Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323232.roa
File:                     36322e332e31382e302f32342d3234203d3e20323136323232.roa (raw, json)
Hash identifier:          abwJb2MhmDIeE8Juz22gjWpNyhBkEz4pOyEWxjHyUjY=
Subject key identifier:   E3:70:33:F5:D8:C5:A6:B1:51:EF:72:80:99:2B:61:D8:AC:CE:53:AE
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       4053052A2AC5A4FB19299DE9FD888D44186C9738
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323232.roa
Signing time:             Wed 06 Nov 2024 07:43:27 +0000
ROA not before:           Wed 06 Nov 2024 07:38:27 +0000
ROA not after:            Wed 05 Nov 2025 07:43:27 +0000
asID:                     216222
IP address blocks:        62.3.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:53:05:2a:2a:c5:a4:fb:19:29:9d:e9:fd:88:8d:44:18:6c:97:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov  6 07:38:27 2024 GMT
            Not After : Nov  5 07:43:27 2025 GMT
        Subject: CN=E37033F5D8C5A6B151EF7280992B61D8ACCE53AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fe:5d:16:a0:73:d6:27:98:83:65:fb:1a:e9:
                    ab:69:13:91:63:cd:7b:49:c7:a2:6e:2e:06:6f:cf:
                    96:f9:0d:d2:4c:61:0a:d2:bc:d3:cd:27:fe:bf:c1:
                    88:86:53:61:69:d5:d5:61:8a:c2:81:17:f1:66:ca:
                    68:74:dd:07:29:f5:c3:79:51:ae:01:f4:5a:c2:7d:
                    2a:3c:4c:48:84:ff:f6:1d:0e:cd:ae:1d:2f:66:c6:
                    82:70:d6:7a:ee:2b:ed:17:34:b3:cb:8d:de:1f:8b:
                    38:17:ef:26:24:c7:0c:b3:8f:6c:a0:ca:55:d6:01:
                    c5:b9:e6:29:f4:99:bb:c0:4d:b6:f3:39:ce:db:7d:
                    b1:f9:ff:54:c6:6c:6b:a8:b9:92:22:26:f2:eb:91:
                    6e:95:b8:e4:7a:52:e0:7c:92:5a:d3:19:97:b6:4e:
                    6d:58:f8:bd:5a:ca:9a:54:ed:71:a3:11:68:90:e2:
                    73:3b:5a:01:36:87:31:cf:ee:7c:6d:77:e2:5e:af:
                    ee:8a:b9:bf:56:86:6d:3c:63:59:2c:3e:88:d2:b0:
                    f3:7d:89:a7:39:33:06:09:0e:1f:2b:89:61:5a:69:
                    7a:02:90:43:5c:3d:f1:7f:8c:83:1d:d6:ef:89:ca:
                    c0:0c:3f:8b:10:ef:08:26:7e:93:52:90:a3:00:34:
                    9f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:70:33:F5:D8:C5:A6:B1:51:EF:72:80:99:2B:61:D8:AC:CE:53:AE
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:af:2c:eb:a0:2a:ae:09:08:5a:1b:93:f9:86:9c:0d:33:95:
         cc:b8:38:ea:c5:ac:af:6e:dc:7e:ad:b0:02:cd:c7:ef:92:8a:
         7c:a5:a4:ec:c7:c6:2c:aa:71:e8:9c:5b:cc:c6:fb:e8:2b:55:
         fc:a2:67:a6:4f:c3:bc:07:f9:d3:ca:50:33:c7:39:f0:d5:e6:
         f5:d2:0e:2c:17:fa:48:35:57:ba:25:44:11:12:93:23:ee:b0:
         ad:4f:e4:02:57:16:a9:a3:26:34:91:9f:c3:76:2f:07:57:00:
         09:8e:03:06:70:93:b6:5b:9a:9b:a9:96:b4:41:68:ee:19:48:
         40:b8:02:56:5b:40:b9:37:d4:3e:80:a7:2e:f0:a0:24:49:fd:
         d0:cf:59:3b:2d:e7:95:0b:4f:d4:b0:bf:8b:0c:b9:8d:5e:bb:
         04:ac:ee:6f:c1:64:58:71:af:54:01:fe:69:39:bf:44:90:95:
         03:b1:68:c6:2b:ee:72:96:ef:de:ec:96:d0:2c:26:a3:47:34:
         4e:df:64:8e:4f:7a:21:99:1b:20:20:9b:73:ac:a4:e5:83:7e:
         8e:a4:9b:50:af:74:3c:f2:d7:c0:81:56:4f:e7:6d:2c:3a:9d:
         ee:f3:8b:f5:36:3b:5a:25:03:db:de:7e:20:13:dd:ae:5b:37:
         72:92:7d:9d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQFMFKirFpPsZKZ3p/YiNRBhslzgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDExMDYwNzM4MjdaFw0yNTExMDUwNzQzMjdaMDMxMTAvBgNV
BAMTKEUzNzAzM0Y1RDhDNUE2QjE1MUVGNzI4MDk5MkI2MUQ4QUNDRTUzQUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR/l0WoHPWJ5iDZfsa6atpE5Fj
zXtJx6JuLgZvz5b5DdJMYQrSvNPNJ/6/wYiGU2Fp1dVhisKBF/Fmymh03Qcp9cN5
Ua4B9FrCfSo8TEiE//YdDs2uHS9mxoJw1nruK+0XNLPLjd4fizgX7yYkxwyzj2yg
ylXWAcW55in0mbvATbbzOc7bfbH5/1TGbGuouZIiJvLrkW6VuOR6UuB8klrTGZe2
Tm1Y+L1ayppU7XGjEWiQ4nM7WgE2hzHP7nxtd+Jer+6Kub9Whm08Y1ksPojSsPN9
iac5MwYJDh8riWFaaXoCkENcPfF/jIMd1u+JysAMP4sQ7wgmfpNSkKMANJ9HAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU43Az9djFprFR73KAmSth2KzOU64wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzYzMjJlMzMyZTMxMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMjMyMzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+AxIw
DQYJKoZIhvcNAQELBQADggEBAF6vLOugKq4JCFobk/mGnA0zlcy4OOrFrK9u3H6t
sALNx++SinylpOzHxiyqceicW8zG++grVfyiZ6ZPw7wH+dPKUDPHOfDV5vXSDiwX
+kg1V7olRBESkyPusK1P5AJXFqmjJjSRn8N2LwdXAAmOAwZwk7ZbmpuplrRBaO4Z
SEC4AlZbQLk31D6Apy7woCRJ/dDPWTst55ULT9Swv4sMuY1euwSs7m/BZFhxr1QB
/mk5v0SQlQOxaMYr7nKW797sltAsJqNHNE7fZI5PeiGZGyAgm3OspOWDfo6km1Cv
dDzy18CBVk/nbSw6ne7zi/U2O1olA9vefiAT3a5bN3KSfZ0=
-----END CERTIFICATE-----