Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39342e302f32332d3233203d3e203632323430.roa
File:                     33362e3235352e39342e302f32332d3233203d3e203632323430.roa (raw, json)
Hash identifier:          HHehYmYO5S3nVqn5RxPN8IY1cV+6/LfOgSFg8yGTFv0=
Subject key identifier:   32:C4:C8:3E:2D:4A:3A:CF:D9:5F:DE:82:24:86:04:CB:DC:CE:5D:69
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       0899A8C0610971646AD520DC2E32FA36D94A873C
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39342e302f32332d3233203d3e203632323430.roa
Signing time:             Wed 27 Mar 2024 02:53:14 +0000
ROA not before:           Wed 27 Mar 2024 02:48:14 +0000
ROA not after:            Wed 26 Mar 2025 02:53:14 +0000
asID:                     62240
IP address blocks:        36.255.94.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:99:a8:c0:61:09:71:64:6a:d5:20:dc:2e:32:fa:36:d9:4a:87:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Mar 27 02:48:14 2024 GMT
            Not After : Mar 26 02:53:14 2025 GMT
        Subject: CN=32C4C83E2D4A3ACFD95FDE82248604CBDCCE5D69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:75:bc:1d:fd:e3:8d:e8:c6:02:10:1e:8c:3f:
                    e9:0b:3e:37:65:77:09:76:3f:8d:94:96:97:96:2e:
                    ec:2c:52:fd:c8:ca:04:cb:88:eb:fd:de:c9:90:cd:
                    b0:12:9e:6a:7e:bc:47:79:3d:40:28:32:14:c8:fe:
                    dc:a1:1b:01:c2:49:f1:8b:b2:50:ee:85:45:5e:b0:
                    cc:47:de:f5:6d:39:92:4a:4b:c7:d9:a2:b2:90:b7:
                    07:09:49:1c:22:0d:54:c3:48:73:bb:ac:23:8c:1c:
                    1c:dd:5e:63:5d:cb:b2:e9:65:f8:d6:68:79:74:46:
                    e6:3a:d7:a1:35:4a:f0:f2:f3:e8:dd:9e:e4:73:e8:
                    6b:43:fe:d9:0e:4f:41:97:3a:c2:23:2b:46:82:29:
                    c2:3c:b1:3c:d7:29:9e:f7:1d:c0:c2:e0:4e:10:34:
                    2f:22:96:df:35:34:16:2b:a4:1d:2d:83:67:23:7b:
                    a7:01:59:23:68:68:e3:42:fb:aa:e9:4b:7b:80:a3:
                    9c:05:e7:f0:8b:19:e6:85:93:72:d7:b2:89:52:eb:
                    a6:bb:a8:44:1d:a9:6f:e6:e4:2a:4d:20:6d:92:06:
                    0b:b1:7c:b3:37:03:27:12:14:a5:e2:d6:a2:ca:1e:
                    3b:4e:9c:d6:a6:03:0d:fe:e5:20:dc:01:bf:8a:4a:
                    b8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:C4:C8:3E:2D:4A:3A:CF:D9:5F:DE:82:24:86:04:CB:DC:CE:5D:69
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39342e302f32332d3233203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.255.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:0c:14:db:99:b6:3d:22:1b:1a:0f:d2:f1:bd:ef:7e:c7:f3:
         8e:4e:43:6d:b9:74:8f:da:ff:1f:30:52:15:54:e8:a2:e6:20:
         ad:98:fe:07:b5:4d:ec:26:b6:d9:18:df:ac:0a:54:b0:e4:1b:
         cd:e4:89:ed:42:18:9f:7f:bf:a5:b9:55:c5:cc:fa:c3:d6:1a:
         20:84:06:d8:c7:6e:c9:46:08:76:7b:44:66:d0:7f:2b:41:fe:
         9b:a4:3b:f9:f7:81:5e:94:4b:98:d9:30:b7:22:f1:3e:4a:cd:
         d5:d7:67:f9:1c:fa:8d:7a:1d:20:a8:48:23:a8:13:d9:2d:bb:
         e6:89:f0:41:6f:30:6d:c6:70:c0:d1:a3:36:8c:e9:ce:1c:41:
         9a:2c:90:56:19:11:c3:85:07:15:47:b8:3d:70:1b:66:2b:f5:
         dc:be:65:e9:81:52:5f:8d:33:ec:7c:12:f7:3d:ef:fe:c4:53:
         ee:90:91:b6:4f:10:50:01:65:48:52:a5:ec:7c:cb:5b:0b:34:
         71:44:fd:c2:9e:d1:45:e9:23:cf:23:42:ea:3f:e6:6f:86:e4:
         b0:4d:97:fe:bb:17:10:d8:9d:be:b3:fa:a9:57:86:c2:48:31:
         ed:c2:ce:44:1a:87:b7:49:0e:3d:fd:0c:b7:67:27:27:95:36:
         3d:88:3a:68
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCJmowGEJcWRq1SDcLjL6NtlKhzwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNDAzMjcwMjQ4MTRaFw0yNTAzMjYwMjUzMTRaMDMxMTAvBgNV
BAMTKDMyQzRDODNFMkQ0QTNBQ0ZEOTVGREU4MjI0ODYwNENCRENDRTVENjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0dbwd/eON6MYCEB6MP+kLPjdl
dwl2P42UlpeWLuwsUv3IygTLiOv93smQzbASnmp+vEd5PUAoMhTI/tyhGwHCSfGL
slDuhUVesMxH3vVtOZJKS8fZorKQtwcJSRwiDVTDSHO7rCOMHBzdXmNdy7LpZfjW
aHl0RuY616E1SvDy8+jdnuRz6GtD/tkOT0GXOsIjK0aCKcI8sTzXKZ73HcDC4E4Q
NC8ilt81NBYrpB0tg2cje6cBWSNoaONC+6rpS3uAo5wF5/CLGeaFk3LXsolS66a7
qEQdqW/m5CpNIG2SBguxfLM3AycSFKXi1qLKHjtOnNamAw3+5SDcAb+KSrjvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMsTIPi1KOs/ZX96CJIYEy9zOXWkwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzMzNjJlMzIzNTM1MmUzOTM0
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzYzMjMyMzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAST/
XjANBgkqhkiG9w0BAQsFAAOCAQEAmQwU25m2PSIbGg/S8b3vfsfzjk5Dbbl0j9r/
HzBSFVToouYgrZj+B7VN7Ca22RjfrApUsOQbzeSJ7UIYn3+/pblVxcz6w9YaIIQG
2MduyUYIdntEZtB/K0H+m6Q7+feBXpRLmNkwtyLxPkrN1ddn+Rz6jXodIKhII6gT
2S275onwQW8wbcZwwNGjNozpzhxBmiyQVhkRw4UHFUe4PXAbZiv13L5l6YFSX40z
7HwS9z3v/sRT7pCRtk8QUAFlSFKl7HzLWws0cUT9wp7RRekjzyNC6j/mb4bksE2X
/rsXENidvrP6qVeGwkgx7cLORBqHt0kOPf0Mt2cnJ5U2PYg6aA==
-----END CERTIFICATE-----