Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e20313734.roa
File:                     34362e3138332e33312e302f32342d3234203d3e20313734.roa (raw, json)
Hash identifier:          3Z7e+5TwzBef1b9VYHjpmL+5jzamN8gXYO/wLKWP7lA=
Subject key identifier:   73:52:3A:B5:D4:57:3E:B4:4A:1D:34:AB:7B:70:70:98:3F:06:8A:18
Certificate issuer:       /CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
Certificate serial:       7FA086C49E2E2445648B318B3AA5B7A1A08F1043
Authority key identifier: 24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e20313734.roa
Signing time:             Thu 11 Sep 2025 14:44:24 +0000
ROA not before:           Thu 11 Sep 2025 14:39:24 +0000
ROA not after:            Thu 10 Sep 2026 14:44:24 +0000
asID:                     174
IP address blocks:        46.183.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 02:40:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:a0:86:c4:9e:2e:24:45:64:8b:31:8b:3a:a5:b7:a1:a0:8f:10:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Validity
            Not Before: Sep 11 14:39:24 2025 GMT
            Not After : Sep 10 14:44:24 2026 GMT
        Subject: CN=73523AB5D4573EB44A1D34AB7B7070983F068A18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a7:64:66:06:10:cf:bc:3e:37:d9:2b:a7:8b:
                    ab:4b:09:73:e7:2b:c0:aa:64:5f:41:2f:c1:c0:39:
                    63:ec:bb:d1:b2:eb:cf:0d:c5:df:2d:f6:f8:1a:c1:
                    07:70:49:12:86:45:04:a3:39:65:45:4b:f3:85:86:
                    3d:07:e8:58:55:92:61:f1:a4:f6:39:5b:1f:a3:48:
                    e7:ca:93:d0:04:4c:f3:88:16:7c:cf:1e:26:8d:71:
                    d3:7e:81:6f:c0:08:82:62:ee:bc:0d:6c:1d:29:a6:
                    a8:b1:fe:aa:7d:ea:a0:27:c7:95:8c:3a:da:d4:b4:
                    69:5c:09:f8:d0:02:e6:63:ee:2e:b9:d4:3d:51:b2:
                    40:d5:48:ab:52:91:2b:9d:08:ad:f5:a0:f0:17:60:
                    81:b0:3c:e5:56:29:26:b5:9d:0f:7d:bf:b5:0a:a4:
                    a3:a9:0c:52:de:24:e0:ef:1e:ac:a3:78:d8:8c:b8:
                    fa:55:af:7a:e6:4a:c3:72:72:e5:4f:2e:b9:d5:97:
                    d4:45:eb:b8:da:22:76:e6:20:a0:5a:30:e3:95:8d:
                    e7:74:d5:03:8f:30:70:51:cd:b2:3e:07:0e:c6:a0:
                    38:30:e5:a2:88:8d:a2:7f:95:09:12:ef:95:e2:16:
                    87:7f:b2:1f:a2:bd:7b:51:75:cb:b6:b1:a8:4b:50:
                    27:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:52:3A:B5:D4:57:3E:B4:4A:1D:34:AB:7B:70:70:98:3F:06:8A:18
            X509v3 Authority Key Identifier:
                keyid:24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/34362e3138332e33312e302f32342d3234203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:21:b1:1f:51:9c:5c:37:d2:94:fb:d7:f3:f9:27:2d:fd:9b:
         4e:44:28:8c:1f:37:8c:38:1f:7c:69:a1:7b:43:d5:f9:c1:51:
         92:25:36:e9:32:0e:45:2f:74:0f:c3:7b:b7:78:3d:69:ec:65:
         96:38:56:c3:fa:fa:bf:48:f6:a3:e6:75:77:35:cc:f4:db:90:
         fb:94:8a:26:5e:d9:46:44:bd:8c:fe:7d:c1:e9:06:7d:0f:ca:
         c4:c1:59:7a:2a:89:e8:9d:12:ec:23:f5:30:1f:6b:e8:22:05:
         a8:cd:7e:6d:92:45:40:22:20:87:7f:2b:3f:66:3c:28:55:72:
         24:83:e1:24:eb:aa:f5:0a:98:d6:7f:c3:02:ca:36:b9:d0:76:
         2b:14:dd:49:ca:b5:e1:2e:ff:cf:f1:fd:0e:8b:1c:0e:c4:5b:
         02:dc:c4:62:30:de:9e:0d:fd:e1:5e:e4:46:01:20:04:1b:da:
         97:d7:82:41:3f:3c:3f:e1:fb:b1:67:9e:49:b9:19:17:e4:2f:
         b4:da:23:6f:dc:e1:26:57:be:50:bf:68:f2:c6:61:34:fa:03:
         ad:c7:5e:db:b6:67:6d:7b:8c:00:44:6b:fa:fb:34:02:c0:9d:
         a4:42:68:74:65:70:3e:49:69:a8:39:0b:25:51:0a:de:d8:ea:
         52:be:bd:52
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUf6CGxJ4uJEVkizGLOqW3oaCPEEMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjRlNTM3ODhiZDRlZmEyM2IxYTgyMDdiN2U3NGE4ZTFj
YzY3N2IwMDAeFw0yNTA5MTExNDM5MjRaFw0yNjA5MTAxNDQ0MjRaMDMxMTAvBgNV
BAMTKDczNTIzQUI1RDQ1NzNFQjQ0QTFEMzRBQjdCNzA3MDk4M0YwNjhBMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAp2RmBhDPvD432Suni6tLCXPn
K8CqZF9BL8HAOWPsu9Gy688Nxd8t9vgawQdwSRKGRQSjOWVFS/OFhj0H6FhVkmHx
pPY5Wx+jSOfKk9AETPOIFnzPHiaNcdN+gW/ACIJi7rwNbB0ppqix/qp96qAnx5WM
OtrUtGlcCfjQAuZj7i651D1RskDVSKtSkSudCK31oPAXYIGwPOVWKSa1nQ99v7UK
pKOpDFLeJODvHqyjeNiMuPpVr3rmSsNycuVPLrnVl9RF67jaInbmIKBaMOOVjed0
1QOPMHBRzbI+Bw7GoDgw5aKIjaJ/lQkS75XiFod/sh+ivXtRdcu2sahLUCehAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUc1I6tdRXPrRKHTSre3BwmD8GihgwHwYDVR0j
BBgwFoAUJOU3iL1O+iOxqCB7fnSo4cxnewAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0
Mzk1LzAvMjRFNTM3ODhCRDRFRkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0pPVTNpTDFPLWlPeHFDQjdmblNvNGN4
bmV3QS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZhY2I5YTAt
NmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMzQzNjJlMzEzODMzMmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALrcfMA0G
CSqGSIb3DQEBCwUAA4IBAQBGIbEfUZxcN9KU+9fz+Sct/ZtORCiMHzeMOB98aaF7
Q9X5wVGSJTbpMg5FL3QPw3u3eD1p7GWWOFbD+vq/SPaj5nV3Ncz025D7lIomXtlG
RL2M/n3B6QZ9D8rEwVl6KononRLsI/UwH2voIgWozX5tkkVAIiCHfys/ZjwoVXIk
g+Ek66r1CpjWf8MCyja50HYrFN1JyrXhLv/P8f0OixwOxFsC3MRiMN6eDf3hXuRG
ASAEG9qX14JBPzw/4fuxZ55JuRkX5C+02iNv3OEmV75Qv2jyxmE0+gOtx17btmdt
e4wARGv6+zQCwJ2kQmh0ZXA+SWmoOQslUQre2OpSvr1S
-----END CERTIFICATE-----