Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e203537303433.roa
File:                     34362e3138332e33312e302f32342d3234203d3e203537303433.roa (raw, json)
Hash identifier:          QlWLXUph8uK9agUThltuDVNduQEWWszYWQo8eJekwTM=
Subject key identifier:   CF:C1:34:2C:DC:73:C1:6C:39:B6:0A:0A:BC:CD:E2:6B:40:52:FE:16
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       133B1909B843479A05E3322C988D0DECC62282A8
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e203537303433.roa
Signing time:             Wed 14 Feb 2024 19:08:23 +0000
ROA not before:           Wed 14 Feb 2024 19:03:23 +0000
ROA not after:            Wed 12 Feb 2025 19:08:23 +0000
asID:                     57043
IP address blocks:        46.183.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:3b:19:09:b8:43:47:9a:05:e3:32:2c:98:8d:0d:ec:c6:22:82:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Feb 14 19:03:23 2024 GMT
            Not After : Feb 12 19:08:23 2025 GMT
        Subject: CN=CFC1342CDC73C16C39B60A0ABCCDE26B4052FE16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a2:ba:87:e6:41:11:2e:29:60:79:7d:5d:0f:
                    c7:48:cc:00:a2:10:b6:60:9a:7e:e3:7f:13:5a:3e:
                    94:24:f0:c1:c7:b5:bb:7e:38:54:11:c6:0b:b8:da:
                    26:86:51:7d:ad:81:ed:81:d2:68:b0:94:63:94:06:
                    15:cc:c2:8a:28:43:e4:ea:c0:27:1b:00:c5:06:d5:
                    34:bc:d8:02:bc:0c:ad:de:f9:b3:ce:82:eb:69:ea:
                    32:3f:a4:db:d5:28:b7:cc:5a:f0:41:85:97:69:18:
                    3b:19:52:29:e5:c9:88:6b:5c:38:f4:81:3e:69:63:
                    64:e5:e2:04:a6:97:b5:c0:75:cf:9d:b5:9c:e1:d5:
                    66:8d:81:25:63:91:cc:f6:a3:f0:80:b7:5d:85:c3:
                    d3:52:2e:1f:c4:5a:55:a4:71:09:06:a0:09:78:48:
                    4a:80:27:47:37:6d:a1:2d:82:f4:da:98:8d:31:af:
                    a2:72:a4:d8:3c:e1:0f:e8:19:10:64:48:88:04:ed:
                    f2:75:8e:f4:d3:f1:5e:bf:19:e6:6e:4f:54:64:d1:
                    e5:6e:26:d2:a7:fd:e0:eb:02:33:62:65:45:6d:1c:
                    7d:17:63:32:c7:91:4a:68:0d:d4:53:0f:f0:70:2f:
                    a0:7f:7e:8a:c7:30:92:95:ce:96:6c:b7:10:33:f9:
                    a4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C1:34:2C:DC:73:C1:6C:39:B6:0A:0A:BC:CD:E2:6B:40:52:FE:16
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e203537303433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:83:d2:b9:31:8c:ac:9c:c4:a4:d6:73:b2:9d:20:65:a3:3b:
         9e:3c:ed:5d:f7:fc:aa:90:6a:be:24:ba:0c:6c:73:b9:e0:fc:
         da:f8:9f:b1:be:b2:66:0a:82:c0:12:bb:b6:55:37:9c:8c:39:
         bf:94:19:6f:f5:97:f0:b1:fb:d6:28:aa:6e:5f:ba:91:95:2e:
         53:97:ed:cd:35:e5:42:ed:e6:b2:62:58:b5:71:e7:10:b2:cd:
         ef:81:e4:97:06:6f:3e:5f:0b:7d:9f:dd:21:78:4e:47:ac:02:
         5f:87:3b:ff:44:4a:da:cf:ed:0a:22:71:b0:bc:5f:17:35:95:
         11:30:2f:72:44:43:1b:b8:98:b0:8f:b5:ca:e4:c6:cc:e7:0a:
         10:40:9b:65:74:6c:4e:d1:15:c4:ae:6b:93:3d:ed:b4:ac:3c:
         52:c8:f7:e9:4b:20:ae:0d:bd:e0:02:52:ff:40:b0:4d:98:e9:
         0a:7a:5c:e1:93:dc:d3:6f:89:3d:a5:a5:69:c4:bf:2c:49:a2:
         61:3a:40:12:45:f7:ac:bf:01:cf:e8:31:58:86:be:78:96:8d:
         e6:eb:91:74:5d:83:5f:4f:59:4e:9c:f8:81:f7:02:93:3a:6a:
         27:5b:e3:fe:00:68:b5:a2:a3:82:8c:bf:f6:7e:af:f2:94:46:
         55:1e:04:58
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEzsZCbhDR5oF4zIsmI0N7MYigqgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNDAyMTQxOTAzMjNaFw0yNTAyMTIxOTA4MjNaMDMxMTAvBgNV
BAMTKENGQzEzNDJDREM3M0MxNkMzOUI2MEEwQUJDQ0RFMjZCNDA1MkZFMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5orqH5kERLilgeX1dD8dIzACi
ELZgmn7jfxNaPpQk8MHHtbt+OFQRxgu42iaGUX2tge2B0miwlGOUBhXMwoooQ+Tq
wCcbAMUG1TS82AK8DK3e+bPOgutp6jI/pNvVKLfMWvBBhZdpGDsZUinlyYhrXDj0
gT5pY2Tl4gSml7XAdc+dtZzh1WaNgSVjkcz2o/CAt12Fw9NSLh/EWlWkcQkGoAl4
SEqAJ0c3baEtgvTamI0xr6JypNg84Q/oGRBkSIgE7fJ1jvTT8V6/GeZuT1Rk0eVu
JtKn/eDrAjNiZUVtHH0XYzLHkUpoDdRTD/BwL6B/forHMJKVzpZstxAz+aTVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUz8E0LNxzwWw5tgoKvM3ia0BS/hYwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNzMwMzQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC63
HzANBgkqhkiG9w0BAQsFAAOCAQEAJoPSuTGMrJzEpNZzsp0gZaM7njztXff8qpBq
viS6DGxzueD82vifsb6yZgqCwBK7tlU3nIw5v5QZb/WX8LH71iiqbl+6kZUuU5ft
zTXlQu3msmJYtXHnELLN74HklwZvPl8LfZ/dIXhOR6wCX4c7/0RK2s/tCiJxsLxf
FzWVETAvckRDG7iYsI+1yuTGzOcKEECbZXRsTtEVxK5rkz3ttKw8Usj36Usgrg29
4AJS/0CwTZjpCnpc4ZPc02+JPaWlacS/LEmiYTpAEkX3rL8Bz+gxWIa+eJaN5uuR
dF2DX09ZTpz4gfcCkzpqJ1vj/gBotaKjgoy/9n6v8pRGVR4EWA==
-----END CERTIFICATE-----