Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32302e302f32332d3233203d3e203433383437.roa
File:                     34362e3138322e32302e302f32332d3233203d3e203433383437.roa (raw, json)
Hash identifier:          gLTxCeSHSKykDX518vtvEArXMU/pfjZMM+VI208KgHw=
Subject key identifier:   7F:B7:87:DA:EA:41:C4:87:56:29:01:2D:41:58:1A:D3:CD:8A:7B:7E
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       4BAD3B235FBFA016546443681B03EA233684EF26
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32302e302f32332d3233203d3e203433383437.roa
Signing time:             Wed 29 Jan 2025 13:36:56 +0000
ROA not before:           Wed 29 Jan 2025 13:31:56 +0000
ROA not after:            Wed 28 Jan 2026 13:36:56 +0000
asID:                     43847
IP address blocks:        46.182.20.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:ad:3b:23:5f:bf:a0:16:54:64:43:68:1b:03:ea:23:36:84:ef:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:56 2025 GMT
            Not After : Jan 28 13:36:56 2026 GMT
        Subject: CN=7FB787DAEA41C4875629012D41581AD3CD8A7B7E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d2:9f:5d:b0:c1:81:8d:b5:05:7a:fb:a4:e4:
                    c1:eb:89:dc:c4:40:34:d7:89:42:11:8d:65:29:0a:
                    e6:57:0f:9c:3c:aa:34:d2:2b:11:ee:79:00:97:f1:
                    e1:24:09:14:17:36:9c:18:2b:1f:73:36:b8:ab:3c:
                    23:c5:38:8a:1c:5b:ac:d4:48:d4:70:06:a6:0f:26:
                    a3:14:89:87:33:bb:86:c3:49:3f:71:21:69:ef:a0:
                    dd:27:48:72:86:81:72:61:42:2e:b2:01:cc:4a:b7:
                    17:e4:90:7f:66:c1:2a:d4:ab:f2:0f:e6:ac:2b:7c:
                    9a:1d:07:54:a7:c7:e3:ff:6b:04:ec:5c:c4:99:c7:
                    48:66:e2:59:bc:e8:84:69:56:76:51:bc:c0:fc:14:
                    2b:9b:ee:5e:df:05:61:9e:84:71:60:74:c3:3c:fe:
                    a6:8d:fa:4c:a5:dc:0b:49:8f:ce:f0:4e:21:32:db:
                    f7:b5:91:25:32:0d:fa:82:8c:a1:9e:0d:50:67:61:
                    cf:5b:b9:62:73:dc:cb:71:ce:b8:e0:2e:51:f0:1a:
                    c4:6a:5e:b1:32:13:43:26:45:a1:10:42:60:8e:96:
                    58:8a:3f:3a:db:a0:0c:de:e7:42:e8:63:d1:74:cb:
                    ad:f9:2e:49:ab:56:05:41:1c:09:2b:74:d3:88:57:
                    d0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:B7:87:DA:EA:41:C4:87:56:29:01:2D:41:58:1A:D3:CD:8A:7B:7E
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32302e302f32332d3233203d3e203433383437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:9b:4a:27:7a:45:bc:5c:e9:04:0d:38:8e:6b:8a:6b:d5:29:
         0c:20:56:b5:24:f4:99:5c:d7:cd:aa:c8:72:43:24:1d:08:81:
         75:9c:18:35:9b:44:b1:f7:b5:08:92:68:e9:aa:70:e4:02:54:
         a1:29:82:b3:ab:ca:2f:c2:00:1f:00:80:a4:67:35:f9:66:4d:
         bd:77:e4:06:16:1a:b9:9c:07:13:df:df:e8:00:5f:39:7c:6d:
         cf:b0:8b:a9:7f:90:6e:9f:bf:98:7e:5e:fa:b3:4a:f7:05:d7:
         8c:23:57:62:2e:7a:fc:15:2e:0f:02:51:cb:40:aa:e0:29:34:
         cc:e2:af:4b:61:f9:5b:3a:3f:3b:cb:d4:c9:31:53:6e:7e:db:
         89:f4:7f:46:fb:7a:a4:16:0e:03:0c:b3:96:a6:ea:ed:78:fe:
         27:89:22:ac:3e:fa:d8:09:1e:2e:85:c5:17:69:47:51:3a:99:
         39:4b:5f:70:de:1c:62:3c:84:ff:8b:87:b4:bb:d6:55:19:51:
         8f:94:15:12:6d:65:d2:54:bc:f7:a0:c2:cb:c1:fd:93:d3:f1:
         40:a4:92:de:ac:4b:1e:62:6e:f1:b0:96:d8:c0:05:c5:24:3e:
         0f:23:49:88:c0:d4:3e:55:d4:7f:60:10:f2:85:88:2c:29:1f:
         76:0f:00:de
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUS607I1+/oBZUZENoGwPqIzaE7yYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxNTZaFw0yNjAxMjgxMzM2NTZaMDMxMTAvBgNV
BAMTKDdGQjc4N0RBRUE0MUM0ODc1NjI5MDEyRDQxNTgxQUQzQ0Q4QTdCN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx0p9dsMGBjbUFevuk5MHridzE
QDTXiUIRjWUpCuZXD5w8qjTSKxHueQCX8eEkCRQXNpwYKx9zNrirPCPFOIocW6zU
SNRwBqYPJqMUiYczu4bDST9xIWnvoN0nSHKGgXJhQi6yAcxKtxfkkH9mwSrUq/IP
5qwrfJodB1Snx+P/awTsXMSZx0hm4lm86IRpVnZRvMD8FCub7l7fBWGehHFgdMM8
/qaN+kyl3AtJj87wTiEy2/e1kSUyDfqCjKGeDVBnYc9buWJz3MtxzrjgLlHwGsRq
XrEyE0MmRaEQQmCOlliKPzrboAze50LoY9F0y635LkmrVgVBHAkrdNOIV9BjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUf7eH2upBxIdWKQEtQVga082Ke34wHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzQzNjJlMzEzODMyMmUzMjMw
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzQzMzM4MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS62
FDANBgkqhkiG9w0BAQsFAAOCAQEAkZtKJ3pFvFzpBA04jmuKa9UpDCBWtST0mVzX
zarIckMkHQiBdZwYNZtEsfe1CJJo6apw5AJUoSmCs6vKL8IAHwCApGc1+WZNvXfk
BhYauZwHE9/f6ABfOXxtz7CLqX+Qbp+/mH5e+rNK9wXXjCNXYi56/BUuDwJRy0Cq
4Ck0zOKvS2H5Wzo/O8vUyTFTbn7bifR/Rvt6pBYOAwyzlqbq7Xj+J4kirD762Ake
LoXFF2lHUTqZOUtfcN4cYjyE/4uHtLvWVRlRj5QVEm1l0lS896DCy8H9k9PxQKSS
3qxLHmJu8bCW2MAFxSQ+DyNJiMDUPlXUf2AQ8oWILCkfdg8A3g==
-----END CERTIFICATE-----