Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137332e302f32342d3234203d3e2038313030.roa
File:                     36322e3139322e3137332e302f32342d3234203d3e2038313030.roa (raw, json)
Hash identifier:          FAPqw4LjtjXMafqD5LfdlurFTSY9GLC8Bh5CPXzSnp0=
Subject key identifier:   A9:37:A8:08:0E:B2:48:86:C3:F1:8E:C8:5A:88:AA:C9:D4:3A:ED:09
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       5670B1CE37DF709EDF0CA02242A7A4B6A7C7B203
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137332e302f32342d3234203d3e2038313030.roa
Signing time:             Sun 17 Sep 2023 04:21:11 +0000
ROA not before:           Sun 17 Sep 2023 04:16:11 +0000
ROA not after:            Sun 15 Sep 2024 04:21:11 +0000
asID:                     8100
IP address blocks:        62.192.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:70:b1:ce:37:df:70:9e:df:0c:a0:22:42:a7:a4:b6:a7:c7:b2:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Sep 17 04:16:11 2023 GMT
            Not After : Sep 15 04:21:11 2024 GMT
        Subject: CN=A937A8080EB24886C3F18EC85A88AAC9D43AED09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d7:a7:45:d1:5c:21:af:6d:b7:f4:8e:da:33:
                    98:08:86:18:d2:c0:ab:da:4c:26:2e:29:a1:f3:2b:
                    54:87:35:54:bb:68:73:37:b5:76:11:0e:2f:19:e3:
                    fe:6d:7a:03:a0:74:0e:3b:34:94:fb:9e:f4:61:6e:
                    b6:d9:3f:28:40:57:98:1e:09:b1:11:ca:18:2b:7a:
                    06:85:68:17:d7:f6:2a:aa:7d:41:4b:1d:06:62:7a:
                    7f:da:2c:15:30:48:d8:2d:2e:45:1f:68:07:bb:33:
                    b9:a9:44:f6:1c:61:d7:48:61:11:5d:4e:92:35:2b:
                    da:b1:54:31:c5:30:cc:3c:75:04:e3:39:1e:fd:86:
                    3d:4a:18:14:b7:48:b2:9d:45:c2:b6:5d:a6:5d:38:
                    c8:e0:0a:14:bf:2f:88:1b:79:79:ad:3f:61:81:e1:
                    95:dd:2a:74:93:b2:64:57:cc:c7:38:92:6d:b9:c8:
                    00:5c:80:04:f2:92:f2:cb:d7:2e:01:0f:a4:0b:02:
                    79:d3:f3:24:95:dd:b5:3a:6e:e7:6f:5d:77:e6:97:
                    3b:21:40:6c:db:c9:98:e9:63:10:0d:9b:0c:bb:5e:
                    3a:d6:f8:14:5a:80:23:26:76:37:e0:8b:e7:c3:4c:
                    05:c8:c0:9a:da:14:2d:17:7e:77:ac:c4:6f:fa:ba:
                    59:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:37:A8:08:0E:B2:48:86:C3:F1:8E:C8:5A:88:AA:C9:D4:3A:ED:09
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137332e302f32342d3234203d3e2038313030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:02:2f:07:ea:8c:73:ba:05:43:1f:0d:56:7e:9a:ff:c6:ee:
         fb:21:ed:a5:2f:c0:f8:4f:79:f5:db:47:7e:37:15:ff:6f:94:
         7f:cc:1b:9e:b6:c4:d5:c7:4d:43:fb:ac:7b:38:68:c1:db:52:
         70:57:62:09:6d:d7:13:28:ce:a9:57:69:a4:11:0f:56:56:10:
         bb:c0:db:5b:aa:31:87:d2:7a:76:08:31:b0:6d:24:ab:41:b5:
         e4:05:cc:e3:9d:74:e6:8c:9d:68:e4:9b:92:e4:70:60:2e:dd:
         7b:2b:05:e7:27:7d:c1:ad:80:b7:e3:6e:7a:2c:9b:ff:ec:cb:
         0e:cf:fe:99:2e:fa:cb:8c:fa:0a:45:ff:ed:43:3c:56:b3:f9:
         63:e1:43:2b:3a:f2:f3:2a:3b:c6:19:1a:4d:3d:35:03:a8:ca:
         5f:22:b5:4a:e0:8b:16:68:8b:25:a6:e6:b3:e3:78:09:c8:c7:
         46:ea:df:1f:93:6d:eb:87:f0:fc:6c:36:79:10:69:44:15:5a:
         cb:e7:80:45:3e:c9:af:31:16:84:f7:d1:a7:7d:53:d3:73:56:
         3c:e2:b0:f1:29:23:31:4b:93:22:4d:65:fe:bd:b2:89:2c:4d:
         7b:9d:3f:7b:0f:66:04:a2:26:bd:13:46:bf:c4:7d:29:3c:29:
         05:4d:b6:8a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVnCxzjffcJ7fDKAiQqektqfHsgMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yMzA5MTcwNDE2MTFaFw0yNDA5MTUwNDIxMTFaMDMxMTAvBgNV
BAMTKEE5MzdBODA4MEVCMjQ4ODZDM0YxOEVDODVBODhBQUM5RDQzQUVEMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC616dF0Vwhr2239I7aM5gIhhjS
wKvaTCYuKaHzK1SHNVS7aHM3tXYRDi8Z4/5tegOgdA47NJT7nvRhbrbZPyhAV5ge
CbERyhgregaFaBfX9iqqfUFLHQZien/aLBUwSNgtLkUfaAe7M7mpRPYcYddIYRFd
TpI1K9qxVDHFMMw8dQTjOR79hj1KGBS3SLKdRcK2XaZdOMjgChS/L4gbeXmtP2GB
4ZXdKnSTsmRXzMc4km25yABcgATykvLL1y4BD6QLAnnT8ySV3bU6budvXXfmlzsh
QGzbyZjpYxANmwy7XjrW+BRagCMmdjfgi+fDTAXIwJraFC0XfnesxG/6ulnhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqTeoCA6ySIbD8Y7IWoiqydQ67QkwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzYzMjJlMzEzOTMyMmUzMTM3
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMxMzAzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD7A
rTANBgkqhkiG9w0BAQsFAAOCAQEAggIvB+qMc7oFQx8NVn6a/8bu+yHtpS/A+E95
9dtHfjcV/2+Uf8wbnrbE1cdNQ/usezhowdtScFdiCW3XEyjOqVdppBEPVlYQu8Db
W6oxh9J6dggxsG0kq0G15AXM45105oydaOSbkuRwYC7deysF5yd9wa2At+Nueiyb
/+zLDs/+mS76y4z6CkX/7UM8VrP5Y+FDKzry8yo7xhkaTT01A6jKXyK1SuCLFmiL
Jabms+N4CcjHRurfH5Nt64fw/Gw2eRBpRBVay+eART7JrzEWhPfRp31T03NWPOKw
8SkjMUuTIk1l/r2yiSxNe50/ew9mBKImvRNGv8R9KTwpBU22ig==
-----END CERTIFICATE-----