Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/36322e3132322e3138392e302f32342d3234203d3e2033313730.roa
File:                     36322e3132322e3138392e302f32342d3234203d3e2033313730.roa (raw, json)
Hash identifier:          mbpZXZK/fM7vaFZ5y82xMnQ6rCPjr7XSXm9Q6bD78C4=
Subject key identifier:   72:17:6F:3D:43:EC:BA:29:95:69:47:6E:5A:0B:63:1D:E4:E2:91:FB
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       1128B74BF55747287F349B1461E2C93896DAAAEC
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/36322e3132322e3138392e302f32342d3234203d3e2033313730.roa
Signing time:             Fri 14 Mar 2025 15:53:58 +0000
ROA not before:           Fri 14 Mar 2025 15:48:58 +0000
ROA not after:            Fri 13 Mar 2026 15:53:58 +0000
asID:                     3170
IP address blocks:        62.122.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:32:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:28:b7:4b:f5:57:47:28:7f:34:9b:14:61:e2:c9:38:96:da:aa:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Mar 14 15:48:58 2025 GMT
            Not After : Mar 13 15:53:58 2026 GMT
        Subject: CN=72176F3D43ECBA299569476E5A0B631DE4E291FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:92:ff:f6:e8:f3:3d:41:f9:ce:d0:22:18:8a:
                    a7:e9:7d:7f:c3:8a:6d:e4:81:a0:e4:90:9d:da:e6:
                    41:49:0e:69:7e:28:45:7b:e6:de:e2:73:38:ae:0f:
                    ba:c5:e7:35:c0:6d:7f:94:25:d0:0f:52:7a:89:3d:
                    c2:14:1b:21:a2:87:e8:e2:bf:f8:11:bf:72:81:dd:
                    b1:07:71:1c:6c:c7:3e:38:94:d0:e9:c6:83:ee:b1:
                    cf:3c:48:5c:00:35:57:f7:6d:9c:68:81:4a:a7:01:
                    b5:c4:c0:2a:33:17:90:e8:d8:88:f8:b3:dc:40:df:
                    5a:da:6d:84:45:0b:22:33:7d:b6:7a:7a:df:43:55:
                    93:b7:3d:34:81:02:50:88:20:c8:48:8b:64:b5:f9:
                    46:56:a1:3e:ee:49:c0:30:c7:24:7c:57:7c:5e:3d:
                    ca:d1:16:af:f9:26:d8:d6:69:51:af:2a:56:3d:af:
                    33:ed:e7:12:7e:41:58:1b:64:1e:99:74:53:b7:28:
                    7f:16:ff:b9:0d:35:67:83:d3:6f:42:c8:d3:10:e0:
                    83:fa:e6:0a:ef:b4:b0:e5:6b:00:d7:45:49:ed:44:
                    f7:94:81:54:54:a9:c5:ff:2c:98:5c:55:c1:7d:c3:
                    2d:43:2d:60:a2:ae:3c:f3:89:e1:21:08:1c:e1:0c:
                    0e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:17:6F:3D:43:EC:BA:29:95:69:47:6E:5A:0B:63:1D:E4:E2:91:FB
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/36322e3132322e3138392e302f32342d3234203d3e2033313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:80:d5:18:17:02:2c:13:f0:29:dd:2a:c0:0a:e2:9f:21:0d:
         81:1d:74:19:74:51:2b:35:7d:8e:d8:db:39:e8:45:d2:dd:b6:
         20:94:7c:d1:92:40:16:53:c1:9b:7d:01:6c:7e:5f:14:10:a0:
         82:37:4d:05:39:0b:a3:b1:c3:21:0e:4d:73:ad:90:02:e4:d8:
         33:de:fd:06:59:d2:13:70:cc:43:9a:23:fe:7d:4d:a4:37:7f:
         96:a7:37:26:3d:7e:9e:2f:cc:6d:76:da:80:4d:0f:f6:55:86:
         39:55:08:8d:fc:14:9c:9a:d2:f5:42:28:cf:a2:20:17:e7:2c:
         84:d5:a1:60:d4:5c:83:8b:f6:6b:22:02:7e:88:0b:f0:a2:34:
         c4:6c:82:82:75:e3:bb:5b:ac:7e:fe:8a:ac:7d:2a:5d:45:37:
         bf:46:5b:09:55:04:a6:40:8f:f9:d8:5c:5a:6c:ac:cc:d2:a6:
         9b:eb:0a:79:1a:cb:9f:1e:42:9c:07:a2:22:76:ae:9b:4b:b5:
         ab:eb:05:81:01:3c:b9:8a:c0:29:67:b1:a6:aa:de:9f:b0:84:
         0d:04:92:35:76:e4:e1:53:90:e3:0b:60:f8:fd:d8:a0:fe:3c:
         84:05:14:d2:b7:f0:f7:da:e3:0d:98:ef:a2:d0:a9:9e:fe:b4:
         0d:93:7c:bf
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUESi3S/VXRyh/NJsUYeLJOJbaquwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNTAzMTQxNTQ4NThaFw0yNjAzMTMxNTUzNThaMDMxMTAvBgNV
BAMTKDcyMTc2RjNENDNFQ0JBMjk5NTY5NDc2RTVBMEI2MzFERTRFMjkxRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzkv/26PM9QfnO0CIYiqfpfX/D
im3kgaDkkJ3a5kFJDml+KEV75t7icziuD7rF5zXAbX+UJdAPUnqJPcIUGyGih+ji
v/gRv3KB3bEHcRxsxz44lNDpxoPusc88SFwANVf3bZxogUqnAbXEwCozF5Do2Ij4
s9xA31rabYRFCyIzfbZ6et9DVZO3PTSBAlCIIMhIi2S1+UZWoT7uScAwxyR8V3xe
PcrRFq/5JtjWaVGvKlY9rzPt5xJ+QVgbZB6ZdFO3KH8W/7kNNWeD029CyNMQ4IP6
5grvtLDlawDXRUntRPeUgVRUqcX/LJhcVcF9wy1DLWCirjzzieEhCBzhDA7ZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUchdvPUPsuimVaUduWgtjHeTikfswHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzYzMjJlMzEzMjMyMmUzMTM4
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMxMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD56
vTANBgkqhkiG9w0BAQsFAAOCAQEAMIDVGBcCLBPwKd0qwArinyENgR10GXRRKzV9
jtjbOehF0t22IJR80ZJAFlPBm30BbH5fFBCggjdNBTkLo7HDIQ5Nc62QAuTYM979
BlnSE3DMQ5oj/n1NpDd/lqc3Jj1+ni/MbXbagE0P9lWGOVUIjfwUnJrS9UIoz6Ig
F+cshNWhYNRcg4v2ayICfogL8KI0xGyCgnXju1usfv6KrH0qXUU3v0ZbCVUEpkCP
+dhcWmyszNKmm+sKeRrLnx5CnAeiInaum0u1q+sFgQE8uYrAKWexpqren7CEDQSS
NXbk4VOQ4wtg+P3YoP48hAUU0rfw99rjDZjvotCpnv60DZN8vw==
-----END CERTIFICATE-----