Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32342e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e32342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          mKKn9MYr6ZAiIUEL7i0zDsQ1swd/quJuDJTcCOn3YX4=
Subject key identifier:   12:A1:4B:AC:E2:5F:AB:D5:F5:6C:45:92:D4:06:01:64:76:E5:47:66
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       58D961A5567F1BD0E5FB125AD6AF85C56122E599
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32342e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 18 Aug 2023 06:43:02 +0000
ROA not before:           Fri 18 Aug 2023 06:38:02 +0000
ROA not after:            Fri 16 Aug 2024 06:43:02 +0000
asID:                     47583
IP address blocks:        62.72.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:d9:61:a5:56:7f:1b:d0:e5:fb:12:5a:d6:af:85:c5:61:22:e5:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 18 06:38:02 2023 GMT
            Not After : Aug 16 06:43:02 2024 GMT
        Subject: CN=12A14BACE25FABD5F56C4592D406016476E54766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ad:5c:82:be:43:81:2a:97:0f:ec:b7:2d:de:
                    a3:76:9a:07:83:40:fa:69:04:5e:95:09:de:84:70:
                    9d:08:b7:58:0e:cb:59:7c:4b:03:a3:f3:3e:66:35:
                    39:01:66:64:1e:82:fb:3b:2c:ae:96:2a:dd:a8:00:
                    20:73:29:a4:99:ae:9b:96:12:91:92:5b:fe:90:76:
                    00:85:ca:9f:0d:18:75:e0:df:1b:74:ef:66:4e:1c:
                    63:4b:65:46:68:78:44:0a:e8:e3:42:f7:fa:ba:81:
                    aa:20:87:9a:60:d8:e0:dc:7b:3d:e3:ce:d8:67:a6:
                    a8:5c:07:37:43:4a:07:b3:d8:42:c8:5f:26:5e:a3:
                    37:74:9d:4b:e3:3e:1b:46:5e:a2:98:6f:0f:ff:8f:
                    4e:ac:12:3d:bb:34:63:cb:23:61:c8:47:ea:2e:e8:
                    f8:73:78:49:ad:f7:5d:b9:5f:8a:bd:e8:f4:7a:a5:
                    2e:20:57:03:04:1b:82:11:d3:5c:6e:45:b8:95:8e:
                    0b:6b:07:b6:ad:28:61:55:78:b2:14:c5:cf:ee:49:
                    e5:f7:57:87:50:98:43:8e:1b:7e:08:e0:6a:e3:7d:
                    95:67:4e:ca:b9:f6:72:ab:c4:29:fd:8d:e3:5e:48:
                    a9:18:87:53:9b:6d:3f:b2:cc:e7:8b:af:55:fb:be:
                    39:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:A1:4B:AC:E2:5F:AB:D5:F5:6C:45:92:D4:06:01:64:76:E5:47:66
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:7d:d9:67:d5:9e:e1:52:df:d3:30:69:43:00:93:ce:fa:35:
         1c:2c:25:88:7c:1a:26:f0:1a:0f:d9:de:78:60:95:db:02:f7:
         06:d7:76:95:50:71:91:12:d5:d8:b6:e4:a8:84:7f:2a:f2:b6:
         1d:86:e9:0d:d4:d9:a8:52:93:07:99:18:65:dc:fb:d2:e6:53:
         c6:61:3e:73:c5:82:a7:76:80:22:2d:d1:2f:33:8f:86:58:93:
         ec:c6:d6:08:40:59:b8:8d:db:4f:5e:3e:8d:2d:2c:a0:ab:ec:
         3c:23:40:1e:7b:54:bd:23:de:b6:14:c8:ec:22:a1:6e:17:39:
         12:d9:f7:e8:1b:6e:77:a1:96:c8:58:32:9c:c8:dc:8d:ca:67:
         3a:2c:e6:cc:5e:f9:79:3c:b7:c9:db:cb:ab:c2:bf:52:b6:2c:
         cc:fa:52:23:5a:73:85:8f:9c:e5:76:da:c9:c5:89:0d:17:d5:
         44:68:df:55:9c:00:d1:47:42:5d:90:a8:04:d5:58:f5:1f:75:
         da:f9:67:dc:46:e6:68:58:55:38:b7:5b:ac:6a:f8:e0:75:7f:
         a8:aa:93:4b:ef:f8:3f:df:85:a0:79:a3:2c:46:7d:96:2b:18:
         74:87:de:4e:19:f4:c1:78:98:f6:96:40:14:26:0e:f6:5e:b4:
         fd:33:3d:eb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUWNlhpVZ/G9Dl+xJa1q+FxWEi5ZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MTgwNjM4MDJaFw0yNDA4MTYwNjQzMDJaMDMxMTAvBgNV
BAMTKDEyQTE0QkFDRTI1RkFCRDVGNTZDNDU5MkQ0MDYwMTY0NzZFNTQ3NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDrVyCvkOBKpcP7Lct3qN2mgeD
QPppBF6VCd6EcJ0It1gOy1l8SwOj8z5mNTkBZmQegvs7LK6WKt2oACBzKaSZrpuW
EpGSW/6QdgCFyp8NGHXg3xt072ZOHGNLZUZoeEQK6ONC9/q6gaogh5pg2ODcez3j
zthnpqhcBzdDSgez2ELIXyZeozd0nUvjPhtGXqKYbw//j06sEj27NGPLI2HIR+ou
6PhzeEmt9125X4q96PR6pS4gVwMEG4IR01xuRbiVjgtrB7atKGFVeLIUxc/uSeX3
V4dQmEOOG34I4GrjfZVnTsq59nKrxCn9jeNeSKkYh1ObbT+yzOeLr1X7vjnRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEqFLrOJfq9X1bEWS1AYBZHblR2YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzIzNDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SBgw
DQYJKoZIhvcNAQELBQADggEBAEV92WfVnuFS39MwaUMAk876NRwsJYh8GibwGg/Z
3nhgldsC9wbXdpVQcZES1di25KiEfyryth2G6Q3U2ahSkweZGGXc+9LmU8ZhPnPF
gqd2gCIt0S8zj4ZYk+zG1ghAWbiN209ePo0tLKCr7DwjQB57VL0j3rYUyOwioW4X
ORLZ9+gbbnehlshYMpzI3I3KZzos5sxe+Xk8t8nby6vCv1K2LMz6UiNac4WPnOV2
2snFiQ0X1URo31WcANFHQl2QqATVWPUfddr5Z9xG5mhYVTi3W6xq+OB1f6iqk0vv
+D/fhaB5oyxGfZYrGHSH3k4Z9MF4mPaWQBQmDvZetP0zPes=
-----END CERTIFICATE-----