Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323232.roa
File:                     36322e332e31382e302f32342d3234203d3e20323136323232.roa (raw, json)
Hash identifier:          MajDKQj6TT3ftlQyUu6udcC97wdoven2oRArp1abXjY=
Subject key identifier:   0B:C6:0A:C6:F0:76:8C:15:1C:0D:3F:EA:F5:6E:5C:D8:BE:62:C9:02
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       269B8CDEAAE2CADAB6BA010C4D7F6AB68A557F93
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323232.roa
Signing time:             Wed 06 Dec 2023 07:32:00 +0000
ROA not before:           Wed 06 Dec 2023 07:27:00 +0000
ROA not after:            Wed 04 Dec 2024 07:32:00 +0000
asID:                     216222
IP address blocks:        62.3.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:9b:8c:de:aa:e2:ca:da:b6:ba:01:0c:4d:7f:6a:b6:8a:55:7f:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Dec  6 07:27:00 2023 GMT
            Not After : Dec  4 07:32:00 2024 GMT
        Subject: CN=0BC60AC6F0768C151C0D3FEAF56E5CD8BE62C902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:54:3b:4c:cf:5f:5e:9b:a5:67:92:2f:7a:b6:
                    cf:a9:bd:c3:8a:73:18:c2:fa:e4:3c:a5:17:b4:47:
                    44:25:e3:94:b0:6f:e6:8a:37:a0:8a:b2:c7:1d:81:
                    20:c3:ae:61:77:5d:7f:8e:fd:9a:66:9f:d9:ab:fd:
                    8b:4e:5b:bc:47:13:e3:66:05:60:6b:e5:4a:d0:f6:
                    a9:08:2b:52:88:4d:17:4d:91:1d:89:a9:12:0f:7f:
                    80:2c:78:bf:67:46:e8:38:c7:19:76:80:94:6e:1b:
                    76:cb:5b:74:68:37:3e:27:7e:60:17:fe:a0:0c:5b:
                    8a:4e:6a:1c:54:79:51:45:18:5d:d5:b4:c6:0c:b0:
                    9b:c9:37:f8:79:ee:b0:9c:0c:f2:d5:7a:26:53:57:
                    6d:3c:3d:fb:5d:a3:4c:c3:71:11:12:7e:68:3a:29:
                    c6:63:e8:a9:9f:67:35:99:23:62:45:d5:5b:da:4e:
                    a6:31:4c:3c:ae:36:96:e1:c2:6d:ff:62:d1:54:e3:
                    a2:48:d8:dd:0f:b0:cf:82:34:22:12:31:54:63:80:
                    1a:de:d5:7b:70:26:8f:ca:b0:71:f4:5f:2e:99:14:
                    37:4d:63:e1:56:7d:a7:54:49:1a:d5:fc:8c:a3:80:
                    fe:c2:e6:25:db:73:3b:2d:79:03:c7:61:33:34:63:
                    c5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C6:0A:C6:F0:76:8C:15:1C:0D:3F:EA:F5:6E:5C:D8:BE:62:C9:02
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:f6:d4:b0:ff:e4:a2:ef:0e:0b:b9:fe:ab:ae:2d:02:61:d2:
         e3:6c:f1:30:1a:5c:09:cc:8c:46:20:e9:85:35:ea:ac:12:c2:
         9f:de:d0:02:d9:2c:ad:f5:76:5e:79:f6:61:6a:62:46:41:c0:
         26:2b:88:fb:9a:e7:29:d1:48:a5:10:da:9b:c3:6c:d6:a0:77:
         4d:c3:1f:29:d0:26:53:17:77:1c:1d:1e:c1:9e:5a:a9:be:0e:
         f5:b8:0e:75:58:fe:30:39:ff:9f:76:86:8e:c7:6d:3a:90:26:
         20:72:c3:7c:92:7c:51:78:09:83:40:63:cb:cb:fd:3c:16:44:
         f3:20:a3:84:3d:de:cd:25:e7:87:7f:3f:f6:d8:27:50:36:04:
         50:78:cf:d3:9b:6c:2b:14:a3:fa:b7:b6:11:25:93:12:98:40:
         13:be:2a:52:1f:08:da:5e:7b:0f:5f:bd:5f:87:0c:30:b1:01:
         b6:de:00:7f:13:4b:42:28:75:09:9b:2c:46:09:78:da:d5:53:
         a6:9b:f6:69:da:ea:65:35:b6:67:03:a5:b9:87:57:13:a3:2a:
         0c:a6:89:f4:ad:64:a4:d2:27:61:39:15:da:ff:12:f4:37:53:
         31:3f:d1:59:e2:9f:22:ac:38:27:e2:58:5b:56:fb:0c:d5:67:
         28:ba:f4:bf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJpuM3qriytq2ugEMTX9qtopVf5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzEyMDYwNzI3MDBaFw0yNDEyMDQwNzMyMDBaMDMxMTAvBgNV
BAMTKDBCQzYwQUM2RjA3NjhDMTUxQzBEM0ZFQUY1NkU1Q0Q4QkU2MkM5MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrVDtMz19em6Vnki96ts+pvcOK
cxjC+uQ8pRe0R0Ql45Swb+aKN6CKsscdgSDDrmF3XX+O/Zpmn9mr/YtOW7xHE+Nm
BWBr5UrQ9qkIK1KITRdNkR2JqRIPf4AseL9nRug4xxl2gJRuG3bLW3RoNz4nfmAX
/qAMW4pOahxUeVFFGF3VtMYMsJvJN/h57rCcDPLVeiZTV208Pftdo0zDcRESfmg6
KcZj6KmfZzWZI2JF1VvaTqYxTDyuNpbhwm3/YtFU46JI2N0PsM+CNCISMVRjgBre
1XtwJo/KsHH0Xy6ZFDdNY+FWfadUSRrV/IyjgP7C5iXbczsteQPHYTM0Y8WhAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUC8YKxvB2jBUcDT/q9W5c2L5iyQIwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzYzMjJlMzMyZTMxMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMjMyMzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+AxIw
DQYJKoZIhvcNAQELBQADggEBAAv21LD/5KLvDgu5/quuLQJh0uNs8TAaXAnMjEYg
6YU16qwSwp/e0ALZLK31dl559mFqYkZBwCYriPua5ynRSKUQ2pvDbNagd03DHynQ
JlMXdxwdHsGeWqm+DvW4DnVY/jA5/592ho7HbTqQJiByw3ySfFF4CYNAY8vL/TwW
RPMgo4Q93s0l54d/P/bYJ1A2BFB4z9ObbCsUo/q3thElkxKYQBO+KlIfCNpeew9f
vV+HDDCxAbbeAH8TS0IodQmbLEYJeNrVU6ab9mna6mU1tmcDpbmHVxOjKgymifSt
ZKTSJ2E5Fdr/EvQ3UzE/0VninyKsOCfiWFtW+wzVZyi69L8=
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org