Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32322e302f32342d3234203d3e20383334.roa
File:                     34362e3138322e32322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          2ZPUSJaC1RnZkXzobIGyH9ipzTCnVn+dYUl13aymVs8=
Subject key identifier:   1D:9A:D8:03:DB:D0:32:5A:8E:00:9A:FD:9D:A7:15:9A:22:CE:0F:CA
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       33A521E1F6BFBB4CB33C19BE481A3B0A769A56EB
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32322e302f32342d3234203d3e20383334.roa
Signing time:             Wed 29 Jan 2025 13:36:49 +0000
ROA not before:           Wed 29 Jan 2025 13:31:49 +0000
ROA not after:            Wed 28 Jan 2026 13:36:49 +0000
asID:                     834
IP address blocks:        46.182.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 18:17:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:a5:21:e1:f6:bf:bb:4c:b3:3c:19:be:48:1a:3b:0a:76:9a:56:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Jan 29 13:31:49 2025 GMT
            Not After : Jan 28 13:36:49 2026 GMT
        Subject: CN=1D9AD803DBD0325A8E009AFD9DA7159A22CE0FCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:57:38:84:7a:db:9e:e9:6d:2e:36:df:7e:61:
                    5d:55:9d:b3:12:94:69:44:dd:e3:45:70:89:12:68:
                    ca:11:b4:88:93:ab:d8:b7:d0:5f:84:e9:a8:9e:5f:
                    52:6a:f2:31:c9:60:65:ae:10:02:d3:f8:b2:43:a0:
                    6c:d7:1f:4c:43:4b:0b:07:c5:d5:2b:a6:1a:48:0a:
                    9e:7a:6b:d6:c5:0d:85:11:6f:74:b5:cc:63:2a:94:
                    e9:1f:e5:50:83:93:29:7e:9e:88:fd:59:7c:9a:42:
                    5f:31:81:c5:ae:8f:1e:d4:2f:9e:0e:5a:bc:3c:a4:
                    86:e0:22:05:22:aa:da:6a:c8:80:77:67:72:72:ec:
                    85:97:f8:1a:a3:71:86:13:96:b8:b9:ab:9f:1b:f9:
                    4b:0c:87:6b:a6:72:a5:7d:2c:09:e1:6b:22:30:ce:
                    ea:78:67:c8:93:b3:63:8f:0c:89:80:4a:c0:f9:64:
                    36:1f:bc:73:41:bc:b6:85:80:1e:31:9a:4c:9d:e6:
                    8c:f2:52:eb:79:d1:0c:c0:aa:66:cf:78:69:e6:9a:
                    de:81:80:12:44:68:56:de:f3:37:a9:a5:16:2a:48:
                    b3:01:58:1f:37:ae:65:55:17:87:d4:9b:26:3a:08:
                    92:5f:c4:c5:28:f4:e6:27:d6:05:2c:f2:92:13:a4:
                    80:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:9A:D8:03:DB:D0:32:5A:8E:00:9A:FD:9D:A7:15:9A:22:CE:0F:CA
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:5f:1b:b1:b6:96:67:47:89:0c:03:84:9b:27:2e:90:f5:a8:
         12:df:5d:81:3c:39:80:9c:68:16:38:27:1e:c0:88:8f:74:48:
         37:f5:92:de:3d:d9:28:12:0a:ba:0d:15:42:e7:20:b8:37:4b:
         a8:64:48:ab:68:73:83:71:85:e6:00:bb:cf:34:38:93:8e:92:
         67:af:59:ac:df:27:b9:e4:d7:77:a6:57:8a:11:0a:f5:bd:85:
         ff:9e:7c:51:92:97:8b:7f:5b:e6:e8:37:0e:6c:5e:d7:82:ac:
         7a:e8:1c:b9:80:9a:91:57:8b:8e:be:01:1f:b5:a1:a3:a1:12:
         b5:ed:fa:c7:a2:02:65:ee:73:3f:ee:f7:06:3f:a0:3f:83:40:
         9d:ef:cd:e3:1b:8c:51:57:21:52:43:ad:84:fe:c8:b1:bb:a4:
         76:24:fa:15:17:89:42:c4:e1:02:2c:d6:d6:0f:5d:0a:67:bb:
         06:45:1f:f9:fc:50:42:62:3c:48:e5:33:62:f5:0b:47:ba:88:
         66:4d:61:14:d8:da:10:cb:37:80:45:42:f9:1a:44:a1:90:60:
         a5:15:f0:b7:ef:4f:60:94:91:74:55:91:5b:57:42:9b:ff:9d:
         f0:08:60:be:c2:f8:d7:a2:1b:cc:f2:9d:79:01:79:71:fa:53:
         63:e7:fb:bd
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUM6Uh4fa/u0yzPBm+SBo7CnaaVuswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTAxMjkxMzMxNDlaFw0yNjAxMjgxMzM2NDlaMDMxMTAvBgNV
BAMTKDFEOUFEODAzREJEMDMyNUE4RTAwOUFGRDlEQTcxNTlBMjJDRTBGQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmVziEetue6W0uNt9+YV1VnbMS
lGlE3eNFcIkSaMoRtIiTq9i30F+E6aieX1Jq8jHJYGWuEALT+LJDoGzXH0xDSwsH
xdUrphpICp56a9bFDYURb3S1zGMqlOkf5VCDkyl+noj9WXyaQl8xgcWujx7UL54O
Wrw8pIbgIgUiqtpqyIB3Z3Jy7IWX+BqjcYYTlri5q58b+UsMh2umcqV9LAnhayIw
zup4Z8iTs2OPDImASsD5ZDYfvHNBvLaFgB4xmkyd5ozyUut50QzAqmbPeGnmmt6B
gBJEaFbe8zeppRYqSLMBWB83rmVVF4fUmyY6CJJfxMUo9OYn1gUs8pITpICNAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUHZrYA9vQMlqOAJr9nacVmiLOD8owHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzQzNjJlMzEzODMyMmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALrYWMA0G
CSqGSIb3DQEBCwUAA4IBAQBZXxuxtpZnR4kMA4SbJy6Q9agS312BPDmAnGgWOCce
wIiPdEg39ZLePdkoEgq6DRVC5yC4N0uoZEiraHODcYXmALvPNDiTjpJnr1ms3ye5
5Nd3pleKEQr1vYX/nnxRkpeLf1vm6DcObF7Xgqx66By5gJqRV4uOvgEftaGjoRK1
7frHogJl7nM/7vcGP6A/g0Cd783jG4xRVyFSQ62E/sixu6R2JPoVF4lCxOECLNbW
D10KZ7sGRR/5/FBCYjxI5TNi9QtHuohmTWEU2NoQyzeARUL5GkShkGClFfC3709g
lJF0VZFbV0Kb/53wCGC+wvjXohvM8p15AXlx+lNj5/u9
-----END CERTIFICATE-----