Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137332e302f32342d3234203d3e2038313030.roa
File:                     36322e3139322e3137332e302f32342d3234203d3e2038313030.roa (raw, json)
Hash identifier:          Jlofucguv+Def3PUKBrJxZOJZBY4eY6+vW3Y4ZeprSk=
Subject key identifier:   78:EF:D5:30:BF:6F:AA:AE:1B:23:25:C4:BB:DE:C9:FF:4C:30:E8:FC
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       4A18538625BD77CD45CC8ACBDB711473B7F8132A
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137332e302f32342d3234203d3e2038313030.roa
Signing time:             Sun 18 Aug 2024 05:05:19 +0000
ROA not before:           Sun 18 Aug 2024 05:00:19 +0000
ROA not after:            Sun 17 Aug 2025 05:05:19 +0000
asID:                     8100
IP address blocks:        62.192.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:18:53:86:25:bd:77:cd:45:cc:8a:cb:db:71:14:73:b7:f8:13:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Aug 18 05:00:19 2024 GMT
            Not After : Aug 17 05:05:19 2025 GMT
        Subject: CN=78EFD530BF6FAAAE1B2325C4BBDEC9FF4C30E8FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:12:98:d2:94:3f:6b:ba:dd:19:76:e2:0c:9d:
                    59:cc:4c:0d:2f:e1:85:8d:9d:f1:21:ae:e7:c9:87:
                    96:20:95:7f:5a:d8:99:06:cd:22:f2:75:99:40:9a:
                    35:6c:01:48:c0:42:a0:44:e3:8b:45:8b:9e:0a:40:
                    fd:27:0c:e8:ac:93:1a:4e:5d:59:44:5c:b6:f0:87:
                    38:ff:58:8d:53:28:25:fe:25:b0:74:ad:69:72:92:
                    be:1d:64:78:12:17:5d:27:62:5b:ff:44:8d:3f:a6:
                    dd:99:5b:f8:47:84:43:f1:04:03:2f:84:e7:e5:fe:
                    fa:51:75:bd:ca:29:c5:06:a3:8b:64:8b:bc:9c:31:
                    a4:1f:80:e5:08:c6:ae:c0:bc:3e:5b:94:4a:98:68:
                    76:10:32:02:4c:61:c5:dc:ce:af:80:db:4c:79:49:
                    4b:fb:a8:68:75:97:ab:49:47:d4:39:d5:38:3b:26:
                    7d:01:a5:c0:77:79:23:c1:a7:01:2e:cc:43:47:e7:
                    6a:92:fc:4c:b8:2b:69:fb:8a:ed:01:a4:6d:73:32:
                    7d:99:2c:52:d2:2c:3f:47:89:1b:27:35:7b:61:23:
                    cf:b1:87:f5:c6:98:95:87:4f:55:54:fb:17:39:e8:
                    fa:93:fc:2d:e8:5a:60:e6:10:a7:34:d2:fb:45:c1:
                    31:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:EF:D5:30:BF:6F:AA:AE:1B:23:25:C4:BB:DE:C9:FF:4C:30:E8:FC
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/36322e3139322e3137332e302f32342d3234203d3e2038313030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:9e:e9:77:bf:79:5e:e3:f5:40:ab:4b:de:5d:02:81:7f:3b:
         eb:1a:ec:47:55:a3:95:64:39:6a:3d:d3:66:ab:06:1a:db:ce:
         b2:d8:79:12:05:71:2b:44:ff:17:8d:e1:95:ff:91:56:95:a7:
         73:66:61:3d:16:a0:85:a2:ad:84:04:32:91:46:12:fa:4c:8c:
         11:ea:95:80:75:df:20:1e:69:0b:52:82:71:ca:c6:27:3a:60:
         fc:77:75:4f:87:f4:d7:71:5c:5f:60:eb:d2:b1:51:66:93:c0:
         0a:89:34:13:ea:ff:bc:de:1d:1e:5d:06:21:b9:39:d6:b2:15:
         a8:c0:4c:b4:22:e0:49:20:30:3e:40:83:15:c5:e7:16:34:f7:
         2f:68:16:c5:8b:22:3f:24:37:75:f9:ec:f8:9e:1e:17:73:8e:
         b2:ae:4e:52:23:e4:f9:25:66:19:b1:1d:83:75:7c:8d:92:29:
         00:6e:e9:6d:90:16:01:97:8a:f0:3e:cc:b9:8d:1d:f1:b3:0f:
         5e:ef:0b:b1:4b:09:c6:02:fc:38:51:6e:8b:42:a3:f4:a9:6d:
         34:a0:16:fe:b6:aa:86:6b:5c:eb:05:77:7a:97:b2:26:13:55:
         99:d2:3d:53:f1:15:7d:29:eb:32:85:23:a1:fb:42:ff:36:57:
         97:1d:bf:38
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUShhThiW9d81FzIrL23EUc7f4EyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDA4MTgwNTAwMTlaFw0yNTA4MTcwNTA1MTlaMDMxMTAvBgNV
BAMTKDc4RUZENTMwQkY2RkFBQUUxQjIzMjVDNEJCREVDOUZGNEMzMEU4RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXEpjSlD9rut0ZduIMnVnMTA0v
4YWNnfEhrufJh5YglX9a2JkGzSLydZlAmjVsAUjAQqBE44tFi54KQP0nDOiskxpO
XVlEXLbwhzj/WI1TKCX+JbB0rWlykr4dZHgSF10nYlv/RI0/pt2ZW/hHhEPxBAMv
hOfl/vpRdb3KKcUGo4tki7ycMaQfgOUIxq7AvD5blEqYaHYQMgJMYcXczq+A20x5
SUv7qGh1l6tJR9Q51Tg7Jn0BpcB3eSPBpwEuzENH52qS/Ey4K2n7iu0BpG1zMn2Z
LFLSLD9HiRsnNXthI8+xh/XGmJWHT1VU+xc56PqT/C3oWmDmEKc00vtFwTFXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeO/VML9vqq4bIyXEu97J/0ww6PwwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzYzMjJlMzEzOTMyMmUzMTM3
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMxMzAzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD7A
rTANBgkqhkiG9w0BAQsFAAOCAQEAYp7pd795XuP1QKtL3l0CgX876xrsR1WjlWQ5
aj3TZqsGGtvOsth5EgVxK0T/F43hlf+RVpWnc2ZhPRaghaKthAQykUYS+kyMEeqV
gHXfIB5pC1KCccrGJzpg/Hd1T4f013FcX2Dr0rFRZpPACok0E+r/vN4dHl0GIbk5
1rIVqMBMtCLgSSAwPkCDFcXnFjT3L2gWxYsiPyQ3dfns+J4eF3OOsq5OUiPk+SVm
GbEdg3V8jZIpAG7pbZAWAZeK8D7MuY0d8bMPXu8LsUsJxgL8OFFui0Kj9KltNKAW
/raqhmtc6wV3epeyJhNVmdI9U/EVfSnrMoUjoftC/zZXlx2/OA==
-----END CERTIFICATE-----