Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/36322e3131322e3134342e302f32302d3230203d3e20313734.roa
File:                     36322e3131322e3134342e302f32302d3230203d3e20313734.roa (raw, json)
Hash identifier:          Ad72tjH/2ejz4oVBvE15bChc+ZghBWzMmGhckXgb9l8=
Subject key identifier:   92:C9:EE:4F:A4:B4:66:F1:5F:83:21:C0:D5:4F:AA:84:3E:6D:B5:57
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       635523F64C300E7E1ABCA11E5CFE65D490282B9B
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/36322e3131322e3134342e302f32302d3230203d3e20313734.roa
Signing time:             Mon 20 May 2024 11:26:15 +0000
ROA not before:           Mon 20 May 2024 11:21:15 +0000
ROA not after:            Mon 19 May 2025 11:26:15 +0000
asID:                     174
IP address blocks:        62.112.144.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:55:23:f6:4c:30:0e:7e:1a:bc:a1:1e:5c:fe:65:d4:90:28:2b:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: May 20 11:21:15 2024 GMT
            Not After : May 19 11:26:15 2025 GMT
        Subject: CN=92C9EE4FA4B466F15F8321C0D54FAA843E6DB557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ff:73:29:d5:ae:fe:2f:ca:b9:ed:b5:36:66:
                    f8:67:a8:e8:30:80:6a:5a:01:70:9c:ab:a2:4f:c0:
                    f2:bc:7e:49:f5:4e:41:02:8d:4c:0d:15:45:28:2b:
                    5d:1c:bc:18:20:4f:3e:7e:7f:1d:55:9e:e7:7c:97:
                    c1:34:c6:0f:4a:1b:9a:7e:ed:41:0c:57:9b:22:98:
                    f2:05:0c:e0:9f:af:7f:4e:e6:93:77:bb:35:8a:f7:
                    b8:a5:61:9f:d9:81:1d:79:93:86:c2:a7:aa:d0:35:
                    54:e5:60:41:35:0b:ce:e5:4d:bb:03:43:57:d2:6e:
                    56:6b:84:70:97:65:6b:f1:9e:32:60:23:48:88:17:
                    88:3d:73:56:44:c5:38:81:29:86:00:6a:07:2c:ef:
                    0d:1c:fc:d5:2c:dc:95:2f:ed:4d:17:0d:4e:d4:91:
                    39:4b:cd:12:0c:0d:47:81:b1:d4:75:b2:c4:ed:87:
                    81:3b:50:50:19:72:23:b1:4d:c4:68:27:2e:0d:94:
                    9d:d5:0d:73:36:6b:f9:4f:23:ee:df:2d:77:4c:52:
                    6b:32:50:eb:7d:0c:9e:7b:64:ed:e5:40:25:c6:99:
                    4a:a4:c5:1e:89:c1:86:b3:18:48:05:42:d5:e1:f7:
                    bf:3d:45:d3:aa:34:28:44:4f:f7:e0:5b:99:82:91:
                    be:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C9:EE:4F:A4:B4:66:F1:5F:83:21:C0:D5:4F:AA:84:3E:6D:B5:57
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/36322e3131322e3134342e302f32302d3230203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         31:b6:96:a7:b4:11:47:ea:b6:d6:b1:38:13:6c:69:bc:55:0e:
         34:85:2c:a8:07:98:b2:81:a3:6f:65:b9:2e:ae:4f:74:4d:10:
         39:40:0b:e7:94:95:56:ec:46:5a:35:a8:f8:20:95:72:5a:e0:
         7e:64:0a:5e:e2:8a:7a:8d:c8:66:bf:59:0f:c1:49:2a:8f:76:
         bf:b7:7e:6c:94:25:88:5d:88:44:4d:45:94:90:ed:7f:e2:ff:
         f9:d3:05:9c:81:d3:89:3a:9a:96:17:15:6f:45:7a:37:27:f6:
         7a:bc:48:0d:9e:9a:ae:a8:a4:38:1a:ef:59:f7:89:d3:db:2a:
         8f:1e:47:24:c9:48:93:1a:43:49:aa:a4:37:90:6f:0d:20:22:
         f4:73:f9:ef:87:d2:fb:83:e2:3d:61:00:be:93:cf:35:fe:20:
         3a:92:c7:39:74:1c:4b:b1:84:4d:72:b6:07:b7:6e:72:5f:eb:
         44:5f:de:fd:6f:97:d0:b9:65:b6:f4:72:35:75:0b:bd:57:a9:
         62:63:a2:53:ed:1c:25:80:7b:62:ad:5a:e7:d4:71:25:7f:ec:
         45:41:15:e2:49:f0:9f:2e:42:f3:fb:1b:de:8b:0f:ff:6d:e7:
         dc:ce:f5:a8:0e:86:e7:bd:b1:5b:64:9e:dd:59:a4:55:4a:b6:
         bc:7f:91:00
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUY1Uj9kwwDn4avKEeXP5l1JAoK5swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNDA1MjAxMTIxMTVaFw0yNTA1MTkxMTI2MTVaMDMxMTAvBgNV
BAMTKDkyQzlFRTRGQTRCNDY2RjE1RjgzMjFDMEQ1NEZBQTg0M0U2REI1NTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0/3Mp1a7+L8q57bU2ZvhnqOgw
gGpaAXCcq6JPwPK8fkn1TkECjUwNFUUoK10cvBggTz5+fx1Vnud8l8E0xg9KG5p+
7UEMV5simPIFDOCfr39O5pN3uzWK97ilYZ/ZgR15k4bCp6rQNVTlYEE1C87lTbsD
Q1fSblZrhHCXZWvxnjJgI0iIF4g9c1ZExTiBKYYAagcs7w0c/NUs3JUv7U0XDU7U
kTlLzRIMDUeBsdR1ssTth4E7UFAZciOxTcRoJy4NlJ3VDXM2a/lPI+7fLXdMUmsy
UOt9DJ57ZO3lQCXGmUqkxR6JwYazGEgFQtXh9789RdOqNChET/fgW5mCkb7rAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUksnuT6S0ZvFfgyHA1U+qhD5ttVcwHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzYzMjJlMzEzMTMyMmUzMTM0
MzQyZTMwMmYzMjMwMmQzMjMwMjAzZDNlMjAzMTM3MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAQ+cJAw
DQYJKoZIhvcNAQELBQADggEBADG2lqe0EUfqttaxOBNsabxVDjSFLKgHmLKBo29l
uS6uT3RNEDlAC+eUlVbsRlo1qPgglXJa4H5kCl7iinqNyGa/WQ/BSSqPdr+3fmyU
JYhdiERNRZSQ7X/i//nTBZyB04k6mpYXFW9Fejcn9nq8SA2emq6opDga71n3idPb
Ko8eRyTJSJMaQ0mqpDeQbw0gIvRz+e+H0vuD4j1hAL6TzzX+IDqSxzl0HEuxhE1y
tge3bnJf60Rf3v1vl9C5Zbb0cjV1C71XqWJjolPtHCWAe2KtWufUcSV/7EVBFeJJ
8J8uQvP7G96LD/9t59zO9agOhue9sVtknt1ZpFVKtrx/kQA=
-----END CERTIFICATE-----