Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e332e32352e302f32342d3234203d3e20323031333431.roa
File:                     36322e332e32352e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          6kiAAqD7409NNSlCf5+DWZU7Y3XJSzJTfJsMzASprZY=
Subject key identifier:   A2:B2:B1:2B:C3:B9:13:1D:FB:2B:96:FE:0D:B8:D3:38:BB:40:07:36
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3BE58F592F5E35B29FFBBE252EF2213224609C2A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e332e32352e302f32342d3234203d3e20323031333431.roa
Signing time:             Fri 20 Oct 2023 13:41:55 +0000
ROA not before:           Fri 20 Oct 2023 13:36:55 +0000
ROA not after:            Fri 18 Oct 2024 13:41:55 +0000
asID:                     201341
IP address blocks:        62.3.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:e5:8f:59:2f:5e:35:b2:9f:fb:be:25:2e:f2:21:32:24:60:9c:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct 20 13:36:55 2023 GMT
            Not After : Oct 18 13:41:55 2024 GMT
        Subject: CN=A2B2B12BC3B9131DFB2B96FE0DB8D338BB400736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:96:61:e0:f2:ed:34:26:4e:e7:6f:ae:63:2e:
                    01:b0:3c:eb:33:b8:e8:8c:a2:a2:f4:69:09:8c:97:
                    aa:12:e1:00:46:d4:ce:f0:11:be:bc:c9:88:dc:23:
                    a7:90:d1:3b:00:e1:ca:9b:cb:8f:ab:0d:08:5e:72:
                    8f:6a:6d:c8:5f:8b:f1:67:4b:1f:1c:d1:13:13:5e:
                    e9:27:d9:2b:e3:7d:4d:10:4d:dd:17:11:31:20:39:
                    59:9a:34:54:8d:0a:e2:c7:35:02:71:5e:63:a1:ab:
                    2f:bb:6b:26:30:96:ef:07:40:2a:38:9a:33:6c:71:
                    fd:68:78:42:f0:7a:19:57:c8:f4:fb:21:4a:65:b8:
                    4d:4e:1a:b7:29:44:17:93:1a:e8:26:cb:f7:55:d9:
                    80:31:2c:0c:51:24:6f:94:34:ac:85:31:92:45:15:
                    d4:a2:6d:47:8b:50:c2:17:1d:0b:80:eb:94:24:0d:
                    bc:a9:07:ff:47:de:a9:a1:ba:e1:ab:d2:52:fd:2e:
                    78:f1:d4:ec:e8:8b:bf:93:9f:a6:1c:47:1d:78:15:
                    47:e3:69:61:68:a7:d3:31:2d:f7:3e:2d:17:cd:d2:
                    82:28:0a:3c:ed:2f:b2:4c:c7:85:25:b8:78:29:57:
                    62:0f:11:2c:2d:a4:5c:3a:7f:ab:a1:c7:f9:15:49:
                    81:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:B2:B1:2B:C3:B9:13:1D:FB:2B:96:FE:0D:B8:D3:38:BB:40:07:36
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e332e32352e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:cf:f9:77:dd:09:56:75:2f:7c:3d:d3:c7:23:35:45:42:ce:
         2f:fe:a6:46:82:f2:09:9c:b9:06:e7:ea:51:b7:38:25:0b:83:
         bf:42:ee:3b:2a:f3:16:be:36:9a:52:67:07:9b:df:8a:b7:1f:
         66:97:a4:d0:cd:ef:e9:8b:7b:dd:e4:2b:2c:bb:63:60:e5:81:
         6d:4f:97:f5:64:3d:10:d9:c3:62:64:43:92:16:9d:c1:4b:d1:
         7f:5d:14:3c:da:9c:4c:cf:fc:9b:2e:9d:95:ce:94:da:4c:54:
         73:dd:f0:65:d5:f5:54:93:c6:bd:36:85:f3:a6:2a:50:5b:38:
         27:a1:31:40:1b:59:02:1c:3c:89:5f:dc:a0:f1:fe:02:25:a6:
         48:41:09:a3:bd:b2:0f:79:79:25:bd:4c:76:42:f1:d2:0a:d1:
         03:7e:92:1a:21:f3:06:34:da:c2:b8:e3:28:82:91:2f:b1:18:
         24:3d:35:81:3a:73:a3:e7:7e:36:ee:06:8f:b4:54:27:1a:ad:
         3f:84:68:0e:62:aa:39:69:73:db:0e:47:c0:41:05:cc:bc:b0:
         0b:19:a2:23:5e:dc:5a:74:fd:1a:d5:11:82:bd:ed:e6:56:70:
         30:99:e0:79:9c:55:cf:c9:3a:63:b8:a8:50:4d:1f:16:3a:15:
         ba:20:e9:34
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUO+WPWS9eNbKf+74lLvIhMiRgnCowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzEwMjAxMzM2NTVaFw0yNDEwMTgxMzQxNTVaMDMxMTAvBgNV
BAMTKEEyQjJCMTJCQzNCOTEzMURGQjJCOTZGRTBEQjhEMzM4QkI0MDA3MzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwlmHg8u00Jk7nb65jLgGwPOsz
uOiMoqL0aQmMl6oS4QBG1M7wEb68yYjcI6eQ0TsA4cqby4+rDQheco9qbchfi/Fn
Sx8c0RMTXukn2SvjfU0QTd0XETEgOVmaNFSNCuLHNQJxXmOhqy+7ayYwlu8HQCo4
mjNscf1oeELwehlXyPT7IUpluE1OGrcpRBeTGugmy/dV2YAxLAxRJG+UNKyFMZJF
FdSibUeLUMIXHQuA65QkDbypB/9H3qmhuuGr0lL9Lnjx1Ozoi7+Tn6YcRx14FUfj
aWFop9MxLfc+LRfN0oIoCjztL7JMx4UluHgpV2IPESwtpFw6f6uhx/kVSYEdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUorKxK8O5Ex37K5b+DbjTOLtABzYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzMyZTMyMzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+Axkw
DQYJKoZIhvcNAQELBQADggEBAHLP+XfdCVZ1L3w908cjNUVCzi/+pkaC8gmcuQbn
6lG3OCULg79C7jsq8xa+NppSZweb34q3H2aXpNDN7+mLe93kKyy7Y2DlgW1Pl/Vk
PRDZw2JkQ5IWncFL0X9dFDzanEzP/JsunZXOlNpMVHPd8GXV9VSTxr02hfOmKlBb
OCehMUAbWQIcPIlf3KDx/gIlpkhBCaO9sg95eSW9THZC8dIK0QN+khoh8wY02sK4
4yiCkS+xGCQ9NYE6c6PnfjbuBo+0VCcarT+EaA5iqjlpc9sOR8BBBcy8sAsZoiNe
3Fp0/RrVEYK97eZWcDCZ4HmcVc/JOmO4qFBNHxY6Fbog6TQ=
-----END CERTIFICATE-----