Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33302e302f32342d3234203d3e203631333137.roa
File:                     34362e3138332e33302e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          Ss/HYpCtXLgsgjLt2I87OIMAV3Zt1zbXev+rVN4ldH4=
Subject key identifier:   F5:EC:BA:EF:88:46:A8:C9:14:A8:85:6A:A0:96:FD:21:49:8B:65:17
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       0E67E1091090EE69314D073D1D1FC71E2E61F1B1
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33302e302f32342d3234203d3e203631333137.roa
Signing time:             Tue 05 May 2026 15:47:11 +0000
ROA not before:           Tue 05 May 2026 15:42:11 +0000
ROA not after:            Tue 04 May 2027 15:47:11 +0000
asID:                     61317
IP address blocks:        46.183.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:67:e1:09:10:90:ee:69:31:4d:07:3d:1d:1f:c7:1e:2e:61:f1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: May  5 15:42:11 2026 GMT
            Not After : May  4 15:47:11 2027 GMT
        Subject: CN=F5ECBAEF8846A8C914A8856AA096FD21498B6517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:19:ae:75:1c:ce:41:27:41:5e:ca:08:e5:42:
                    69:58:ef:4b:6e:71:b4:ae:ab:9d:e1:38:4d:56:12:
                    b7:36:98:05:8a:3b:df:dd:0d:75:4c:ad:56:00:5a:
                    c4:1b:d2:76:a9:0d:37:a6:cf:76:5d:cb:77:e4:06:
                    4c:ca:58:72:93:28:e0:9d:65:5b:79:94:37:25:1e:
                    89:8c:d2:ea:c3:c1:05:d7:fc:16:8b:fb:8c:6a:f0:
                    15:e9:72:11:45:73:84:cf:a0:5d:67:d7:9d:f6:c8:
                    89:d6:df:a6:e9:11:8b:60:46:db:66:96:37:00:bc:
                    e0:f0:6c:27:f7:6c:e4:8f:14:6c:a8:a0:47:d8:46:
                    86:80:ed:91:22:8c:2b:40:d7:1c:f8:79:08:f1:91:
                    54:f7:ba:c5:4a:5d:e7:56:ea:95:0a:24:89:d2:12:
                    b1:51:ff:dd:9f:ae:71:d8:bc:ba:ed:aa:fb:39:c6:
                    25:e6:f8:bf:0f:80:b2:e7:c8:62:68:f3:37:0e:83:
                    cd:3a:fb:21:56:20:c2:70:27:cb:53:5f:7b:33:ae:
                    d7:1a:a4:77:1d:c1:62:eb:c2:9a:d8:20:7e:ac:c8:
                    89:f1:9d:79:46:13:7a:cd:a2:6d:87:80:41:bd:0f:
                    f6:be:0b:ec:72:cb:eb:de:1c:1d:f7:02:49:e8:56:
                    ba:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:EC:BA:EF:88:46:A8:C9:14:A8:85:6A:A0:96:FD:21:49:8B:65:17
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33302e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:96:73:a6:76:44:14:b8:25:ba:cc:b3:60:21:a1:0b:4c:17:
         93:ec:fc:57:6a:9e:cf:6c:59:c2:bd:54:52:f4:7c:31:e2:07:
         c7:ae:24:ad:52:f1:4d:43:b8:b8:b2:49:1a:60:80:b2:62:9b:
         53:8a:4d:64:be:83:55:d5:b5:68:82:cd:84:80:7f:19:34:b0:
         e0:10:51:71:fe:17:d0:9f:4b:3a:16:c6:23:81:c2:ea:93:2c:
         d1:07:7d:62:15:6e:b3:c6:55:ee:cf:c3:2a:ec:a6:cd:5b:07:
         9a:e7:4b:0c:ed:8a:ef:53:08:f6:c3:04:ec:19:9e:22:ce:5d:
         8b:e4:7d:1f:7b:ea:77:c0:5a:f9:91:29:f4:57:6c:a6:2c:08:
         41:da:f0:6b:ec:fd:c0:dd:e6:56:dd:54:39:99:de:48:77:0d:
         ce:2e:91:87:a4:58:fe:93:95:cd:37:6c:26:55:ae:69:0e:54:
         b7:0c:99:46:3f:d9:c6:eb:d1:73:6f:c2:9b:45:a6:bb:d7:d4:
         34:af:0b:31:cd:cc:f5:9e:b3:53:66:bb:27:63:e2:a1:7e:7a:
         cc:85:1c:10:b8:f2:79:ec:9b:60:c0:f2:82:b6:53:43:10:b2:
         09:b0:ac:a1:6b:52:2c:48:7c:5f:6a:3a:01:f1:dd:0a:5c:49:
         c3:07:bd:ec
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDmfhCRCQ7mkxTQc9HR/HHi5h8bEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNjA1MDUxNTQyMTFaFw0yNzA1MDQxNTQ3MTFaMDMxMTAvBgNV
BAMTKEY1RUNCQUVGODg0NkE4QzkxNEE4ODU2QUEwOTZGRDIxNDk4QjY1MTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVGa51HM5BJ0FeygjlQmlY70tu
cbSuq53hOE1WErc2mAWKO9/dDXVMrVYAWsQb0napDTemz3Zdy3fkBkzKWHKTKOCd
ZVt5lDclHomM0urDwQXX/BaL+4xq8BXpchFFc4TPoF1n1532yInW36bpEYtgRttm
ljcAvODwbCf3bOSPFGyooEfYRoaA7ZEijCtA1xz4eQjxkVT3usVKXedW6pUKJInS
ErFR/92frnHYvLrtqvs5xiXm+L8PgLLnyGJo8zcOg806+yFWIMJwJ8tTX3szrtca
pHcdwWLrwprYIH6syInxnXlGE3rNom2HgEG9D/a+C+xyy+veHB33AknoVrptAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9ey674hGqMkUqIVqoJb9IUmLZRcwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMzMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC63
HjANBgkqhkiG9w0BAQsFAAOCAQEAJ5ZzpnZEFLglusyzYCGhC0wXk+z8V2qez2xZ
wr1UUvR8MeIHx64krVLxTUO4uLJJGmCAsmKbU4pNZL6DVdW1aILNhIB/GTSw4BBR
cf4X0J9LOhbGI4HC6pMs0Qd9YhVus8ZV7s/DKuymzVsHmudLDO2K71MI9sME7Bme
Is5di+R9H3vqd8Ba+ZEp9FdspiwIQdrwa+z9wN3mVt1UOZneSHcNzi6Rh6RY/pOV
zTdsJlWuaQ5UtwyZRj/ZxuvRc2/Cm0Wmu9fUNK8LMc3M9Z6zU2a7J2PioX56zIUc
ELjyeeybYMDygrZTQxCyCbCsoWtSLEh8X2o6AfHdClxJwwe97A==
-----END CERTIFICATE-----