Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e20383334.roa
File:                     34362e3138332e33312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          xUsUi3YtopFm9VP8hMqKJ5OknqKCy1oSAbxFuFcm2oA=
Subject key identifier:   AB:A2:DE:BC:68:6F:6B:F5:E9:41:A2:DE:73:1B:1F:1D:2D:B1:21:51
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       6145362C345C3BDC308A01DF9EFFF5104C714FCE
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e20383334.roa
Signing time:             Sun 02 Feb 2025 00:01:19 +0000
ROA not before:           Sat 01 Feb 2025 23:56:19 +0000
ROA not after:            Sun 01 Feb 2026 00:01:19 +0000
asID:                     834
IP address blocks:        46.183.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:08:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:45:36:2c:34:5c:3b:dc:30:8a:01:df:9e:ff:f5:10:4c:71:4f:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Feb  1 23:56:19 2025 GMT
            Not After : Feb  1 00:01:19 2026 GMT
        Subject: CN=ABA2DEBC686F6BF5E941A2DE731B1F1D2DB12151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:2b:16:36:ce:64:38:b3:4e:fe:c9:e7:c6:3f:
                    ae:d4:8a:b3:b2:2a:df:6c:9a:36:9b:4d:be:e1:1c:
                    d3:7b:f3:eb:ba:07:7e:b9:46:36:b3:38:70:bc:b5:
                    f6:0e:ad:69:5c:ac:e7:dd:ee:28:44:a4:3b:03:26:
                    29:f3:57:d2:36:d9:49:9a:e1:a8:48:d0:f8:22:cc:
                    83:a1:5a:4b:b0:ee:11:21:39:84:90:e3:96:83:2c:
                    d8:18:a2:48:12:9b:bc:79:e3:97:20:8a:87:49:f8:
                    e9:92:f4:08:f2:e8:5a:cc:dc:79:13:71:81:8d:94:
                    83:ce:61:4d:83:30:59:01:87:9b:7d:8d:31:aa:4a:
                    7e:86:cc:09:32:cc:e0:2c:bb:d1:79:07:01:2f:e3:
                    bc:0b:a2:d0:e0:f1:8f:77:8d:09:43:1f:81:df:04:
                    a5:e3:94:b2:b2:11:42:e9:5b:d6:f6:67:c8:92:15:
                    97:64:2f:0f:98:11:19:d8:29:5d:a5:7c:81:23:01:
                    c7:4a:8b:27:3e:5e:0f:78:36:46:88:2f:39:0e:6c:
                    e2:26:90:ae:9d:0d:a6:e0:90:6f:e0:90:9a:3f:37:
                    74:06:1d:bf:16:8f:88:f0:7f:46:21:5f:e6:57:b6:
                    c4:42:50:c6:ca:45:a1:5e:df:9b:0d:7e:a1:72:b7:
                    fc:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A2:DE:BC:68:6F:6B:F5:E9:41:A2:DE:73:1B:1F:1D:2D:B1:21:51
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:b9:76:8e:65:0e:1c:01:90:87:6d:57:ad:96:b3:4e:bf:0c:
         cc:de:a9:ab:d8:4b:8d:14:6d:dc:1e:e8:83:95:69:63:59:39:
         18:ba:98:07:fd:2c:7a:8b:0a:cf:03:9b:e4:e5:9e:91:4b:2a:
         91:41:78:94:ca:ae:b8:85:66:b8:b2:0a:b5:32:fd:23:ec:8f:
         f1:39:7f:08:67:dd:ec:19:8a:bf:ce:8a:63:6a:d9:e0:bf:64:
         9f:e8:53:77:f0:2b:51:cf:71:94:9b:c5:73:2a:58:fc:b8:08:
         5e:15:70:86:f4:49:5f:47:79:87:0f:c1:3c:b3:65:7c:87:f7:
         75:a9:91:4e:9d:07:06:ff:f0:11:36:59:0c:2f:7e:c1:26:48:
         11:fd:1a:6d:db:9a:57:5d:b2:af:2a:44:ca:f2:da:8a:51:0f:
         de:a7:b4:3f:ef:1f:3e:a2:1f:8c:34:39:ca:ac:d5:3f:b8:49:
         71:4e:85:1f:f8:30:2d:a4:19:70:ab:5f:5c:9f:23:98:e2:72:
         c4:98:09:c5:be:b3:c5:89:04:e2:b9:da:65:7f:71:d7:81:62:
         a7:c7:1d:36:34:58:5d:3f:e9:04:b7:a7:ff:eb:4f:eb:2a:c7:
         ee:4f:a9:36:16:bd:87:dc:10:99:e5:40:f0:78:ae:ba:99:2c:
         b1:0e:47:cd
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUYUU2LDRcO9wwigHfnv/1EExxT84wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNTAyMDEyMzU2MTlaFw0yNjAyMDEwMDAxMTlaMDMxMTAvBgNV
BAMTKEFCQTJERUJDNjg2RjZCRjVFOTQxQTJERTczMUIxRjFEMkRCMTIxNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKxY2zmQ4s07+yefGP67UirOy
Kt9smjabTb7hHNN78+u6B365RjazOHC8tfYOrWlcrOfd7ihEpDsDJinzV9I22Uma
4ahI0PgizIOhWkuw7hEhOYSQ45aDLNgYokgSm7x545cgiodJ+OmS9Ajy6FrM3HkT
cYGNlIPOYU2DMFkBh5t9jTGqSn6GzAkyzOAsu9F5BwEv47wLotDg8Y93jQlDH4Hf
BKXjlLKyEULpW9b2Z8iSFZdkLw+YERnYKV2lfIEjAcdKiyc+Xg94NkaILzkObOIm
kK6dDabgkG/gkJo/N3QGHb8Wj4jwf0YhX+ZXtsRCUMbKRaFe35sNfqFyt/yjAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUq6LevGhva/XpQaLecxsfHS2xIVEwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALrcfMA0G
CSqGSIb3DQEBCwUAA4IBAQBDuXaOZQ4cAZCHbVetlrNOvwzM3qmr2EuNFG3cHuiD
lWljWTkYupgH/Sx6iwrPA5vk5Z6RSyqRQXiUyq64hWa4sgq1Mv0j7I/xOX8IZ93s
GYq/zopjatngv2Sf6FN38CtRz3GUm8VzKlj8uAheFXCG9ElfR3mHD8E8s2V8h/d1
qZFOnQcG//ARNlkML37BJkgR/Rpt25pXXbKvKkTK8tqKUQ/ep7Q/7x8+oh+MNDnK
rNU/uElxToUf+DAtpBlwq19cnyOY4nLEmAnFvrPFiQTiudplf3HXgWKnxx02NFhd
P+kEt6f/60/rKsfuT6k2Fr2H3BCZ5UDweK66mSyxDkfN
-----END CERTIFICATE-----