Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323232.roa
File:                     36322e332e31382e302f32342d3234203d3e20323136323232.roa (raw, json)
Hash identifier:          xpvX4DbRPgQDl25Wd7lh+sIK3ZuIxEe17qogwqcSmAY=
Subject key identifier:   B5:D3:3A:EE:99:51:01:65:E1:20:9B:EE:74:A0:31:30:0A:55:A6:90
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       01FCF28613FFF91FF269F4C15E0CFB32AEABA20D
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323232.roa
Signing time:             Wed 08 Oct 2025 07:55:08 +0000
ROA not before:           Wed 08 Oct 2025 07:50:08 +0000
ROA not after:            Wed 07 Oct 2026 07:55:08 +0000
asID:                     216222
IP address blocks:        62.3.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Oct 2025 06:44:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:fc:f2:86:13:ff:f9:1f:f2:69:f4:c1:5e:0c:fb:32:ae:ab:a2:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Oct  8 07:50:08 2025 GMT
            Not After : Oct  7 07:55:08 2026 GMT
        Subject: CN=B5D33AEE99510165E1209BEE74A031300A55A690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d6:c7:c8:65:94:e9:8a:bb:bc:bc:ec:b6:d9:
                    7e:bf:37:d2:e6:ec:8a:93:52:44:0b:3c:22:20:fd:
                    8c:06:b6:4e:2d:54:7f:1b:16:66:b4:5f:fa:52:ee:
                    a0:21:f0:ee:2b:96:b1:73:fc:a7:cd:ab:dc:8b:5e:
                    8d:fc:4b:f7:98:14:1c:df:f0:5d:02:c4:ad:9d:70:
                    71:64:ee:f0:4e:11:ec:8b:22:3b:55:11:0e:37:d5:
                    b8:c3:54:d0:7f:3a:79:68:99:c9:e2:e2:0b:3d:67:
                    05:91:b2:3e:eb:e7:0d:a5:c0:a0:05:6a:26:de:8c:
                    8b:c8:d4:fc:24:3f:8e:9d:1e:49:57:b0:d6:40:4d:
                    0a:3a:e5:c2:93:d8:21:ee:a3:a1:50:9e:aa:25:08:
                    a0:05:27:04:c3:28:47:51:d5:ac:36:2c:44:39:b6:
                    fc:f3:cc:ec:a2:62:c2:ce:25:4f:bb:e4:88:ae:d4:
                    30:07:96:a7:c3:7c:1a:8f:fc:bc:a1:20:c1:73:bb:
                    9e:02:04:a2:73:c8:10:60:f4:6c:74:91:6e:77:c3:
                    71:d5:8e:b1:75:e9:52:89:98:c0:0e:36:48:73:d0:
                    49:12:07:01:ee:58:49:a2:e8:38:47:8e:9c:8e:f3:
                    59:40:3a:40:a5:ec:c2:d5:c2:76:49:af:40:5b:34:
                    ac:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:D3:3A:EE:99:51:01:65:E1:20:9B:EE:74:A0:31:30:0A:55:A6:90
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:6f:b0:b2:7e:a0:1c:b3:de:f1:a3:45:57:35:e2:18:f7:8f:
         b5:79:4e:01:37:15:1e:1b:45:7f:02:24:e8:c4:0d:38:dd:e1:
         67:a3:de:8e:29:b8:e3:93:ec:7e:f3:41:c6:2f:ec:f3:ae:04:
         40:d8:65:1b:1b:79:67:70:9b:6c:f9:7e:05:5a:b0:17:a2:cc:
         2f:3b:6f:58:49:32:78:a0:8b:6a:56:0b:53:84:95:a3:27:8f:
         ef:da:8d:1a:f0:fd:1f:6d:ca:3d:04:29:84:43:bc:8a:aa:6b:
         95:fc:66:ec:6d:3f:df:32:37:78:eb:ea:30:d6:c5:c7:c8:db:
         da:a9:a5:c3:73:bd:2b:8e:69:72:58:b6:50:95:13:cb:a7:ff:
         dd:c3:72:03:70:e7:ba:2a:e4:58:7b:b6:1c:ec:82:ac:d9:95:
         47:bf:5c:cf:7f:44:43:dc:6c:ee:63:dc:3b:9c:61:32:84:ae:
         2e:ad:45:32:11:93:eb:a6:b2:0e:d1:59:6f:f0:5f:a6:f5:bd:
         6a:71:b2:e8:60:50:5d:e0:92:05:86:7d:ca:eb:7b:7e:df:f7:
         29:90:67:3c:16:bb:f3:2a:f5:72:0d:db:5c:2a:2a:0f:b9:d6:
         25:90:e5:19:e4:28:b5:af:9a:ef:41:d5:51:7b:51:07:58:c6:
         3d:aa:11:6e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAfzyhhP/+R/yafTBXgz7Mq6rog0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTEwMDgwNzUwMDhaFw0yNjEwMDcwNzU1MDhaMDMxMTAvBgNV
BAMTKEI1RDMzQUVFOTk1MTAxNjVFMTIwOUJFRTc0QTAzMTMwMEE1NUE2OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/1sfIZZTpiru8vOy22X6/N9Lm
7IqTUkQLPCIg/YwGtk4tVH8bFma0X/pS7qAh8O4rlrFz/KfNq9yLXo38S/eYFBzf
8F0CxK2dcHFk7vBOEeyLIjtVEQ431bjDVNB/Onlomcni4gs9ZwWRsj7r5w2lwKAF
aibejIvI1PwkP46dHklXsNZATQo65cKT2CHuo6FQnqolCKAFJwTDKEdR1aw2LEQ5
tvzzzOyiYsLOJU+75Iiu1DAHlqfDfBqP/LyhIMFzu54CBKJzyBBg9Gx0kW53w3HV
jrF16VKJmMAONkhz0EkSBwHuWEmi6DhHjpyO81lAOkCl7MLVwnZJr0BbNKytAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUtdM67plRAWXhIJvudKAxMApVppAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzYzMjJlMzMyZTMxMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMjMyMzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+AxIw
DQYJKoZIhvcNAQELBQADggEBAINvsLJ+oByz3vGjRVc14hj3j7V5TgE3FR4bRX8C
JOjEDTjd4Wej3o4puOOT7H7zQcYv7POuBEDYZRsbeWdwm2z5fgVasBeizC87b1hJ
Mnigi2pWC1OElaMnj+/ajRrw/R9tyj0EKYRDvIqqa5X8ZuxtP98yN3jr6jDWxcfI
29qppcNzvSuOaXJYtlCVE8un/93DcgNw57oq5Fh7thzsgqzZlUe/XM9/REPcbO5j
3DucYTKEri6tRTIRk+umsg7RWW/wX6b1vWpxsuhgUF3gkgWGfcrre37f9ymQZzwW
u/Mq9XIN21wqKg+51iWQ5RnkKLWvmu9B1VF7UQdYxj2qEW4=
-----END CERTIFICATE-----