxNTI5MDNaFw0yNTAxMzExNTM0MDNaMDMxMTAvBgNV
BAMTKDNCMEM1NzcxODhGQTRENjE0RjY2QzNBMkY0MjE2RkVEMjI1QkYwNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkq/mCGTjvKvVGFDN3bWHjZzJA
z42ORf+igVmL7bLRxvVQkp5Bc+CO8ZwT3VWlR5Z3qeI3CLcDb1ksoMvWbMDUIOSn
w/CoHBnndbD5Rfz6p3SH97uTS/2h5TQGDExb9zzDlAvemVujSB96+laHs7PlD9xh
v/msE6uklY+DhWceU7f2ftnyzFLP7gcjY9Fw80D8i1ifL7hyjfMEt0QwGRpZt3rt
uKa8V+CpBdTXbf67S9Sr18uzCVBpdYnoXaCdi4v/oRls7Ry6tBRf+sNczAZ9oQoC
dIOOzTsH2+Vva9r4qz9vNczBQvTM4rLY0915a4Bx8+NtHBHNgaYQxujVYR/pAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUOwxXcYj6TWFPZsOi9CFv7SJb8EgwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzOTM5MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC63
HzANBgkqhkiG9w0BAQsFAAOCAQEANnvC8ltaUBtJYb59EgANO8sXRHm9YWPcXG5o
TJ/pZ3fWZzNww8oi9Q39V4KX68mWJH59y+PnWsobrAjWbEcrFWL7AbLRcVjdj2xl
Smmy/bkC7sLtiVJjequJEzcNz2kL2FR+TdmXHrFHG+9/rRZRaIgPzs0BNr6Z1ZmB
mXbSLq92C1hyPeFXAViJFATII0xT6MidKihvdJt3i1HGvIwTmdKkzbE07UK6CR6X
OD0k2gQznXl2RgviMzbiNmdjuGoW7LsVDQ8LDcxGhmpGUWGguKJr6GLqeSW6Ln8Y
/xbGGsxXO+LirlzJdtzv3pKNXOR4PQ6bxno5Iqkd8dkF9FHjag==
-----END CERTIFICATE-----