Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/36322e3132322e3138392e302f32342d3234203d3e2033313730.roa
File:                     36322e3132322e3138392e302f32342d3234203d3e2033313730.roa (raw, json)
Hash identifier:          NArp1h65r6YKnF8RwdgULoc6qhwkPET0ca1F+YQ7hDs=
Subject key identifier:   72:E6:72:56:95:45:C4:A0:53:E4:7C:93:F9:05:FB:B1:26:52:71:34
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       320021A35E84BB9400B5D848A7279DFE21AF9CA3
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/36322e3132322e3138392e302f32342d3234203d3e2033313730.roa
Signing time:             Fri 12 Apr 2024 15:52:29 +0000
ROA not before:           Fri 12 Apr 2024 15:47:29 +0000
ROA not after:            Fri 11 Apr 2025 15:52:29 +0000
asID:                     3170
IP address blocks:        62.122.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:00:21:a3:5e:84:bb:94:00:b5:d8:48:a7:27:9d:fe:21:af:9c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Apr 12 15:47:29 2024 GMT
            Not After : Apr 11 15:52:29 2025 GMT
        Subject: CN=72E672569545C4A053E47C93F905FBB126527134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:39:6a:db:3f:56:07:2c:84:d4:d1:06:77:ed:
                    b4:a5:a6:79:1d:c9:94:4c:bd:59:9b:81:95:04:35:
                    7c:06:81:c1:f6:08:1b:ff:68:22:0c:f7:57:53:b0:
                    be:2a:9b:64:46:8d:0f:39:1d:c8:22:59:1c:cd:73:
                    11:25:53:9f:9a:54:ed:de:58:bf:05:82:c1:32:21:
                    2d:b6:91:29:dd:44:88:e9:33:63:e1:ce:a9:ce:8f:
                    05:0d:4a:b3:b7:31:58:c3:d1:fa:5f:c3:65:22:32:
                    59:de:81:91:16:b2:a6:51:0a:5a:33:45:61:0c:64:
                    f2:30:25:5b:bb:ff:5d:bb:90:02:6f:09:6b:b7:61:
                    ec:7b:a6:ed:7e:15:f2:15:25:75:f7:95:18:0c:43:
                    7f:14:b8:07:d5:88:ec:1a:fb:1c:df:59:55:35:c0:
                    e2:2d:c2:d5:ef:10:63:95:57:8a:60:82:ab:68:b9:
                    1e:d6:4f:53:ed:28:a9:10:b6:8d:77:43:7a:c9:16:
                    dc:7d:00:5d:6c:3e:4b:50:a2:c3:18:1e:fe:e5:c0:
                    c9:ff:d3:fc:d1:d2:c8:36:02:2d:52:5d:84:d2:b4:
                    4d:8f:09:3a:5c:7b:40:f2:64:a0:d7:52:0d:c3:f0:
                    d0:74:87:90:d7:86:d3:c4:b5:c1:6f:d2:69:91:f0:
                    46:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E6:72:56:95:45:C4:A0:53:E4:7C:93:F9:05:FB:B1:26:52:71:34
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/36322e3132322e3138392e302f32342d3234203d3e2033313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ae:47:c5:e8:57:83:59:ef:08:32:3b:75:20:45:5d:13:ad:
         8e:6b:9f:70:0d:39:18:d9:5c:ae:22:c2:34:34:31:a0:15:eb:
         05:9a:f1:ed:aa:2b:df:f9:f1:65:60:a2:73:89:67:67:a1:04:
         22:b9:7c:98:5d:93:dd:92:59:f8:a0:fe:9a:1c:61:e7:71:15:
         77:20:5b:0e:b0:6e:86:13:d6:09:8d:37:18:1a:99:b2:35:79:
         0d:ea:6c:6c:7c:2a:15:20:ce:43:fa:e9:ad:38:1c:d9:86:6d:
         95:d5:ee:17:69:da:97:39:5e:e5:dd:f2:9a:a6:2f:79:7b:5d:
         89:ad:bb:b2:b8:49:29:bf:7c:ab:56:cf:c2:07:f7:e4:6a:7d:
         2c:a0:1b:84:9f:e3:b5:c4:71:b2:8c:b4:97:25:e0:27:68:c9:
         d5:1f:38:b9:b7:3c:ba:61:d0:27:b3:9c:22:d4:92:2e:2c:71:
         30:97:27:0c:e2:62:4b:cc:6a:fe:98:a1:cb:77:a4:ef:43:d8:
         3a:92:a2:f1:74:2a:e3:d9:21:8b:ff:73:9d:17:fa:86:c7:11:
         f2:63:aa:be:6a:b6:a7:b5:c0:fa:77:35:ff:8f:2c:7b:62:c1:
         06:0b:42:e1:b6:59:51:21:2c:21:4f:70:44:b8:18:24:19:78:
         03:de:82:ab
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMgAho16Eu5QAtdhIpyed/iGvnKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDA0MTIxNTQ3MjlaFw0yNTA0MTExNTUyMjlaMDMxMTAvBgNV
BAMTKDcyRTY3MjU2OTU0NUM0QTA1M0U0N0M5M0Y5MDVGQkIxMjY1MjcxMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCROWrbP1YHLITU0QZ37bSlpnkd
yZRMvVmbgZUENXwGgcH2CBv/aCIM91dTsL4qm2RGjQ85HcgiWRzNcxElU5+aVO3e
WL8FgsEyIS22kSndRIjpM2PhzqnOjwUNSrO3MVjD0fpfw2UiMlnegZEWsqZRCloz
RWEMZPIwJVu7/127kAJvCWu3Yex7pu1+FfIVJXX3lRgMQ38UuAfViOwa+xzfWVU1
wOItwtXvEGOVV4pggqtouR7WT1PtKKkQto13Q3rJFtx9AF1sPktQosMYHv7lwMn/
0/zR0sg2Ai1SXYTStE2PCTpce0DyZKDXUg3D8NB0h5DXhtPEtcFv0mmR8EarAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcuZyVpVFxKBT5HyT+QX7sSZScTQwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzYzMjJlMzEzMjMyMmUzMTM4
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMxMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD56
vTANBgkqhkiG9w0BAQsFAAOCAQEAg65HxehXg1nvCDI7dSBFXROtjmufcA05GNlc
riLCNDQxoBXrBZrx7aor3/nxZWCic4lnZ6EEIrl8mF2T3ZJZ+KD+mhxh53EVdyBb
DrBuhhPWCY03GBqZsjV5DepsbHwqFSDOQ/rprTgc2YZtldXuF2nalzle5d3ymqYv
eXtdia27srhJKb98q1bPwgf35Gp9LKAbhJ/jtcRxsoy0lyXgJ2jJ1R84ubc8umHQ
J7OcItSSLixxMJcnDOJiS8xq/pihy3ek70PYOpKi8XQq49khi/9znRf6hscR8mOq
vmq2p7XA+nc1/48se2LBBgtC4bZZUSEsIU9wRLgYJBl4A96Cqw==
-----END CERTIFICATE-----