Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e33342e302f32332d3234203d3e203437353833.roa
File:                     36322e37322e33342e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          QRp20bktI33N+VURrx18MqzIexHtDx3V4mO4OGMQ8nU=
Subject key identifier:   39:84:60:61:E3:53:DB:5A:45:9D:F2:FE:4F:AA:19:C7:4A:D3:93:A7
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       1E6778E9206A58E7862D67300A55E97CC5F445C9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e33342e302f32332d3234203d3e203437353833.roa
Signing time:             Thu 24 Aug 2023 11:17:28 +0000
ROA not before:           Thu 24 Aug 2023 11:12:28 +0000
ROA not after:            Thu 22 Aug 2024 11:17:28 +0000
asID:                     47583
IP address blocks:        62.72.34.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:67:78:e9:20:6a:58:e7:86:2d:67:30:0a:55:e9:7c:c5:f4:45:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 24 11:12:28 2023 GMT
            Not After : Aug 22 11:17:28 2024 GMT
        Subject: CN=39846061E353DB5A459DF2FE4FAA19C74AD393A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8b:02:4b:2f:5e:53:f2:5a:9b:7e:3b:c8:6a:
                    22:de:69:b4:c5:2d:75:9b:79:6b:52:c0:d9:1c:59:
                    6f:38:6c:06:76:fc:3c:4f:5a:5c:f7:6d:49:89:db:
                    51:ff:0d:07:d9:63:5d:8a:22:1b:1c:85:ee:8f:1f:
                    78:30:84:a4:43:30:84:65:20:d8:38:9c:9e:23:f0:
                    0c:70:d2:cd:1a:e9:24:90:30:da:4c:e6:8a:8f:6c:
                    f6:78:e7:3f:14:26:e4:4b:74:fe:cf:a8:d9:a7:23:
                    b6:db:b8:a7:9d:86:9b:15:8f:27:e7:2b:db:b5:e9:
                    ff:22:d6:b7:3c:d8:54:a3:db:23:e7:6c:83:fd:1d:
                    59:85:57:a9:fe:28:84:c8:1e:69:f4:19:c8:42:09:
                    f2:72:2f:bb:70:13:e0:5f:cf:4b:45:0e:12:b1:0d:
                    2f:1e:fd:09:13:0f:31:0a:ae:df:36:a8:62:97:3a:
                    50:27:39:52:0d:a7:ce:2a:dc:95:4c:9e:f1:f8:29:
                    d1:34:44:5b:f3:b1:bd:1f:51:d8:e0:88:a1:09:0c:
                    79:d2:e2:38:0c:d5:ca:41:12:68:db:8d:d0:02:6c:
                    82:9a:5d:5d:92:30:f1:32:4b:ae:57:3d:f2:f6:65:
                    c9:2b:da:3d:1a:b6:c6:11:b9:f5:a0:bb:7f:7f:58:
                    d0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:84:60:61:E3:53:DB:5A:45:9D:F2:FE:4F:AA:19:C7:4A:D3:93:A7
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e33342e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:6d:3c:c7:09:dd:93:29:32:96:65:ec:7a:46:ca:a8:d8:1e:
         14:7d:86:17:be:03:64:04:3c:04:b2:1f:78:6f:80:e5:06:e3:
         b7:8f:f9:c9:44:93:f7:e5:f6:21:ca:dc:06:32:9e:8d:27:44:
         21:70:9c:e7:20:9e:d7:9b:25:ee:44:64:c1:8d:1b:36:76:de:
         04:c9:b4:67:eb:94:09:c8:36:1d:a7:5b:0f:04:12:a4:a7:ed:
         e5:b8:de:9f:e0:43:50:01:05:9e:f1:ec:04:8a:d4:80:b4:d9:
         9b:32:ba:59:ce:95:04:85:69:4b:11:80:85:2c:b7:ea:4d:42:
         92:26:2e:a0:2d:6c:5b:e3:87:c8:ce:12:9a:9d:e7:20:36:13:
         a7:31:7c:f1:8d:db:15:03:5f:f3:3a:d7:f2:a9:b5:77:8d:c5:
         a0:64:a4:0b:d8:ed:98:79:ba:99:6d:05:68:04:84:d6:b2:87:
         04:2e:99:14:b3:e8:c5:4d:c5:00:47:17:bb:a1:1e:82:66:85:
         89:13:5f:c0:38:db:a9:cb:97:d5:3d:9c:6b:ec:0c:32:fd:d6:
         7e:b8:9e:e3:e1:0f:6f:da:66:62:7d:fe:e1:e4:60:99:b7:70:
         5a:ea:49:0f:1f:8f:60:e7:c3:55:54:05:83:87:d1:b4:6c:42:
         1c:69:19:8a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHmd46SBqWOeGLWcwClXpfMX0RckwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MjQxMTEyMjhaFw0yNDA4MjIxMTE3MjhaMDMxMTAvBgNV
BAMTKDM5ODQ2MDYxRTM1M0RCNUE0NTlERjJGRTRGQUExOUM3NEFEMzkzQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7iwJLL15T8lqbfjvIaiLeabTF
LXWbeWtSwNkcWW84bAZ2/DxPWlz3bUmJ21H/DQfZY12KIhsche6PH3gwhKRDMIRl
INg4nJ4j8Axw0s0a6SSQMNpM5oqPbPZ45z8UJuRLdP7PqNmnI7bbuKedhpsVjyfn
K9u16f8i1rc82FSj2yPnbIP9HVmFV6n+KITIHmn0GchCCfJyL7twE+Bfz0tFDhKx
DS8e/QkTDzEKrt82qGKXOlAnOVINp84q3JVMnvH4KdE0RFvzsb0fUdjgiKEJDHnS
4jgM1cpBEmjbjdACbIKaXV2SMPEyS65XPfL2Zckr2j0atsYRufWgu39/WNB3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUOYRgYeNT21pFnfL+T6oZx0rTk6cwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzMzNDJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAE+SCIw
DQYJKoZIhvcNAQELBQADggEBAGptPMcJ3ZMpMpZl7HpGyqjYHhR9hhe+A2QEPASy
H3hvgOUG47eP+clEk/fl9iHK3AYyno0nRCFwnOcgntebJe5EZMGNGzZ23gTJtGfr
lAnINh2nWw8EEqSn7eW43p/gQ1ABBZ7x7ASK1IC02ZsyulnOlQSFaUsRgIUst+pN
QpImLqAtbFvjh8jOEpqd5yA2E6cxfPGN2xUDX/M61/KptXeNxaBkpAvY7Zh5uplt
BWgEhNayhwQumRSz6MVNxQBHF7uhHoJmhYkTX8A426nLl9U9nGvsDDL91n64nuPh
D2/aZmJ9/uHkYJm3cFrqSQ8fj2Dnw1VUBYOH0bRsQhxpGYo=
-----END CERTIFICATE-----