Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33302e302f32342d3234203d3e203631333137.roa
File:                     34362e3138332e33302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          pxnqedD3kuwz1m+9x0q4e9R46P3xXGAP6tM7JZr4zqQ=
Subject key identifier:   54:71:47:0A:28:96:76:E3:B3:F3:1B:E4:EF:F4:4F:C7:03:31:D9:8B
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       6704C09BCAF5C200E1B778F19FFF7D4AE241968E
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33302e302f32342d3234203d3e203631333137.roa
Signing time:             Tue 03 Jun 2025 14:54:08 +0000
ROA not before:           Tue 03 Jun 2025 14:49:08 +0000
ROA not after:            Tue 02 Jun 2026 14:54:08 +0000
asID:                     61317
IP address blocks:        46.183.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 09:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:04:c0:9b:ca:f5:c2:00:e1:b7:78:f1:9f:ff:7d:4a:e2:41:96:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Jun  3 14:49:08 2025 GMT
            Not After : Jun  2 14:54:08 2026 GMT
        Subject: CN=5471470A289676E3B3F31BE4EFF44FC70331D98B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1d:70:2f:f0:66:72:5a:fb:71:58:c8:64:3d:
                    59:22:f1:2a:6b:ed:12:cc:3f:f0:3e:4d:4f:01:d8:
                    ba:43:e8:43:fb:03:7d:76:72:0d:5f:8a:78:a3:b7:
                    cb:e6:f3:96:a5:16:5e:72:06:5c:db:6e:a9:1a:1f:
                    ab:0c:27:80:68:67:61:a8:cc:70:aa:c1:19:0d:25:
                    59:28:bb:55:56:0f:f7:21:fb:ec:cb:a8:bd:67:8d:
                    40:30:20:af:0f:e4:92:f1:c4:a4:0c:5d:28:78:e7:
                    bc:03:47:39:5f:41:90:0d:17:ce:13:59:91:d6:cb:
                    1e:5a:a0:43:8c:ac:7e:91:90:f3:ba:9f:05:1f:8f:
                    9d:24:20:02:cf:06:7f:06:a3:8f:c6:ce:63:3f:36:
                    bc:dc:4a:21:41:ea:25:41:85:49:b0:55:ea:75:5b:
                    72:49:fa:10:bd:d1:96:a6:ae:5b:2f:d4:da:4b:d5:
                    1a:6e:5a:6c:f5:72:ce:fd:e9:5b:99:54:09:7e:46:
                    2e:df:8c:88:0e:eb:72:e5:68:0b:8f:48:70:49:e9:
                    0f:a3:f3:e0:86:59:c3:b2:fb:da:02:78:3d:52:87:
                    c5:33:95:a4:26:7d:68:6e:db:81:d9:63:ed:6b:db:
                    78:fb:c3:be:57:f5:1e:7c:98:ab:93:be:fb:80:ec:
                    dc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:71:47:0A:28:96:76:E3:B3:F3:1B:E4:EF:F4:4F:C7:03:31:D9:8B
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:56:ab:aa:b2:ec:6a:49:b1:b0:8e:aa:de:d6:d2:4f:d6:e8:
         ea:0b:0d:f6:5d:3c:92:e8:96:59:0d:61:ca:36:75:e7:e1:26:
         ef:1f:d5:d7:80:72:de:c6:59:d9:b0:0f:b0:3b:17:ef:f9:b7:
         4c:21:d9:f1:4a:66:56:53:00:f7:3c:d6:b3:27:85:1e:56:03:
         bc:fb:0d:c7:05:76:44:75:7e:95:20:4c:b7:f8:08:96:fc:e7:
         91:f1:62:38:04:18:76:ab:d9:f5:94:57:86:9e:e2:55:c1:1f:
         1a:33:4a:a7:0b:4e:bc:21:60:9e:c7:a7:19:d1:81:c6:d1:21:
         df:08:60:c4:f6:77:02:8c:b9:05:50:06:4f:8d:61:39:05:e7:
         0d:98:f6:52:c1:de:b3:21:ec:de:8b:f0:04:b2:2c:c5:6d:ca:
         87:e4:86:31:7d:5e:4a:0c:e0:eb:fe:7c:0a:7e:ad:2c:e4:21:
         ee:8d:bf:42:0d:14:76:1f:35:c0:16:7f:06:e4:af:f7:56:d9:
         99:f5:c8:c2:2c:38:6e:7f:6e:30:6f:00:b4:a4:64:9f:a2:59:
         27:5b:3e:cc:67:4e:22:4e:21:2e:31:c4:36:41:a5:42:3e:1b:
         91:e0:c2:b1:c1:f8:f2:47:b4:95:c0:a5:df:1a:75:e4:d2:b0:
         59:66:6d:85
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZwTAm8r1wgDht3jxn/99SuJBlo4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNTA2MDMxNDQ5MDhaFw0yNjA2MDIxNDU0MDhaMDMxMTAvBgNV
BAMTKDU0NzE0NzBBMjg5Njc2RTNCM0YzMUJFNEVGRjQ0RkM3MDMzMUQ5OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAHXAv8GZyWvtxWMhkPVki8Spr
7RLMP/A+TU8B2LpD6EP7A312cg1finijt8vm85alFl5yBlzbbqkaH6sMJ4BoZ2Go
zHCqwRkNJVkou1VWD/ch++zLqL1njUAwIK8P5JLxxKQMXSh457wDRzlfQZANF84T
WZHWyx5aoEOMrH6RkPO6nwUfj50kIALPBn8Go4/GzmM/NrzcSiFB6iVBhUmwVep1
W3JJ+hC90Zamrlsv1NpL1RpuWmz1cs796VuZVAl+Ri7fjIgO63LlaAuPSHBJ6Q+j
8+CGWcOy+9oCeD1Sh8UzlaQmfWhu24HZY+1r23j7w75X9R58mKuTvvuA7NzRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVHFHCiiWduOz8xvk7/RPxwMx2YswHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMzMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC63
HjANBgkqhkiG9w0BAQsFAAOCAQEAjVarqrLsakmxsI6q3tbST9bo6gsN9l08kuiW
WQ1hyjZ15+Em7x/V14By3sZZ2bAPsDsX7/m3TCHZ8UpmVlMA9zzWsyeFHlYDvPsN
xwV2RHV+lSBMt/gIlvznkfFiOAQYdqvZ9ZRXhp7iVcEfGjNKpwtOvCFgnsenGdGB
xtEh3whgxPZ3Aoy5BVAGT41hOQXnDZj2UsHesyHs3ovwBLIsxW3Kh+SGMX1eSgzg
6/58Cn6tLOQh7o2/Qg0Udh81wBZ/BuSv91bZmfXIwiw4bn9uMG8AtKRkn6JZJ1s+
zGdOIk4hLjHENkGlQj4bkeDCscH48ke0lcCl3xp15NKwWWZthQ==
-----END CERTIFICATE-----