Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323931.roa
File:                     36322e332e31382e302f32342d3234203d3e20323136323931.roa (raw, json)
Hash identifier:          Mv5UcVUln6H+m2ppbCqxuT1Ft1vn2bxsaMxY5fGcRzU=
Subject key identifier:   27:89:65:66:A7:00:5D:97:7B:42:AE:37:E6:A3:A8:AA:D0:EC:85:1B
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       573BB25462AFA58B7D26C494DA8821D7063EB5B3
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323931.roa
Signing time:             Wed 08 Oct 2025 07:55:08 +0000
ROA not before:           Wed 08 Oct 2025 07:50:08 +0000
ROA not after:            Wed 07 Oct 2026 07:55:08 +0000
asID:                     216291
IP address blocks:        62.3.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:3b:b2:54:62:af:a5:8b:7d:26:c4:94:da:88:21:d7:06:3e:b5:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Oct  8 07:50:08 2025 GMT
            Not After : Oct  7 07:55:08 2026 GMT
        Subject: CN=27896566A7005D977B42AE37E6A3A8AAD0EC851B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b1:38:66:be:de:dc:cf:9a:dc:fd:5b:a9:85:
                    35:60:4a:a6:a9:a8:5f:fd:ae:70:4e:e0:79:82:d7:
                    75:5b:17:9d:a5:2c:11:07:0e:d5:46:7f:2f:ef:f6:
                    85:71:87:4a:36:16:fd:2c:b6:0c:76:20:e1:0a:70:
                    ef:23:ea:a5:7c:c2:81:b4:48:08:7d:2d:58:8e:3b:
                    3f:5c:f0:e1:49:0f:00:2c:ac:fa:51:71:54:da:14:
                    8f:f8:c6:fc:d0:25:7a:ef:d0:f9:af:5c:61:1d:e6:
                    2b:f0:6b:35:cd:8f:de:3b:4a:6b:6d:4e:1b:03:fb:
                    ec:c4:16:7d:1d:01:0a:b7:9a:a1:c8:fb:bd:10:28:
                    8c:70:ea:fb:ae:c5:32:2f:bc:3d:24:17:50:90:03:
                    88:54:f6:a5:7f:10:b5:47:53:b9:a0:c1:ce:b2:21:
                    de:f6:a2:09:8c:47:1c:30:d7:cb:53:5b:65:49:09:
                    c8:7a:87:a5:d6:0a:6f:87:4d:f9:46:a7:3b:c0:78:
                    c0:22:42:71:13:78:e7:c6:52:0d:ca:7a:ff:97:dc:
                    72:0e:88:e2:29:39:4f:f9:23:49:d8:87:fb:1f:5c:
                    4a:4e:88:80:cb:d9:f3:6b:2f:93:ac:3d:c1:92:d2:
                    a2:e4:53:33:86:82:a2:e6:db:55:9e:02:e6:b2:a7:
                    5f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:89:65:66:A7:00:5D:97:7B:42:AE:37:E6:A3:A8:AA:D0:EC:85:1B
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/36322e332e31382e302f32342d3234203d3e20323136323931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:7a:c8:76:be:22:2c:6b:e5:a4:53:bc:be:f6:a5:5a:c9:e2:
         3f:54:88:0c:23:4c:f9:51:e6:a9:f5:09:cd:90:3d:89:18:f8:
         eb:85:93:cc:a6:8c:d2:9e:41:51:54:39:e5:a6:ac:a4:65:32:
         6e:31:36:cf:25:62:ca:da:44:29:ea:d2:5f:b2:79:d3:80:e1:
         11:c7:37:94:a1:7e:17:af:eb:87:19:a9:39:20:8f:84:4e:4b:
         7b:b9:2b:ad:ea:76:81:5f:a0:5c:e4:9d:32:69:1f:e9:db:52:
         05:b9:64:92:7f:d7:31:93:f3:85:19:b7:30:26:8f:75:e5:aa:
         dc:72:56:93:a8:e2:fc:27:d0:ca:e2:37:b4:03:b9:b2:d8:bb:
         d3:92:22:79:ad:fe:c3:cd:5d:01:dd:94:4f:83:60:37:91:bc:
         e5:b8:62:22:61:53:33:bf:2f:4a:da:da:27:45:2d:33:6f:13:
         ee:08:f1:ed:f2:db:2b:a1:b3:66:f7:12:1a:8c:01:f0:6c:f8:
         f0:01:72:4e:43:70:f9:e4:1a:e8:2d:c3:c7:1f:7e:ae:2b:43:
         e0:81:75:73:7c:11:5b:cb:7b:05:de:07:41:7b:2d:f4:6e:0a:
         32:25:43:76:4e:bb:2b:67:ce:53:dc:ac:51:2f:04:d8:a0:b9:
         84:21:bf:65
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVzuyVGKvpYt9JsSU2ogh1wY+tbMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTEwMDgwNzUwMDhaFw0yNjEwMDcwNzU1MDhaMDMxMTAvBgNV
BAMTKDI3ODk2NTY2QTcwMDVEOTc3QjQyQUUzN0U2QTNBOEFBRDBFQzg1MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXsThmvt7cz5rc/VuphTVgSqap
qF/9rnBO4HmC13VbF52lLBEHDtVGfy/v9oVxh0o2Fv0stgx2IOEKcO8j6qV8woG0
SAh9LViOOz9c8OFJDwAsrPpRcVTaFI/4xvzQJXrv0PmvXGEd5ivwazXNj947Smtt
ThsD++zEFn0dAQq3mqHI+70QKIxw6vuuxTIvvD0kF1CQA4hU9qV/ELVHU7mgwc6y
Id72ogmMRxww18tTW2VJCch6h6XWCm+HTflGpzvAeMAiQnETeOfGUg3Kev+X3HIO
iOIpOU/5I0nYh/sfXEpOiIDL2fNrL5OsPcGS0qLkUzOGgqLm21WeAuayp18lAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJ4llZqcAXZd7Qq435qOoqtDshRswHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzYzMjJlMzMyZTMxMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzYzMjM5MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+AxIw
DQYJKoZIhvcNAQELBQADggEBAIF6yHa+Iixr5aRTvL72pVrJ4j9UiAwjTPlR5qn1
Cc2QPYkY+OuFk8ymjNKeQVFUOeWmrKRlMm4xNs8lYsraRCnq0l+yedOA4RHHN5Sh
fhev64cZqTkgj4ROS3u5K63qdoFfoFzknTJpH+nbUgW5ZJJ/1zGT84UZtzAmj3Xl
qtxyVpOo4vwn0MriN7QDubLYu9OSInmt/sPNXQHdlE+DYDeRvOW4YiJhUzO/L0ra
2idFLTNvE+4I8e3y2yuhs2b3EhqMAfBs+PABck5DcPnkGugtw8cffq4rQ+CBdXN8
EVvLewXeB0F7LfRuCjIlQ3ZOuytnzlPcrFEvBNiguYQhv2U=
-----END CERTIFICATE-----