Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39322e302f32332d3234203d3e203630373831.roa
File:                     33362e3235352e39322e302f32332d3234203d3e203630373831.roa (raw, json)
Hash identifier:          7osIUbxAsp8JXEl3vUE49emLTbi5wZizrI6LmhRbKog=
Subject key identifier:   AC:C2:C9:C1:7D:9A:3E:BB:5F:0E:EA:E0:EB:1E:D1:5A:3D:4B:A1:9A
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       71B31663FC9E37A0BF4C8B76C0DE0DFB844F182B
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39322e302f32332d3234203d3e203630373831.roa
Signing time:             Sat 26 Oct 2024 07:13:03 +0000
ROA not before:           Sat 26 Oct 2024 07:08:03 +0000
ROA not after:            Sat 25 Oct 2025 07:13:03 +0000
asID:                     60781
IP address blocks:        36.255.92.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:b3:16:63:fc:9e:37:a0:bf:4c:8b:76:c0:de:0d:fb:84:4f:18:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Oct 26 07:08:03 2024 GMT
            Not After : Oct 25 07:13:03 2025 GMT
        Subject: CN=ACC2C9C17D9A3EBB5F0EEAE0EB1ED15A3D4BA19A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:40:26:0f:c0:b1:53:e0:77:02:8e:9e:d1:9f:
                    58:a8:fa:bc:7d:2a:2d:2d:ba:78:d8:b4:da:4a:d8:
                    d9:36:85:c3:00:4d:12:a2:22:da:ab:50:20:7f:c2:
                    1b:d3:a8:1e:15:3b:f0:20:ac:cf:46:97:f4:51:ff:
                    21:c9:2a:7b:49:14:0c:39:dc:e1:71:4b:5c:b3:7c:
                    51:56:8d:05:2f:ba:93:57:0f:01:96:2b:fd:0e:1f:
                    3e:16:0a:90:b0:47:62:67:91:11:b0:fa:1f:f0:56:
                    10:a2:86:f0:fb:89:3f:11:3c:d9:93:25:b8:91:fb:
                    bd:47:a2:9d:d4:5f:ab:ef:15:5d:fd:09:eb:f4:fc:
                    46:b7:0b:5f:35:38:74:f4:d4:aa:60:a7:7f:89:f8:
                    58:48:95:02:f7:46:90:7b:be:bb:6a:c1:81:d6:ca:
                    a5:a2:fe:34:5a:ee:09:d9:42:b2:fa:d0:6b:1a:68:
                    83:10:20:9a:6b:8d:ad:a6:6c:60:d6:82:69:f8:77:
                    d8:8e:5e:f8:3b:1c:78:91:a3:d8:68:87:ed:97:af:
                    b0:7a:69:4f:bf:43:3a:b1:5d:3d:02:01:cd:ee:bd:
                    f5:3f:e9:06:6d:0c:8f:9f:0b:67:ba:cd:dc:8e:24:
                    d4:b8:89:b9:09:48:ac:53:02:91:fe:69:f4:85:ba:
                    44:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C2:C9:C1:7D:9A:3E:BB:5F:0E:EA:E0:EB:1E:D1:5A:3D:4B:A1:9A
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39322e302f32332d3234203d3e203630373831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.255.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d2:46:e8:df:5b:ea:78:15:c0:77:82:53:cf:03:7c:60:cf:13:
         6a:df:6b:2d:e4:93:2f:71:87:45:9c:01:74:78:aa:b4:5c:9d:
         02:b2:0f:0f:fa:58:a5:d3:aa:8c:de:ca:64:a0:17:69:54:2e:
         f9:05:46:64:78:fc:3b:51:77:32:1c:c8:96:65:38:be:43:41:
         a1:88:56:73:5f:e0:81:d9:97:d3:48:8e:86:9e:6f:2b:53:63:
         97:9f:1a:3f:c6:a1:51:65:d3:61:f6:1e:d4:ad:1d:af:c1:3e:
         16:ac:c0:f7:8a:ce:11:cf:10:ff:3d:da:b4:e1:25:a9:e3:72:
         eb:34:10:9d:12:59:57:e8:77:ee:68:55:5f:0f:9f:1b:6a:d4:
         f0:1b:c7:33:4c:7c:b2:43:29:a4:56:fc:5d:c0:55:fc:ae:c6:
         1e:a5:d3:8b:d9:b3:cc:bf:9c:10:48:8f:ef:26:5c:8d:11:a8:
         6f:44:ef:7b:b1:fb:99:22:ce:9a:9d:ba:a3:0a:fb:31:44:cd:
         74:47:c1:86:b1:38:56:a5:7d:25:b8:6e:f5:e2:6a:e5:5c:e1:
         e1:11:20:cb:de:44:5b:50:bb:6e:6d:3f:29:3d:b7:3a:d8:73:
         fd:20:07:52:96:5f:1d:04:8c:35:48:a3:e4:c9:b3:9e:12:8e:
         76:ae:53:b0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcbMWY/yeN6C/TIt2wN4N+4RPGCswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNDEwMjYwNzA4MDNaFw0yNTEwMjUwNzEzMDNaMDMxMTAvBgNV
BAMTKEFDQzJDOUMxN0Q5QTNFQkI1RjBFRUFFMEVCMUVEMTVBM0Q0QkExOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSQCYPwLFT4HcCjp7Rn1io+rx9
Ki0tunjYtNpK2Nk2hcMATRKiItqrUCB/whvTqB4VO/AgrM9Gl/RR/yHJKntJFAw5
3OFxS1yzfFFWjQUvupNXDwGWK/0OHz4WCpCwR2JnkRGw+h/wVhCihvD7iT8RPNmT
JbiR+71Hop3UX6vvFV39Cev0/Ea3C181OHT01Kpgp3+J+FhIlQL3RpB7vrtqwYHW
yqWi/jRa7gnZQrL60GsaaIMQIJprja2mbGDWgmn4d9iOXvg7HHiRo9hoh+2Xr7B6
aU+/QzqxXT0CAc3uvfU/6QZtDI+fC2e6zdyOJNS4ibkJSKxTApH+afSFukS3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrMLJwX2aPrtfDurg6x7RWj1LoZowHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzMzNjJlMzIzNTM1MmUzOTMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzYzMDM3MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAST/
XDANBgkqhkiG9w0BAQsFAAOCAQEA0kbo31vqeBXAd4JTzwN8YM8Tat9rLeSTL3GH
RZwBdHiqtFydArIPD/pYpdOqjN7KZKAXaVQu+QVGZHj8O1F3MhzIlmU4vkNBoYhW
c1/ggdmX00iOhp5vK1Njl58aP8ahUWXTYfYe1K0dr8E+FqzA94rOEc8Q/z3atOEl
qeNy6zQQnRJZV+h37mhVXw+fG2rU8BvHM0x8skMppFb8XcBV/K7GHqXTi9mzzL+c
EEiP7yZcjRGob0Tve7H7mSLOmp26owr7MUTNdEfBhrE4VqV9Jbhu9eJq5Vzh4REg
y95EW1C7bm0/KT23Othz/SAHUpZfHQSMNUij5MmznhKOdq5TsA==
-----END CERTIFICATE-----