Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32312e302f32342d3234203d3e203433383437.roa
File:                     34362e3138322e32312e302f32342d3234203d3e203433383437.roa (raw, json)
Hash identifier:          /UuXq/SkWF47gXFnW/T4vEllXZulBrt5hUqt6XmiJns=
Subject key identifier:   56:EB:C4:CF:81:BE:92:60:D2:55:27:EC:57:D9:AC:1E:3B:0C:FA:C9
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       7A04540BE7C98F2B8A302DB1519120966CCBA8BD
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32312e302f32342d3234203d3e203433383437.roa
Signing time:             Wed 09 Apr 2025 03:07:45 +0000
ROA not before:           Wed 09 Apr 2025 03:02:45 +0000
ROA not after:            Wed 08 Apr 2026 03:07:45 +0000
asID:                     43847
IP address blocks:        46.182.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 15:04:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:04:54:0b:e7:c9:8f:2b:8a:30:2d:b1:51:91:20:96:6c:cb:a8:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Apr  9 03:02:45 2025 GMT
            Not After : Apr  8 03:07:45 2026 GMT
        Subject: CN=56EBC4CF81BE9260D25527EC57D9AC1E3B0CFAC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d4:5f:f8:c8:e3:22:b7:b7:2f:d8:d4:4c:2c:
                    a4:b4:17:b0:33:80:a3:ca:74:18:db:33:c7:1b:95:
                    ab:d4:6b:92:d0:7d:f6:69:e3:69:b1:0e:0e:5f:70:
                    08:b5:c3:8f:8a:86:af:9b:2c:07:1a:a7:63:0e:08:
                    bb:c9:9c:a3:a7:83:73:ca:b3:40:77:19:00:65:e9:
                    c0:e0:c0:20:ec:8b:85:43:84:52:a6:d0:91:e8:6f:
                    0b:84:71:27:42:2c:c0:26:d8:38:64:d5:29:94:29:
                    e7:e7:f3:27:75:1b:e6:ca:71:73:e3:b2:3b:64:6a:
                    f1:2c:07:2e:84:47:e7:b3:9e:fc:ae:da:a5:72:3f:
                    2a:cc:81:9c:2a:f7:7a:5c:98:cd:40:56:7e:e9:fb:
                    0a:7b:12:f1:04:22:8b:1b:55:a0:25:99:a6:09:e5:
                    dd:61:a8:aa:ec:5d:ba:85:cc:11:27:23:25:6e:04:
                    34:01:d3:c0:fb:c6:37:04:e2:8e:b6:c6:81:6c:b8:
                    41:e4:b5:23:20:18:78:53:70:58:0f:1d:ad:ee:d1:
                    ef:be:96:c6:d9:d6:fb:7f:b0:b7:9a:61:ee:14:ec:
                    af:4a:4f:9f:75:78:14:60:02:a0:e4:a0:fa:5e:37:
                    e3:32:fc:45:03:ba:be:21:fc:bc:73:f9:af:c2:f0:
                    fc:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:EB:C4:CF:81:BE:92:60:D2:55:27:EC:57:D9:AC:1E:3B:0C:FA:C9
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32312e302f32342d3234203d3e203433383437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:bf:e6:07:ea:e0:2d:44:53:db:59:45:5d:68:b7:49:d4:a7:
         e9:fe:44:e5:44:7b:c5:75:b8:71:14:c3:6f:86:7d:f0:13:89:
         c5:ed:61:2e:8c:82:08:39:26:f8:04:d5:b1:c8:e1:4f:e7:d0:
         dd:12:42:35:f4:97:76:b8:79:09:56:72:8c:b3:26:d5:8a:33:
         75:33:6d:a0:de:1b:eb:c3:06:6d:cd:d8:de:ff:c8:8c:d4:88:
         35:ae:df:93:2d:45:33:9f:34:47:d9:19:8c:20:a8:93:41:23:
         bb:bc:03:c5:5d:98:63:14:db:4e:41:90:a1:68:ac:46:22:cb:
         56:c8:4b:c5:c0:1f:5d:93:1a:b3:bc:3a:93:a6:5b:3d:b7:53:
         c0:0d:28:a8:5e:69:88:85:64:49:a0:b3:23:03:2a:3d:96:1f:
         e0:11:50:6f:51:ce:86:29:12:53:44:b1:a1:94:3e:fa:15:f9:
         08:db:21:61:84:16:83:d9:1b:9b:02:ce:27:bb:93:55:24:9e:
         1b:cb:5d:12:ca:3a:3e:a4:84:af:99:32:60:3e:9d:b8:07:1e:
         97:60:5c:5c:76:f8:9d:96:da:18:a1:a9:1a:9c:82:b6:42:b3:
         74:ff:68:37:aa:80:bd:8c:d7:f7:4e:4f:04:2d:d4:bd:5f:ab:
         7e:66:1e:8a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUegRUC+fJjyuKMC2xUZEglmzLqL0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTA0MDkwMzAyNDVaFw0yNjA0MDgwMzA3NDVaMDMxMTAvBgNV
BAMTKDU2RUJDNENGODFCRTkyNjBEMjU1MjdFQzU3RDlBQzFFM0IwQ0ZBQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/1F/4yOMit7cv2NRMLKS0F7Az
gKPKdBjbM8cblavUa5LQffZp42mxDg5fcAi1w4+Khq+bLAcap2MOCLvJnKOng3PK
s0B3GQBl6cDgwCDsi4VDhFKm0JHobwuEcSdCLMAm2Dhk1SmUKefn8yd1G+bKcXPj
sjtkavEsBy6ER+eznvyu2qVyPyrMgZwq93pcmM1AVn7p+wp7EvEEIosbVaAlmaYJ
5d1hqKrsXbqFzBEnIyVuBDQB08D7xjcE4o62xoFsuEHktSMgGHhTcFgPHa3u0e++
lsbZ1vt/sLeaYe4U7K9KT591eBRgAqDkoPpeN+My/EUDur4h/Lxz+a/C8PzpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVuvEz4G+kmDSVSfsV9msHjsM+skwHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzQzNjJlMzEzODMyMmUzMjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMzM4MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC62
FTANBgkqhkiG9w0BAQsFAAOCAQEAtr/mB+rgLURT21lFXWi3SdSn6f5E5UR7xXW4
cRTDb4Z98BOJxe1hLoyCCDkm+ATVscjhT+fQ3RJCNfSXdrh5CVZyjLMm1YozdTNt
oN4b68MGbc3Y3v/IjNSINa7fky1FM580R9kZjCCok0Eju7wDxV2YYxTbTkGQoWis
RiLLVshLxcAfXZMas7w6k6ZbPbdTwA0oqF5piIVkSaCzIwMqPZYf4BFQb1HOhikS
U0SxoZQ++hX5CNshYYQWg9kbmwLOJ7uTVSSeG8tdEso6PqSEr5kyYD6duAcel2Bc
XHb4nZbaGKGpGpyCtkKzdP9oN6qAvYzX905PBC3UvV+rfmYeig==
-----END CERTIFICATE-----