Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323931.roa
File:                     36322e332e31382e302f32342d3234203d3e20323136323931.roa (raw, json)
Hash identifier:          QsHqhMAAOg+yN2UuD09cpqBIOAloLRGtRUoj918Rt9U=
Subject key identifier:   3E:76:2A:84:D6:AE:7A:2D:38:7E:A8:66:AA:F4:C0:0C:72:96:8D:35
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       4AA0ACD574D9B21B06D9002B1FA1D03CB8002A03
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323931.roa
Signing time:             Wed 06 Dec 2023 07:32:28 +0000
ROA not before:           Wed 06 Dec 2023 07:27:28 +0000
ROA not after:            Wed 04 Dec 2024 07:32:28 +0000
asID:                     216291
IP address blocks:        62.3.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 13:20:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:a0:ac:d5:74:d9:b2:1b:06:d9:00:2b:1f:a1:d0:3c:b8:00:2a:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Dec  6 07:27:28 2023 GMT
            Not After : Dec  4 07:32:28 2024 GMT
        Subject: CN=3E762A84D6AE7A2D387EA866AAF4C00C72968D35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d2:50:d8:03:6b:47:97:8f:d6:aa:18:09:25:
                    04:40:78:fd:78:9f:83:5a:f5:ad:80:c3:0e:8c:e7:
                    ad:3a:5f:72:04:a2:42:7e:08:d6:01:97:ac:a7:d7:
                    89:d6:b7:97:28:88:d0:91:2b:41:ce:96:8f:7b:1b:
                    48:98:04:49:ab:97:ca:15:5c:04:8b:94:bb:66:7c:
                    f9:60:12:40:43:bd:d0:b1:24:ae:28:55:48:bc:31:
                    2c:d7:59:07:b2:c4:fe:47:c0:79:3d:2a:9d:9e:79:
                    ee:d7:a7:b5:9b:99:22:0e:44:ae:1a:d1:62:5b:d7:
                    a0:e3:ea:2d:56:f7:1c:4a:6f:c1:49:70:15:7e:e7:
                    fe:12:d3:59:82:91:11:d1:6b:98:67:86:90:31:f5:
                    7e:b2:3c:61:f6:a4:d9:8e:ba:87:ac:78:0e:8f:8f:
                    48:53:24:6e:9f:2e:e7:97:fe:f8:04:af:4f:4f:9e:
                    75:45:cf:1f:fc:72:ad:f6:0e:c5:e5:b7:d4:f0:c3:
                    21:c3:9a:cf:30:89:ae:d0:28:0f:36:8b:4c:bf:38:
                    3f:7f:60:c2:3e:e4:59:d7:2c:67:43:55:ed:b7:eb:
                    b2:d9:1a:8b:f6:40:e1:1d:07:5d:9e:7a:0f:c5:6e:
                    39:ed:00:48:db:98:a0:40:15:c5:c0:50:c4:3b:32:
                    67:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:76:2A:84:D6:AE:7A:2D:38:7E:A8:66:AA:F4:C0:0C:72:96:8D:35
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:d7:24:f1:3b:d3:02:7c:88:ac:25:55:fa:10:f2:6c:62:12:
         b1:0e:b8:83:03:06:31:5f:79:06:16:27:2c:de:2c:7a:c8:a7:
         da:54:47:14:4d:e3:b4:48:af:fd:de:26:50:cb:da:ac:d6:40:
         ee:fb:7c:47:9a:82:58:c2:64:ad:7c:84:d2:b0:30:5a:e1:7d:
         82:38:f3:87:33:62:e8:6f:61:6b:d5:af:de:87:61:93:9a:c1:
         29:ac:65:a4:c6:fd:30:b1:c6:4b:86:a5:7c:93:ea:5f:07:ab:
         d1:19:8f:8a:e8:70:09:15:bf:f3:a3:75:b8:e6:e1:63:25:85:
         17:05:63:6c:60:8a:0b:06:f7:a1:f4:0a:42:a9:ac:0a:ad:89:
         ef:17:31:7c:6d:09:b2:a9:a0:d5:ec:fd:a0:d0:4b:75:ce:38:
         f7:c0:0f:e4:c2:59:96:76:17:69:77:2e:26:a5:73:e6:2a:f1:
         62:ed:0b:1e:de:9b:bb:6a:b0:4c:27:60:21:39:0a:41:a4:d5:
         36:fc:cf:7c:a2:01:b2:b7:8d:22:27:eb:bc:b4:7d:3c:ac:91:
         31:2b:45:79:21:f4:af:34:6f:3c:af:52:6f:29:d2:e1:a6:89:
         60:ab:02:47:d5:a4:66:9f:d1:0f:e7:f9:ca:91:68:65:ae:9d:
         96:58:b1:cf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSqCs1XTZshsG2QArH6HQPLgAKgMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzEyMDYwNzI3MjhaFw0yNDEyMDQwNzMyMjhaMDMxMTAvBgNV
BAMTKDNFNzYyQTg0RDZBRTdBMkQzODdFQTg2NkFBRjRDMDBDNzI5NjhEMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB0lDYA2tHl4/WqhgJJQRAeP14
n4Na9a2Aww6M5606X3IEokJ+CNYBl6yn14nWt5coiNCRK0HOlo97G0iYBEmrl8oV
XASLlLtmfPlgEkBDvdCxJK4oVUi8MSzXWQeyxP5HwHk9Kp2eee7Xp7WbmSIORK4a
0WJb16Dj6i1W9xxKb8FJcBV+5/4S01mCkRHRa5hnhpAx9X6yPGH2pNmOuoeseA6P
j0hTJG6fLueX/vgEr09PnnVFzx/8cq32DsXlt9TwwyHDms8wia7QKA82i0y/OD9/
YMI+5FnXLGdDVe2367LZGov2QOEdB12eeg/FbjntAEjbmKBAFcXAUMQ7MmeHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUPnYqhNauei04fqhmqvTADHKWjTUwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzYzMjJlMzMyZTMxMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMjM5MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+AxIw
DQYJKoZIhvcNAQELBQADggEBALTXJPE70wJ8iKwlVfoQ8mxiErEOuIMDBjFfeQYW
JyzeLHrIp9pURxRN47RIr/3eJlDL2qzWQO77fEeagljCZK18hNKwMFrhfYI484cz
YuhvYWvVr96HYZOawSmsZaTG/TCxxkuGpXyT6l8Hq9EZj4rocAkVv/Ojdbjm4WMl
hRcFY2xgigsG96H0CkKprAqtie8XMXxtCbKpoNXs/aDQS3XOOPfAD+TCWZZ2F2l3
Lialc+Yq8WLtCx7em7tqsEwnYCE5CkGk1Tb8z3yiAbK3jSIn67y0fTyskTErRXkh
9K80bzyvUm8p0uGmiWCrAkfVpGaf0Q/n+cqRaGWunZZYsc8=
-----END CERTIFICATE-----
Generated at Mon Oct 14 15:19:45 2024 by rpki-client on console-fra.rpki-client.org