Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e31382e302f32332d3234203d3e203433383437.roa
File:                     34362e3138322e31382e302f32332d3234203d3e203433383437.roa (raw, json)
Hash identifier:          Da5w/Bxnka7S5rOrrg5UFoYVO7GdFYJVnpZd9dGl78w=
Subject key identifier:   A4:E3:47:05:FA:79:AF:DC:8F:D3:60:CA:D3:A3:39:D6:59:6F:BF:5F
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       7BA59C97521E5415DF7247EBB3372141755CA0AD
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e31382e302f32332d3234203d3e203433383437.roa
Signing time:             Wed 13 Aug 2025 15:24:27 +0000
ROA not before:           Wed 13 Aug 2025 15:19:27 +0000
ROA not after:            Wed 12 Aug 2026 15:24:27 +0000
asID:                     43847
IP address blocks:        46.182.18.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:15:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:a5:9c:97:52:1e:54:15:df:72:47:eb:b3:37:21:41:75:5c:a0:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Aug 13 15:19:27 2025 GMT
            Not After : Aug 12 15:24:27 2026 GMT
        Subject: CN=A4E34705FA79AFDC8FD360CAD3A339D6596FBF5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a2:25:21:98:e6:c4:a3:14:c1:2c:78:15:18:
                    e8:ac:a8:24:c1:f6:cd:b5:6e:08:74:e5:c6:5c:ee:
                    fe:5e:d1:eb:a8:f9:61:65:aa:28:57:15:b0:fd:d8:
                    7d:90:5f:0e:19:3c:40:40:80:aa:6f:0b:4e:14:21:
                    5e:86:cf:c7:79:ff:09:27:88:76:d9:0d:3b:90:09:
                    c8:3a:59:a8:f0:41:37:75:5b:e2:3a:01:ba:02:2f:
                    5a:54:a7:52:53:4a:00:4a:40:8b:a8:15:96:4e:0f:
                    3d:bc:12:7f:f4:59:5b:db:87:85:5c:eb:08:c5:cc:
                    9a:eb:4a:1a:b9:fb:6d:a0:57:1c:e9:40:03:f0:42:
                    88:70:fb:cc:aa:16:89:07:e5:2d:94:b6:f9:4d:d8:
                    c0:eb:a2:bc:1a:12:b7:33:70:fa:4e:6c:02:c2:91:
                    8b:f5:31:58:e4:7f:94:6d:12:08:72:e1:ee:73:c2:
                    22:05:4e:49:c7:19:ae:e0:c0:20:05:b0:26:83:1d:
                    76:0c:0c:b5:8e:f6:12:64:3b:2a:33:ba:53:2f:aa:
                    a2:b4:96:79:38:38:5f:b7:d4:43:91:54:f9:70:d5:
                    94:05:9e:c8:43:e6:83:a2:69:a3:19:84:72:fc:dd:
                    d8:53:1d:62:ba:b9:d2:07:71:7e:b7:83:20:39:ea:
                    6a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E3:47:05:FA:79:AF:DC:8F:D3:60:CA:D3:A3:39:D6:59:6F:BF:5F
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e31382e302f32332d3234203d3e203433383437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:b3:7c:4d:a7:93:4e:ad:83:03:56:40:a3:8c:c3:e1:28:9e:
         f7:f2:a5:60:50:ce:8b:54:ed:a2:86:5e:52:93:ab:4f:36:79:
         a3:9c:69:58:30:73:b4:bb:1b:04:7e:ad:4d:b1:eb:ba:10:37:
         17:e6:de:4d:ac:88:53:ea:b6:e7:14:31:38:4f:aa:2a:a2:43:
         e9:a5:d2:d1:89:04:c0:e3:69:cc:a5:34:ab:61:6c:9f:a8:e6:
         15:d9:8c:60:38:c3:74:94:38:89:c4:e0:29:5c:75:b0:db:a9:
         61:86:18:d7:8b:d7:78:dd:a7:8b:72:27:b5:0b:66:b6:9b:ba:
         ea:31:25:eb:60:a7:4d:a2:16:e6:87:1e:af:a2:3e:6c:73:32:
         9f:52:82:54:c1:16:f5:6d:0b:ed:da:01:f7:b6:e1:a7:e6:4b:
         17:e2:9a:95:91:42:2c:2d:1c:b3:8f:92:25:f0:f5:e8:05:d9:
         35:f2:73:3d:19:39:bf:e8:7e:ea:9a:c6:ae:9a:48:ca:88:99:
         07:fc:cb:cf:b5:6b:37:dd:01:18:da:42:f0:41:bb:c2:38:ce:
         37:86:a9:dd:ce:e2:39:46:c1:96:5c:2b:fb:be:e5:aa:7c:c3:
         5a:83:0c:8c:45:30:75:b3:6b:06:ce:45:25:1c:83:03:83:69:
         83:31:db:ae
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUe6Wcl1IeVBXfckfrszchQXVcoK0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNTA4MTMxNTE5MjdaFw0yNjA4MTIxNTI0MjdaMDMxMTAvBgNV
BAMTKEE0RTM0NzA1RkE3OUFGREM4RkQzNjBDQUQzQTMzOUQ2NTk2RkJGNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnoiUhmObEoxTBLHgVGOisqCTB
9s21bgh05cZc7v5e0euo+WFlqihXFbD92H2QXw4ZPEBAgKpvC04UIV6Gz8d5/wkn
iHbZDTuQCcg6WajwQTd1W+I6AboCL1pUp1JTSgBKQIuoFZZODz28En/0WVvbh4Vc
6wjFzJrrShq5+22gVxzpQAPwQohw+8yqFokH5S2UtvlN2MDrorwaErczcPpObALC
kYv1MVjkf5RtEghy4e5zwiIFTknHGa7gwCAFsCaDHXYMDLWO9hJkOyozulMvqqK0
lnk4OF+31EORVPlw1ZQFnshD5oOiaaMZhHL83dhTHWK6udIHcX63gyA56mrjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpONHBfp5r9yP02DK06M51llvv18wHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzQzNjJlMzEzODMyMmUzMTM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzMzM4MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS62
EjANBgkqhkiG9w0BAQsFAAOCAQEAIbN8TaeTTq2DA1ZAo4zD4Sie9/KlYFDOi1Tt
ooZeUpOrTzZ5o5xpWDBztLsbBH6tTbHruhA3F+beTayIU+q25xQxOE+qKqJD6aXS
0YkEwONpzKU0q2Fsn6jmFdmMYDjDdJQ4icTgKVx1sNupYYYY14vXeN2ni3IntQtm
tpu66jEl62CnTaIW5ocer6I+bHMyn1KCVMEW9W0L7doB97bhp+ZLF+KalZFCLC0c
s4+SJfD16AXZNfJzPRk5v+h+6prGrppIyoiZB/zLz7VrN90BGNpC8EG7wjjON4ap
3c7iOUbBllwr+77lqnzDWoMMjEUwdbNrBs5FJRyDA4NpgzHbrg==
-----END CERTIFICATE-----