Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33362e302f32342d3234203d3e203631333137.roa
File:                     3134392e36322e33362e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          dk2X+AMr8s0HDyRD5RmAnqkfwLfy5QlyweI6GuzWx2c=
Subject key identifier:   6E:E8:83:09:28:46:EE:E0:F0:50:00:5A:02:14:BC:B8:83:7E:73:42
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       41CF8B290B6FBE8B0C312D7A8324AE77A7479BC5
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33362e302f32342d3234203d3e203631333137.roa
Signing time:             Sat 13 Jan 2024 17:50:28 +0000
ROA not before:           Sat 13 Jan 2024 17:45:28 +0000
ROA not after:            Sat 11 Jan 2025 17:50:28 +0000
asID:                     61317
IP address blocks:        149.62.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:cf:8b:29:0b:6f:be:8b:0c:31:2d:7a:83:24:ae:77:a7:47:9b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Jan 13 17:45:28 2024 GMT
            Not After : Jan 11 17:50:28 2025 GMT
        Subject: CN=6EE883092846EEE0F050005A0214BCB8837E7342
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:04:94:aa:45:5c:c9:5a:b0:59:ae:1a:f2:a6:
                    c8:b6:db:1e:ae:e6:94:b9:aa:3a:50:2a:00:1b:af:
                    fe:e7:22:71:63:6b:67:a7:d5:ad:bd:1f:71:47:03:
                    15:cf:1f:52:a8:83:20:22:1d:32:fa:c8:71:ca:5e:
                    50:97:7e:80:32:d2:4b:33:7e:24:6b:0e:42:1d:f8:
                    d6:25:bf:b7:f5:79:e8:1b:1e:dd:a0:ba:8b:78:a8:
                    11:56:36:18:10:8a:37:23:7c:68:e0:82:be:e8:f2:
                    3c:ff:ec:14:f3:11:f7:60:71:20:76:98:4a:73:62:
                    a9:dc:d1:c4:36:25:cb:8e:9e:8f:2e:f9:90:6a:7e:
                    c7:a9:86:64:b0:e8:3a:bc:16:da:d0:bb:94:a3:41:
                    ca:a2:9e:7b:85:c5:4f:78:85:77:bf:66:49:1f:b7:
                    1b:bf:6c:8d:57:0c:eb:1b:c3:2c:0a:59:06:db:89:
                    d0:9f:01:81:18:60:9a:41:aa:ba:d5:98:18:67:8f:
                    08:89:59:3b:a8:b6:15:de:04:d2:96:38:5e:9c:08:
                    82:ab:e5:e6:eb:28:00:4a:f8:54:f3:9f:13:ab:e9:
                    49:7f:c5:50:0b:20:c4:a7:f1:34:ae:8c:51:1d:b8:
                    4d:f6:17:96:31:48:8e:6a:35:1b:49:5b:08:98:bc:
                    5b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:E8:83:09:28:46:EE:E0:F0:50:00:5A:02:14:BC:B8:83:7E:73:42
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33362e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:cd:bb:f0:b1:97:22:b9:d6:ef:63:98:76:0c:82:dc:8c:22:
         74:de:6c:74:da:26:1f:fa:13:36:5f:a6:f9:e6:cf:67:a5:52:
         32:8c:a5:6e:05:7c:88:be:a7:98:e2:0c:ab:d9:7a:13:f8:b0:
         c9:11:01:5d:00:02:c6:20:47:bf:b0:1a:21:c1:90:d5:a3:4e:
         7f:ea:32:f1:f1:a0:e9:dc:70:dc:45:35:0e:8c:3e:97:00:8b:
         25:f7:dd:45:a0:46:88:c5:7a:f3:fc:fc:4e:bf:aa:2c:bd:d2:
         0b:3c:fa:c9:21:87:ff:4f:be:80:3c:17:37:12:6c:c2:1b:64:
         d6:0c:b2:fd:62:9d:05:e5:93:9f:9d:7e:5f:c7:36:fb:d8:d4:
         84:17:75:c3:3a:f7:f8:9c:06:c6:b4:62:3a:f8:5a:38:42:76:
         a1:51:7c:22:57:9f:09:fa:8c:a7:5e:53:3a:50:8c:a4:5b:08:
         79:32:00:9c:a3:24:5a:a0:50:ac:5e:43:a6:4c:5d:f7:b0:2e:
         27:c8:f2:d3:2b:f9:74:23:34:45:2d:55:f1:46:ac:63:15:c5:
         2e:3f:56:a7:48:d8:1b:73:f5:83:38:f0:e6:32:cb:fc:ce:3e:
         c3:fc:49:0d:f5:c8:39:8a:54:f3:da:a5:69:45:39:d7:83:b1:
         70:a2:f1:4e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQc+LKQtvvosMMS16gySud6dHm8UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAxMTMxNzQ1MjhaFw0yNTAxMTExNzUwMjhaMDMxMTAvBgNV
BAMTKDZFRTg4MzA5Mjg0NkVFRTBGMDUwMDA1QTAyMTRCQ0I4ODM3RTczNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRBJSqRVzJWrBZrhrypsi22x6u
5pS5qjpQKgAbr/7nInFja2en1a29H3FHAxXPH1KogyAiHTL6yHHKXlCXfoAy0ksz
fiRrDkId+NYlv7f1eegbHt2guot4qBFWNhgQijcjfGjggr7o8jz/7BTzEfdgcSB2
mEpzYqnc0cQ2JcuOno8u+ZBqfsephmSw6Dq8FtrQu5SjQcqinnuFxU94hXe/Zkkf
txu/bI1XDOsbwywKWQbbidCfAYEYYJpBqrrVmBhnjwiJWTuothXeBNKWOF6cCIKr
5ebrKABK+FTznxOr6Ul/xVALIMSn8TSujFEduE32F5YxSI5qNRtJWwiYvFvhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbuiDCShG7uDwUABaAhS8uIN+c0IwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzNDM5MmUzNjMyMmUzMzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJU+
JDANBgkqhkiG9w0BAQsFAAOCAQEAZs278LGXIrnW72OYdgyC3IwidN5sdNomH/oT
Nl+m+ebPZ6VSMoylbgV8iL6nmOIMq9l6E/iwyREBXQACxiBHv7AaIcGQ1aNOf+oy
8fGg6dxw3EU1Dow+lwCLJffdRaBGiMV68/z8Tr+qLL3SCzz6ySGH/0++gDwXNxJs
whtk1gyy/WKdBeWTn51+X8c2+9jUhBd1wzr3+JwGxrRiOvhaOEJ2oVF8IlefCfqM
p15TOlCMpFsIeTIAnKMkWqBQrF5Dpkxd97AuJ8jy0yv5dCM0RS1V8UasYxXFLj9W
p0jYG3P1gzjw5jLL/M4+w/xJDfXIOYpU89qlaUU514OxcKLxTg==
-----END CERTIFICATE-----