Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e31382e302f32332d3233203d3e203433383437.roa
File:                     34362e3138322e31382e302f32332d3233203d3e203433383437.roa (raw, json)
Hash identifier:          4Ns+nZIS59tdPTXyzEk/8ZsDfijKL83vY7HPlP7mVB0=
Subject key identifier:   A7:A2:70:3B:E0:E5:3F:0A:56:FE:04:B1:75:11:9E:6D:56:31:FB:6B
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       1CDEA067F10F6133B7B698A00440F547BAB022E6
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e31382e302f32332d3233203d3e203433383437.roa
Signing time:             Wed 29 Jan 2025 13:36:35 +0000
ROA not before:           Wed 29 Jan 2025 13:31:35 +0000
ROA not after:            Wed 28 Jan 2026 13:36:35 +0000
asID:                     43847
IP address blocks:        46.182.18.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:de:a0:67:f1:0f:61:33:b7:b6:98:a0:04:40:f5:47:ba:b0:22:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:35 2025 GMT
            Not After : Jan 28 13:36:35 2026 GMT
        Subject: CN=A7A2703BE0E53F0A56FE04B175119E6D5631FB6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:82:3e:0d:0f:7a:45:e4:c7:a3:35:5e:68:25:
                    19:79:bd:58:f5:28:89:f5:90:2a:73:1f:d1:d8:3f:
                    42:42:0d:a3:98:86:c8:fb:9a:9e:95:e3:dc:2d:87:
                    94:0f:75:6c:0c:7a:22:69:2b:84:da:a8:7d:37:6e:
                    71:6b:02:a3:05:bd:70:c8:09:dd:d2:db:c9:cd:0d:
                    bd:99:3d:49:5b:8a:65:c8:56:58:4d:43:5d:5b:4b:
                    47:f0:9a:6e:59:bf:1b:60:49:91:c5:76:11:6b:c6:
                    a4:5d:e6:f5:15:7e:06:48:93:30:16:e5:fe:42:61:
                    cb:05:39:0e:29:42:f9:e6:14:36:5f:07:cf:25:9c:
                    8d:7a:5f:f9:52:81:55:2e:e2:50:54:a7:75:7c:26:
                    ee:ce:39:47:d2:48:26:99:20:7c:a4:eb:ad:1b:56:
                    be:08:b2:14:ac:af:c0:9f:45:42:64:73:1f:2d:c1:
                    6b:d1:62:03:81:71:b3:e3:e2:78:db:87:4c:1a:2a:
                    2d:5c:6c:fc:cb:a5:06:dd:3c:ab:e2:51:df:72:7b:
                    3c:d8:41:8a:09:92:fc:27:b7:61:ad:cd:7b:6b:5c:
                    b6:6a:ee:aa:22:1d:8b:04:fa:d5:71:85:01:00:1b:
                    0f:bd:67:41:1c:ab:13:d1:63:1b:6d:49:25:c6:2c:
                    c7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A2:70:3B:E0:E5:3F:0A:56:FE:04:B1:75:11:9E:6D:56:31:FB:6B
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e31382e302f32332d3233203d3e203433383437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:fa:ae:5b:de:ed:51:be:37:27:70:04:a9:83:e0:b2:30:91:
         26:b3:4f:c2:5e:c4:7c:d6:99:01:64:d0:c1:58:fc:74:b9:68:
         5b:24:b6:57:2b:31:42:48:3f:e6:40:fd:1e:e0:91:08:76:d4:
         05:d3:c3:5d:24:b5:61:a9:01:22:3e:aa:87:9f:19:77:b3:cc:
         4a:24:71:a6:3d:34:2e:5e:cc:5d:ab:ba:cc:cf:9d:6a:a3:06:
         36:86:9e:cf:9b:be:7a:12:c3:a3:2d:ae:38:40:a9:08:b4:73:
         e2:50:02:b6:f9:c2:fe:b8:9c:bc:60:a6:a7:c9:82:9e:21:97:
         d2:39:c0:7b:dd:56:d3:fc:fc:c4:41:d4:2b:d1:52:4c:da:12:
         4d:9d:09:e9:16:48:d5:4e:54:48:e4:03:02:21:d2:4f:4f:7a:
         15:5a:3c:74:d6:1e:99:1f:bd:74:cb:e5:5f:64:df:2b:60:51:
         7c:05:11:a4:df:47:c4:31:fc:3a:1d:73:9c:92:6f:b9:14:b7:
         a7:d2:00:ba:e4:df:08:5e:7d:0c:c7:65:89:cd:d0:9d:3b:43:
         3f:99:0c:e5:c2:9f:99:65:0b:cf:b6:37:fe:ca:1c:42:89:d9:
         48:cb:d4:56:1c:01:af:8e:5c:c7:51:a9:4f:6d:67:b2:f5:43:
         d0:3a:5c:57
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHN6gZ/EPYTO3tpigBED1R7qwIuYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxMzVaFw0yNjAxMjgxMzM2MzVaMDMxMTAvBgNV
BAMTKEE3QTI3MDNCRTBFNTNGMEE1NkZFMDRCMTc1MTE5RTZENTYzMUZCNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWgj4ND3pF5MejNV5oJRl5vVj1
KIn1kCpzH9HYP0JCDaOYhsj7mp6V49wth5QPdWwMeiJpK4TaqH03bnFrAqMFvXDI
Cd3S28nNDb2ZPUlbimXIVlhNQ11bS0fwmm5ZvxtgSZHFdhFrxqRd5vUVfgZIkzAW
5f5CYcsFOQ4pQvnmFDZfB88lnI16X/lSgVUu4lBUp3V8Ju7OOUfSSCaZIHyk660b
Vr4IshSsr8CfRUJkcx8twWvRYgOBcbPj4njbh0waKi1cbPzLpQbdPKviUd9yezzY
QYoJkvwnt2GtzXtrXLZq7qoiHYsE+tVxhQEAGw+9Z0EcqxPRYxttSSXGLMetAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUp6JwO+DlPwpW/gSxdRGebVYx+2swHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzQzNjJlMzEzODMyMmUzMTM4
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzQzMzM4MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS62
EjANBgkqhkiG9w0BAQsFAAOCAQEAovquW97tUb43J3AEqYPgsjCRJrNPwl7EfNaZ
AWTQwVj8dLloWyS2VysxQkg/5kD9HuCRCHbUBdPDXSS1YakBIj6qh58Zd7PMSiRx
pj00Ll7MXau6zM+daqMGNoaez5u+ehLDoy2uOECpCLRz4lACtvnC/ricvGCmp8mC
niGX0jnAe91W0/z8xEHUK9FSTNoSTZ0J6RZI1U5USOQDAiHST096FVo8dNYemR+9
dMvlX2TfK2BRfAURpN9HxDH8Oh1znJJvuRS3p9IAuuTfCF59DMdlic3QnTtDP5kM
5cKfmWULz7Y3/socQonZSMvUVhwBr45cx1GpT21nsvVD0DpcVw==
-----END CERTIFICATE-----