Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137332e302f32342d3234203d3e2038313030.roa
File:                     36322e3139322e3137332e302f32342d3234203d3e2038313030.roa (raw, json)
Hash identifier:          VR4JLJ2ZU8eUzCRER2JzBOvrizo3+I5iCEURL4jUDUs=
Subject key identifier:   F1:E6:34:A9:A2:0D:5D:9B:30:10:2C:2B:2A:84:1D:1D:6F:2D:6F:C7
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       3442C7723E81B95EE2A63056B210B9866259921D
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137332e302f32342d3234203d3e2038313030.roa
Signing time:             Sun 20 Jul 2025 05:54:13 +0000
ROA not before:           Sun 20 Jul 2025 05:49:13 +0000
ROA not after:            Sun 19 Jul 2026 05:54:13 +0000
asID:                     8100
IP address blocks:        62.192.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 09:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:42:c7:72:3e:81:b9:5e:e2:a6:30:56:b2:10:b9:86:62:59:92:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Jul 20 05:49:13 2025 GMT
            Not After : Jul 19 05:54:13 2026 GMT
        Subject: CN=F1E634A9A20D5D9B30102C2B2A841D1D6F2D6FC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:71:48:09:cc:6f:5c:11:ed:42:20:37:61:85:
                    c5:8d:ec:08:78:35:fd:2f:17:50:bf:6d:34:8a:1b:
                    ce:dd:4b:54:71:cc:c0:7a:b3:f1:f7:82:75:a4:7e:
                    62:8c:bf:df:73:f9:27:40:36:82:97:6c:14:98:65:
                    42:9f:7d:6f:36:18:cb:dc:71:95:5f:2b:fe:46:f7:
                    b1:2b:dc:f7:a8:b4:8a:f1:ea:1c:e9:26:b4:fb:d5:
                    e1:b2:18:ae:35:2c:80:c9:76:5a:f9:1e:5b:f3:37:
                    3f:75:59:65:d8:e3:a9:15:e3:53:14:32:8f:67:b7:
                    57:d4:8d:92:ba:2f:1c:0c:3e:97:a0:44:ea:19:17:
                    38:2e:bf:a0:25:71:81:ad:95:8c:31:55:a5:2b:c4:
                    e8:dc:93:73:f0:00:db:9d:97:fc:5c:60:4a:87:8d:
                    99:d2:32:2d:d1:1e:70:24:da:b4:47:a7:e6:c1:76:
                    fb:7b:ec:0b:6c:cc:7b:1c:c0:f2:41:fe:f8:11:57:
                    5f:b0:33:bd:dc:ca:5f:86:37:9b:a2:7c:ac:56:9f:
                    36:3f:cc:e8:d8:16:88:24:14:ab:e1:ed:c7:90:a6:
                    fa:30:d3:28:33:e5:1d:bb:21:3f:7a:19:ce:c9:fe:
                    96:f5:7a:9c:eb:dc:29:40:e9:e8:df:a7:45:c7:4e:
                    80:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E6:34:A9:A2:0D:5D:9B:30:10:2C:2B:2A:84:1D:1D:6F:2D:6F:C7
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137332e302f32342d3234203d3e2038313030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:44:2c:42:b9:49:a6:3c:c4:cb:c8:41:62:23:9d:36:27:60:
         e0:84:91:75:b6:d0:6a:65:c5:c7:f8:60:8f:a8:a6:95:ee:33:
         b5:2c:72:4d:fb:72:5b:93:6f:d2:b7:2f:9c:f4:bc:2f:d8:90:
         ca:b4:c9:b2:b5:31:ae:87:51:58:26:4a:31:0f:33:6e:8d:04:
         ba:90:fd:58:e8:92:ea:3e:63:4e:ce:70:86:87:28:3e:a1:4d:
         1a:00:47:ff:8b:4b:c9:67:48:67:9d:ea:54:2d:90:89:e9:10:
         62:4c:6f:cb:17:b8:63:9e:11:1b:15:95:fe:09:70:99:f6:71:
         cd:7f:8e:8d:b0:4c:15:c5:1a:93:ab:66:39:bc:54:3e:c4:81:
         87:dc:59:54:f7:f2:ab:e7:87:e5:6f:76:34:3e:62:f4:d9:ed:
         71:8b:c2:c6:24:fc:72:0d:61:98:c3:79:a3:1b:4f:7e:98:5a:
         87:2c:4d:fb:c4:ae:6e:41:bb:be:65:97:35:de:03:bf:4d:ff:
         97:89:5c:59:e5:e3:24:68:eb:cf:72:45:74:6a:78:94:e5:a3:
         0d:99:87:df:2d:44:c2:16:c2:2f:2f:fd:72:90:3d:47:57:76:
         88:b7:19:0d:fb:be:92:a4:b7:13:d6:8f:6b:4c:d0:6b:9e:9f:
         90:1e:13:13
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNELHcj6BuV7ipjBWshC5hmJZkh0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNTA3MjAwNTQ5MTNaFw0yNjA3MTkwNTU0MTNaMDMxMTAvBgNV
BAMTKEYxRTYzNEE5QTIwRDVEOUIzMDEwMkMyQjJBODQxRDFENkYyRDZGQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8cUgJzG9cEe1CIDdhhcWN7Ah4
Nf0vF1C/bTSKG87dS1RxzMB6s/H3gnWkfmKMv99z+SdANoKXbBSYZUKffW82GMvc
cZVfK/5G97Er3PeotIrx6hzpJrT71eGyGK41LIDJdlr5HlvzNz91WWXY46kV41MU
Mo9nt1fUjZK6LxwMPpegROoZFzguv6AlcYGtlYwxVaUrxOjck3PwANudl/xcYEqH
jZnSMi3RHnAk2rRHp+bBdvt77AtszHscwPJB/vgRV1+wM73cyl+GN5uifKxWnzY/
zOjYFogkFKvh7ceQpvow0ygz5R27IT96Gc7J/pb1epzr3ClA6ejfp0XHToCfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8eY0qaINXZswECwrKoQdHW8tb8cwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzYzMjJlMzEzOTMyMmUzMTM3
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMxMzAzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD7A
rTANBgkqhkiG9w0BAQsFAAOCAQEArEQsQrlJpjzEy8hBYiOdNidg4ISRdbbQamXF
x/hgj6imle4ztSxyTftyW5Nv0rcvnPS8L9iQyrTJsrUxrodRWCZKMQ8zbo0EupD9
WOiS6j5jTs5whocoPqFNGgBH/4tLyWdIZ53qVC2QiekQYkxvyxe4Y54RGxWV/glw
mfZxzX+OjbBMFcUak6tmObxUPsSBh9xZVPfyq+eH5W92ND5i9NntcYvCxiT8cg1h
mMN5oxtPfphahyxN+8SubkG7vmWXNd4Dv03/l4lcWeXjJGjrz3JFdGp4lOWjDZmH
3y1EwhbCLy/9cpA9R1d2iLcZDfu+kqS3E9aPa0zQa56fkB4TEw==
-----END CERTIFICATE-----