Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32322e302f32342d3234203d3e203432383331.roa
File:                     34362e3138322e32322e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          01LOWf7MxhRX+2Op4rDN5W7ucn6FteIUTuCGEpIiXqg=
Subject key identifier:   91:B0:38:D4:73:D2:54:95:47:FC:22:EB:D7:4B:45:17:86:8F:6A:95
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       5D7DF4B948304CD6F327E140FE89FBC0B17E49DD
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32322e302f32342d3234203d3e203432383331.roa
Signing time:             Sat 08 Mar 2025 16:20:33 +0000
ROA not before:           Sat 08 Mar 2025 16:15:33 +0000
ROA not after:            Sat 07 Mar 2026 16:20:33 +0000
asID:                     42831
IP address blocks:        46.182.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:7d:f4:b9:48:30:4c:d6:f3:27:e1:40:fe:89:fb:c0:b1:7e:49:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Mar  8 16:15:33 2025 GMT
            Not After : Mar  7 16:20:33 2026 GMT
        Subject: CN=91B038D473D2549547FC22EBD74B4517868F6A95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ab:d0:ca:8a:91:4a:30:e9:e5:cf:7f:e1:53:
                    a8:03:28:dd:50:62:1c:ce:d7:62:4d:f2:f6:f9:83:
                    ef:0e:96:5e:33:1b:66:24:20:01:f1:af:a3:97:b5:
                    8a:98:95:a8:4e:23:8f:91:db:02:f6:4c:e1:c2:1d:
                    56:09:87:7e:10:06:34:dc:9d:6a:7a:5b:2c:8d:79:
                    9f:c7:14:6f:4e:38:a0:54:46:f3:e0:cf:f6:36:27:
                    33:f0:26:f3:08:cb:67:7f:71:38:79:a2:b8:68:7b:
                    4b:3b:ca:d8:8a:ce:f3:90:0c:31:c1:28:9a:78:7f:
                    8b:9c:71:b1:9b:5d:13:b4:6d:b3:a9:f7:c8:a4:93:
                    8f:22:07:54:24:f0:ed:72:5a:81:0e:6f:ab:62:18:
                    c0:19:fb:a4:5c:a7:c2:94:1a:9d:07:e8:09:49:d7:
                    35:da:17:c9:eb:e3:fb:77:ef:66:59:12:ae:f0:03:
                    bb:d8:f9:cf:87:26:03:7e:2d:4d:b5:f7:ef:23:fc:
                    e9:10:33:b3:a6:61:9c:39:52:6a:bf:f3:37:52:8a:
                    13:c0:83:e9:cc:1f:83:93:42:56:3a:eb:54:8b:38:
                    6d:f2:0f:c6:05:a3:9f:45:90:3e:d5:d3:1e:15:24:
                    2f:6d:00:ee:45:4b:88:20:91:b6:06:b5:bf:b2:f8:
                    6a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:B0:38:D4:73:D2:54:95:47:FC:22:EB:D7:4B:45:17:86:8F:6A:95
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32322e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d8:18:40:4d:fb:24:03:b5:64:41:6d:27:3f:e7:4d:e8:c9:
         bf:7a:92:70:62:26:b1:42:2a:60:aa:5a:34:43:ed:cf:d7:2a:
         e5:db:a7:bd:47:b5:9a:1b:3e:cb:2f:a9:9d:4a:3f:22:bf:2b:
         66:31:11:8e:1d:29:6b:0b:f2:80:d7:eb:ee:f8:78:6e:ce:cf:
         b3:cd:87:f2:6e:07:33:d7:34:13:a8:7b:65:0e:2f:f4:16:3f:
         ef:3e:71:5c:05:7d:33:ad:c0:bb:bc:60:be:28:dd:01:7c:40:
         83:1c:91:38:68:b3:73:29:0d:7a:31:58:03:b1:4e:43:93:78:
         ed:a7:a9:fa:a4:f7:6c:73:55:80:47:36:a6:6c:76:4f:a5:0a:
         8e:a0:a8:da:79:7f:b7:52:39:13:94:fa:e7:aa:5f:2f:72:15:
         46:c9:23:d5:c2:76:8e:54:36:02:84:b8:e6:90:78:1f:aa:93:
         b9:b9:4e:b4:b5:12:f2:a4:b3:30:3e:98:9a:9f:43:28:01:51:
         a6:91:fc:d6:85:61:a0:ec:91:74:db:3c:e1:83:a0:47:65:fb:
         6b:26:11:12:fb:ce:42:ce:3c:8f:1d:c2:ff:3c:97:28:ed:4e:
         74:90:c3:d5:ea:26:b3:de:1c:b6:b5:7d:83:21:f9:64:4e:a8:
         bb:a1:c3:6a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXX30uUgwTNbzJ+FA/on7wLF+Sd0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAzMDgxNjE1MzNaFw0yNjAzMDcxNjIwMzNaMDMxMTAvBgNV
BAMTKDkxQjAzOEQ0NzNEMjU0OTU0N0ZDMjJFQkQ3NEI0NTE3ODY4RjZBOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4q9DKipFKMOnlz3/hU6gDKN1Q
YhzO12JN8vb5g+8Oll4zG2YkIAHxr6OXtYqYlahOI4+R2wL2TOHCHVYJh34QBjTc
nWp6WyyNeZ/HFG9OOKBURvPgz/Y2JzPwJvMIy2d/cTh5orhoe0s7ytiKzvOQDDHB
KJp4f4uccbGbXRO0bbOp98ikk48iB1Qk8O1yWoEOb6tiGMAZ+6Rcp8KUGp0H6AlJ
1zXaF8nr4/t372ZZEq7wA7vY+c+HJgN+LU219+8j/OkQM7OmYZw5Umq/8zdSihPA
g+nMH4OTQlY661SLOG3yD8YFo59FkD7V0x4VJC9tAO5FS4ggkbYGtb+y+GojAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkbA41HPSVJVH/CLr10tFF4aPapUwHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzQzNjJlMzEzODMyMmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM4MzMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC62
FjANBgkqhkiG9w0BAQsFAAOCAQEAl9gYQE37JAO1ZEFtJz/nTejJv3qScGImsUIq
YKpaNEPtz9cq5dunvUe1mhs+yy+pnUo/Ir8rZjERjh0pawvygNfr7vh4bs7Ps82H
8m4HM9c0E6h7ZQ4v9BY/7z5xXAV9M63Au7xgvijdAXxAgxyROGizcykNejFYA7FO
Q5N47aep+qT3bHNVgEc2pmx2T6UKjqCo2nl/t1I5E5T656pfL3IVRskj1cJ2jlQ2
AoS45pB4H6qTublOtLUS8qSzMD6Ymp9DKAFRppH81oVhoOyRdNs84YOgR2X7ayYR
EvvOQs48jx3C/zyXKO1OdJDD1eoms94ctrV9gyH5ZE6ou6HDag==
-----END CERTIFICATE-----