Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32382e302f32342d3234203d3e203631333137.roa
File:                     34362e3138332e32382e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          fvI4RQQ01xEAqUe6KVlJ1GGLeZTmhK5W4DnyDfr2VQg=
Subject key identifier:   68:09:BA:8F:DC:DA:87:CC:36:48:70:01:6D:CD:B9:0A:18:BB:77:B8
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       5009D653B2CBE47925ECE0FB226CBB009797A2AB
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32382e302f32342d3234203d3e203631333137.roa
Signing time:             Tue 05 May 2026 15:47:11 +0000
ROA not before:           Tue 05 May 2026 15:42:11 +0000
ROA not after:            Tue 04 May 2027 15:47:11 +0000
asID:                     61317
IP address blocks:        46.183.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:09:d6:53:b2:cb:e4:79:25:ec:e0:fb:22:6c:bb:00:97:97:a2:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: May  5 15:42:11 2026 GMT
            Not After : May  4 15:47:11 2027 GMT
        Subject: CN=6809BA8FDCDA87CC364870016DCDB90A18BB77B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ea:60:e3:e8:d5:a8:66:73:a8:91:94:95:fb:
                    f7:77:79:5b:60:66:ef:f6:04:f3:47:49:02:59:ac:
                    d8:10:f7:25:89:77:90:c0:94:de:c7:1b:db:bf:89:
                    ef:62:f6:55:40:36:84:fe:8e:61:e3:2a:b4:78:67:
                    af:82:d1:a2:87:ba:63:71:42:3e:8d:b8:f2:17:ee:
                    17:fb:62:4b:88:e4:83:2a:2d:db:e2:cc:34:04:ed:
                    b3:7b:ee:74:f3:c7:83:2a:17:72:69:72:6e:4b:a2:
                    45:55:84:0d:30:fb:2b:89:3b:82:33:b2:d6:cc:bf:
                    75:3b:c8:e3:3b:cf:12:66:62:16:50:bb:51:d0:12:
                    27:ba:d9:3a:81:bc:57:b4:a1:4f:7f:b7:d9:8e:e7:
                    99:1d:16:23:a1:fe:d7:15:5b:6c:01:4e:75:a1:ea:
                    28:04:db:34:9c:70:16:0e:b2:86:40:b1:aa:87:ce:
                    86:4b:53:e7:5e:ba:f8:18:97:53:ee:80:a3:22:72:
                    e0:78:e6:f9:29:80:ec:4e:51:57:b8:be:98:8b:f9:
                    74:de:cf:1f:24:de:71:ae:aa:93:9a:bf:82:1e:3f:
                    5d:59:91:a0:94:4f:cb:22:a6:54:e9:3c:95:ee:cc:
                    f4:10:96:1c:d7:0b:be:91:70:35:69:e3:23:8f:81:
                    fa:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:09:BA:8F:DC:DA:87:CC:36:48:70:01:6D:CD:B9:0A:18:BB:77:B8
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e32382e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:15:9e:d5:d1:3c:bd:91:ed:58:05:ba:c8:fd:03:1d:d3:14:
         dc:f3:fa:2a:1b:87:1a:e8:39:e3:2e:cb:e3:d0:81:f1:13:95:
         a0:7d:76:6d:77:19:f8:9e:f7:c5:cd:9f:8d:11:8c:11:2b:07:
         e1:21:24:7b:09:f7:29:19:d6:32:37:d6:51:ca:f1:ca:46:47:
         2e:ba:e4:60:21:6d:cb:7d:fe:41:1e:6b:92:b8:2c:c8:bd:bd:
         05:42:9e:24:8d:e0:ea:ae:17:ee:bf:a3:17:d0:f2:01:57:af:
         94:01:cd:a8:8d:a7:c7:44:59:96:23:5b:75:0d:f7:67:2a:20:
         cb:97:a3:10:ee:4c:0e:02:4c:85:60:57:29:a3:a9:b8:b6:ac:
         30:e8:9d:4f:a7:bc:11:1f:ad:11:a7:f4:de:d9:54:42:a9:ed:
         24:29:9f:3f:9c:aa:be:c7:70:6f:b2:bf:06:f4:34:2e:b3:36:
         d9:69:17:71:9d:12:b5:3c:3c:20:8d:14:6b:0c:8e:79:5f:cb:
         e7:04:5d:87:a5:31:58:70:5b:00:15:d0:92:7a:94:44:0a:61:
         7c:f2:b4:e6:02:12:f4:c3:86:54:a1:23:6b:72:a9:7b:20:33:
         57:14:18:b0:59:98:46:bc:2b:44:0b:53:2e:d2:79:bb:1c:c0:
         7e:12:6f:45
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUAnWU7LL5Hkl7OD7Imy7AJeXoqswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNjA1MDUxNTQyMTFaFw0yNzA1MDQxNTQ3MTFaMDMxMTAvBgNV
BAMTKDY4MDlCQThGRENEQTg3Q0MzNjQ4NzAwMTZEQ0RCOTBBMThCQjc3QjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6mDj6NWoZnOokZSV+/d3eVtg
Zu/2BPNHSQJZrNgQ9yWJd5DAlN7HG9u/ie9i9lVANoT+jmHjKrR4Z6+C0aKHumNx
Qj6NuPIX7hf7YkuI5IMqLdvizDQE7bN77nTzx4MqF3Jpcm5LokVVhA0w+yuJO4Iz
stbMv3U7yOM7zxJmYhZQu1HQEie62TqBvFe0oU9/t9mO55kdFiOh/tcVW2wBTnWh
6igE2zSccBYOsoZAsaqHzoZLU+deuvgYl1PugKMicuB45vkpgOxOUVe4vpiL+XTe
zx8k3nGuqpOav4IeP11ZkaCUT8siplTpPJXuzPQQlhzXC76RcDVp4yOPgfrLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUaAm6j9zah8w2SHABbc25Chi7d7gwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC63
HDANBgkqhkiG9w0BAQsFAAOCAQEANRWe1dE8vZHtWAW6yP0DHdMU3PP6KhuHGug5
4y7L49CB8ROVoH12bXcZ+J73xc2fjRGMESsH4SEkewn3KRnWMjfWUcrxykZHLrrk
YCFty33+QR5rkrgsyL29BUKeJI3g6q4X7r+jF9DyAVevlAHNqI2nx0RZliNbdQ33
Zyogy5ejEO5MDgJMhWBXKaOpuLasMOidT6e8ER+tEaf03tlUQqntJCmfP5yqvsdw
b7K/BvQ0LrM22WkXcZ0StTw8II0UawyOeV/L5wRdh6UxWHBbABXQknqURAphfPK0
5gIS9MOGVKEja3KpeyAzVxQYsFmYRrwrRAtTLtJ5uxzAfhJvRQ==
-----END CERTIFICATE-----