Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e31362e302f32332d3234203d3e203433383437.roa
File:                     34362e3138322e31362e302f32332d3234203d3e203433383437.roa (raw, json)
Hash identifier:          vT5tduJXQWPYe55NqnUZ1/bCxXQ97h9LLqUTKt2qn1I=
Subject key identifier:   14:87:48:57:01:16:B3:3F:15:D9:3C:59:03:48:67:1D:88:C8:96:EA
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       074333BFC1143E07BE401460F27C0516DEAB7F5C
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e31362e302f32332d3234203d3e203433383437.roa
Signing time:             Tue 05 Aug 2025 06:37:37 +0000
ROA not before:           Tue 05 Aug 2025 06:32:37 +0000
ROA not after:            Tue 04 Aug 2026 06:37:37 +0000
asID:                     43847
IP address blocks:        46.182.16.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:15:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:43:33:bf:c1:14:3e:07:be:40:14:60:f2:7c:05:16:de:ab:7f:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Aug  5 06:32:37 2025 GMT
            Not After : Aug  4 06:37:37 2026 GMT
        Subject: CN=148748570116B33F15D93C590348671D88C896EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b5:06:78:bd:f2:87:16:7e:74:e6:c8:c5:4f:
                    b5:55:35:b8:c8:45:d3:e0:c0:4b:69:ad:1b:79:00:
                    ea:b8:41:1b:bf:8b:5c:6f:ea:2c:47:7d:65:f3:86:
                    6e:86:a6:01:b4:de:9e:b1:01:e8:18:68:c0:ed:7e:
                    94:bd:34:bd:33:d3:2e:01:7a:ee:1c:5b:08:de:c5:
                    fb:30:24:83:cd:ae:7c:84:96:45:fe:7a:5d:83:03:
                    c8:53:29:6e:32:eb:3a:de:b4:7d:8c:34:19:29:42:
                    a2:a3:2e:40:04:1d:e2:29:30:b7:e3:68:16:05:cf:
                    26:5e:8c:27:69:cd:27:4f:fb:69:a9:21:7f:ec:f7:
                    b3:a7:91:43:b6:7e:40:46:6b:43:78:bf:90:1c:97:
                    68:b5:c1:ee:9b:1e:ce:0c:00:98:52:6a:5c:f8:af:
                    09:c8:89:9f:be:72:a1:8f:73:ab:11:0b:02:5b:98:
                    22:a2:9e:f2:02:f2:a1:80:6e:42:75:d8:a4:50:0f:
                    ef:92:51:10:dd:b1:c0:b9:5d:02:d6:ba:40:05:08:
                    9f:7d:f1:47:03:5e:c2:80:5c:64:06:be:7e:9f:d0:
                    96:29:22:60:17:82:d7:61:b4:b6:f1:61:47:8e:6b:
                    8c:3b:c9:92:67:bf:0e:c2:df:4d:9c:fb:70:2f:b4:
                    d7:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:87:48:57:01:16:B3:3F:15:D9:3C:59:03:48:67:1D:88:C8:96:EA
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e31362e302f32332d3234203d3e203433383437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:ab:cf:dc:f1:0e:9a:cc:ec:7c:9e:d7:15:d3:39:3e:e4:5a:
         22:0d:de:b0:ac:de:af:47:b8:c5:b3:0f:0a:91:b4:3f:e5:26:
         bd:9a:6f:11:91:9a:1e:95:81:74:f0:8b:5a:5b:63:30:af:58:
         d7:16:48:97:1e:ac:de:fe:ea:70:44:95:9e:b3:61:a7:f4:12:
         e0:17:6d:cc:de:5a:d6:97:38:71:4d:03:6b:4c:02:a0:79:c0:
         1f:56:3f:7f:8a:ea:0d:eb:50:36:17:60:3e:37:88:d3:83:23:
         30:c9:cb:65:82:ba:1f:a0:5e:d3:18:f7:6f:70:78:50:bd:f6:
         27:6f:cb:06:ba:db:d3:85:19:88:d8:b6:58:10:40:f7:47:4a:
         1f:62:37:a6:ac:16:65:f5:1b:6c:d3:c0:ff:d9:8a:a9:09:4e:
         80:7b:b9:2a:3e:2d:75:dd:a8:c0:3f:60:66:c2:e1:09:a1:e8:
         47:4c:c6:b6:fb:85:44:f5:06:f2:a7:7a:18:f3:75:47:b3:37:
         3c:05:c4:b6:b2:4b:db:44:a4:38:d7:17:7b:67:b2:0a:8a:d2:
         d6:9f:dd:4d:f6:90:d2:b8:e7:35:15:02:04:6a:f0:85:c7:0b:
         f9:8a:23:a0:38:2f:50:2b:0e:d7:7c:e3:f0:bf:7a:ed:46:9b:
         3c:73:79:3b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUB0Mzv8EUPge+QBRg8nwFFt6rf1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTA4MDUwNjMyMzdaFw0yNjA4MDQwNjM3MzdaMDMxMTAvBgNV
BAMTKDE0ODc0ODU3MDExNkIzM0YxNUQ5M0M1OTAzNDg2NzFEODhDODk2RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9tQZ4vfKHFn505sjFT7VVNbjI
RdPgwEtprRt5AOq4QRu/i1xv6ixHfWXzhm6GpgG03p6xAegYaMDtfpS9NL0z0y4B
eu4cWwjexfswJIPNrnyElkX+el2DA8hTKW4y6zretH2MNBkpQqKjLkAEHeIpMLfj
aBYFzyZejCdpzSdP+2mpIX/s97OnkUO2fkBGa0N4v5Acl2i1we6bHs4MAJhSalz4
rwnIiZ++cqGPc6sRCwJbmCKinvIC8qGAbkJ12KRQD++SURDdscC5XQLWukAFCJ99
8UcDXsKAXGQGvn6f0JYpImAXgtdhtLbxYUeOa4w7yZJnvw7C302c+3AvtNfRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFIdIVwEWsz8V2TxZA0hnHYjIluowHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzQzNjJlMzEzODMyMmUzMTM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzMzM4MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS62
EDANBgkqhkiG9w0BAQsFAAOCAQEAk6vP3PEOmszsfJ7XFdM5PuRaIg3esKzer0e4
xbMPCpG0P+UmvZpvEZGaHpWBdPCLWltjMK9Y1xZIlx6s3v7qcESVnrNhp/QS4Bdt
zN5a1pc4cU0Da0wCoHnAH1Y/f4rqDetQNhdgPjeI04MjMMnLZYK6H6Be0xj3b3B4
UL32J2/LBrrb04UZiNi2WBBA90dKH2I3pqwWZfUbbNPA/9mKqQlOgHu5Kj4tdd2o
wD9gZsLhCaHoR0zGtvuFRPUG8qd6GPN1R7M3PAXEtrJL20SkONcXe2eyCorS1p/d
TfaQ0rjnNRUCBGrwhccL+YojoDgvUCsO13zj8L967UabPHN5Ow==
-----END CERTIFICATE-----