Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137312e302f32342d3234203d3e20383334.roa
File:                     36322e38342e3137312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          IDWZi9Rro1+sEq09X4nWsdUl7qgBDZck4BtmbFFWaMc=
Subject key identifier:   87:D9:EA:AE:8D:86:91:A4:B6:98:C2:CC:C5:11:8C:E5:96:62:EF:EE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       49CBF3AB531B34E4241D3E9652140FDC15EF9A66
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137312e302f32342d3234203d3e20383334.roa
Signing time:             Tue 15 Jul 2025 11:47:21 +0000
ROA not before:           Tue 15 Jul 2025 11:42:21 +0000
ROA not after:            Tue 14 Jul 2026 11:47:21 +0000
asID:                     834
IP address blocks:        62.84.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:cb:f3:ab:53:1b:34:e4:24:1d:3e:96:52:14:0f:dc:15:ef:9a:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 15 11:42:21 2025 GMT
            Not After : Jul 14 11:47:21 2026 GMT
        Subject: CN=87D9EAAE8D8691A4B698C2CCC5118CE59662EFEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4f:80:be:bb:ac:43:7e:6a:6f:9a:57:4d:7d:
                    af:da:dc:96:78:38:31:23:54:e0:73:a9:c8:74:99:
                    47:7b:eb:e4:38:88:e2:db:d3:0c:64:27:1e:e3:bb:
                    fb:31:f0:ee:19:85:0d:5f:ad:77:4b:00:ba:b9:ab:
                    0f:ce:f3:d0:1b:58:fe:ab:46:96:47:37:75:ce:41:
                    44:6d:45:a3:75:2b:4b:7a:d9:6f:df:e9:61:30:79:
                    f1:8a:71:1a:78:a1:01:e9:53:18:9f:6c:29:81:f5:
                    6a:a7:70:ee:d9:99:e5:9f:7a:9d:15:73:26:22:4a:
                    dc:e1:9c:61:2c:10:89:75:31:56:d5:3f:15:09:ee:
                    d6:b7:c0:57:83:c5:3f:3e:e8:d2:c3:f1:c8:16:ff:
                    1c:62:d2:f2:97:69:b3:86:35:70:ba:5a:c6:32:69:
                    f0:88:5c:a0:ff:10:70:ab:ca:a5:5d:0c:14:a3:ae:
                    62:0a:bb:34:dc:94:ad:55:bf:c5:c8:57:03:8f:39:
                    4b:4a:9c:20:29:3e:b1:80:c4:bc:fd:16:f0:bd:26:
                    a8:b8:42:78:31:bb:a0:63:6e:79:1c:39:c9:1c:8e:
                    b2:8e:eb:74:05:c1:e3:d0:59:6d:0d:50:ef:e6:d2:
                    a1:68:9d:da:39:a6:80:6c:22:fe:5d:72:c2:3a:ac:
                    db:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D9:EA:AE:8D:86:91:A4:B6:98:C2:CC:C5:11:8C:E5:96:62:EF:EE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e38342e3137312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.84.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:4b:4f:d4:ea:4e:6e:99:6d:b0:46:73:a4:01:6f:35:bd:84:
         9a:54:1d:94:1b:3b:b4:23:04:a5:57:f3:f7:02:da:a0:f8:6a:
         28:a1:99:02:de:77:9c:61:bd:fe:db:cc:20:af:c9:d8:d8:22:
         6a:02:10:f2:76:e2:0e:57:84:d4:5d:ff:fe:a1:b3:a1:b1:6a:
         cf:20:1c:35:d4:81:f1:78:d2:de:10:76:b9:5b:ab:3f:89:9c:
         2d:6a:f1:fb:2c:16:89:d4:d1:8f:e6:1e:17:c4:41:86:dc:6f:
         b6:bb:37:53:e6:e6:d7:5b:bc:1e:3d:5a:74:6b:84:d2:95:7d:
         fc:30:a3:ed:3c:34:95:3d:9e:79:1d:3e:5f:13:71:5d:8a:8d:
         41:fb:95:a3:13:70:e8:75:d1:7e:77:ab:0d:02:76:a2:54:24:
         29:d9:48:f2:a6:1b:97:1c:40:7e:14:7e:8e:03:60:9d:3d:51:
         2b:11:b5:a1:1f:c3:92:b8:49:f7:a2:d7:65:73:31:fc:96:b5:
         9a:80:53:da:81:43:b9:61:c4:00:64:6b:4b:f2:f2:15:b6:51:
         1f:3f:80:e6:df:9a:16:5e:89:38:9a:1c:66:c1:39:74:e0:e8:
         2c:c5:eb:a8:4b:19:59:b4:56:23:0f:ec:21:67:7a:0d:41:b5:
         60:01:91:59
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUScvzq1MbNOQkHT6WUhQP3BXvmmYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTUxMTQyMjFaFw0yNjA3MTQxMTQ3MjFaMDMxMTAvBgNV
BAMTKDg3RDlFQUFFOEQ4NjkxQTRCNjk4QzJDQ0M1MTE4Q0U1OTY2MkVGRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDT4C+u6xDfmpvmldNfa/a3JZ4
ODEjVOBzqch0mUd76+Q4iOLb0wxkJx7ju/sx8O4ZhQ1frXdLALq5qw/O89AbWP6r
RpZHN3XOQURtRaN1K0t62W/f6WEwefGKcRp4oQHpUxifbCmB9WqncO7ZmeWfep0V
cyYiStzhnGEsEIl1MVbVPxUJ7ta3wFeDxT8+6NLD8cgW/xxi0vKXabOGNXC6WsYy
afCIXKD/EHCryqVdDBSjrmIKuzTclK1Vv8XIVwOPOUtKnCApPrGAxLz9FvC9Jqi4
Qngxu6BjbnkcOckcjrKO63QFwePQWW0NUO/m0qFondo5poBsIv5dcsI6rNsfAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUh9nqro2GkaS2mMLMxRGM5ZZi7+4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzgzNDJlMzEzNzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlSrMA0G
CSqGSIb3DQEBCwUAA4IBAQCWS0/U6k5umW2wRnOkAW81vYSaVB2UGzu0IwSlV/P3
Atqg+GoooZkC3necYb3+28wgr8nY2CJqAhDyduIOV4TUXf/+obOhsWrPIBw11IHx
eNLeEHa5W6s/iZwtavH7LBaJ1NGP5h4XxEGG3G+2uzdT5ubXW7wePVp0a4TSlX38
MKPtPDSVPZ55HT5fE3Fdio1B+5WjE3DoddF+d6sNAnaiVCQp2UjyphuXHEB+FH6O
A2CdPVErEbWhH8OSuEn3otdlczH8lrWagFPagUO5YcQAZGtL8vIVtlEfP4Dm35oW
Xok4mhxmwTl04OgsxeuoSxlZtFYjD+whZ3oNQbVgAZFZ
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:56:33 2025 by rpki-client