Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e34382e302f32302d3234203d3e203331313033.roa
File:                     36322e3134312e34382e302f32302d3234203d3e203331313033.roa (raw, json)
Hash identifier:          7kS8tD2VPFJgzQMEBZw7SCA8TRbBCEG0Eqq6iX7Hcz4=
Subject key identifier:   68:BA:06:A0:1D:A5:0D:80:D4:C0:5E:E7:46:73:29:1D:20:DC:D8:D0
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       5D1775DEB72EAAEA9352480B3C26BF4D661B2821
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e34382e302f32302d3234203d3e203331313033.roa
Signing time:             Fri 31 May 2024 13:51:24 +0000
ROA not before:           Fri 31 May 2024 13:46:24 +0000
ROA not after:            Fri 30 May 2025 13:51:24 +0000
asID:                     31103
IP address blocks:        62.141.48.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 13:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:17:75:de:b7:2e:aa:ea:93:52:48:0b:3c:26:bf:4d:66:1b:28:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: May 31 13:46:24 2024 GMT
            Not After : May 30 13:51:24 2025 GMT
        Subject: CN=68BA06A01DA50D80D4C05EE74673291D20DCD8D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:64:6f:f5:89:71:e6:3b:88:ff:93:69:90:f9:
                    6e:0a:00:7a:9a:23:5e:30:6a:a3:09:bc:1b:c3:92:
                    17:8f:7e:c0:32:de:d1:ed:2e:a8:c1:d7:94:95:b8:
                    8e:6c:ae:d2:52:5c:f3:ef:01:05:38:6c:d4:9c:cf:
                    36:31:44:1f:f8:c5:47:5e:68:f6:b5:8a:74:94:9f:
                    54:91:4a:86:08:13:0c:78:f7:22:51:56:a2:b4:8f:
                    3e:37:66:28:ea:2d:9b:c0:15:a4:b9:ad:ca:94:22:
                    be:b9:79:e5:8d:dd:1e:50:c4:a2:df:16:64:c4:b7:
                    f5:34:31:d2:04:05:7f:db:d2:f9:75:03:7d:8e:3d:
                    6f:6e:2f:aa:eb:5e:ae:ea:76:06:1a:99:bc:9c:01:
                    bb:2a:3f:6f:0a:d9:4f:a9:37:18:a1:13:67:74:99:
                    6b:3e:0b:f8:47:55:d4:f6:df:99:7e:f5:ef:f6:5d:
                    3f:30:13:6c:43:9c:9e:a7:ea:7e:b6:c3:84:93:10:
                    a4:85:79:89:af:f5:e9:c0:e7:42:16:a4:83:dd:7c:
                    32:a7:1c:05:68:27:8a:76:b0:ee:da:1a:89:ce:47:
                    e1:f0:da:b1:b8:f6:a5:1e:08:05:0d:40:c3:40:eb:
                    cf:46:d3:d3:9e:c2:39:1b:55:f8:10:e3:51:12:56:
                    4c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:BA:06:A0:1D:A5:0D:80:D4:C0:5E:E7:46:73:29:1D:20:DC:D8:D0
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e34382e302f32302d3234203d3e203331313033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.141.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1e:8d:6c:e7:44:1f:5f:9e:37:8c:70:b7:e3:d8:0a:30:36:8c:
         cc:c4:43:f6:28:0a:74:68:d6:6b:e0:b2:59:7b:60:14:76:72:
         70:0f:37:47:a4:f8:12:3d:54:88:11:a9:10:34:19:6d:ce:19:
         81:6a:af:6f:54:5a:69:f7:ef:bb:df:db:33:bc:c1:12:d4:02:
         d9:eb:6b:b5:6a:3a:e0:3e:0c:35:2d:c6:d1:60:ae:8b:10:f8:
         9a:7d:85:0c:01:07:5b:9e:73:af:0b:37:88:7f:e3:6a:9a:4a:
         bf:c9:fb:45:9b:80:a5:b7:d6:98:cc:14:f3:ef:fe:08:96:8e:
         52:46:02:56:0f:b0:ea:17:2a:47:4b:96:7a:59:8a:c2:82:16:
         96:96:01:09:c4:bf:44:86:cd:0c:09:1c:81:42:17:8f:b7:48:
         97:7b:25:07:fb:97:34:08:7e:05:b9:e0:50:ed:f1:5f:b3:bf:
         2f:0a:28:1b:c8:17:46:69:34:f4:a3:b0:c7:dc:94:de:99:c0:
         52:c6:7e:59:0b:b1:6c:09:db:7c:6e:d8:ec:e5:21:ac:49:14:
         f2:44:11:de:af:b2:5b:68:4b:de:2a:91:85:f7:44:b1:9f:eb:
         b6:2f:cf:f7:dc:b6:20:db:5d:6b:95:5b:24:af:48:f4:b8:96:
         2b:54:6f:9e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXRd13rcuquqTUkgLPCa/TWYbKCEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNDA1MzExMzQ2MjRaFw0yNTA1MzAxMzUxMjRaMDMxMTAvBgNV
BAMTKDY4QkEwNkEwMURBNTBEODBENEMwNUVFNzQ2NzMyOTFEMjBEQ0Q4RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnZG/1iXHmO4j/k2mQ+W4KAHqa
I14waqMJvBvDkhePfsAy3tHtLqjB15SVuI5srtJSXPPvAQU4bNSczzYxRB/4xUde
aPa1inSUn1SRSoYIEwx49yJRVqK0jz43ZijqLZvAFaS5rcqUIr65eeWN3R5QxKLf
FmTEt/U0MdIEBX/b0vl1A32OPW9uL6rrXq7qdgYambycAbsqP28K2U+pNxihE2d0
mWs+C/hHVdT235l+9e/2XT8wE2xDnJ6n6n62w4STEKSFeYmv9enA50IWpIPdfDKn
HAVoJ4p2sO7aGonOR+Hw2rG49qUeCAUNQMNA689G09OewjkbVfgQ41ESVkzhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUaLoGoB2lDYDUwF7nRnMpHSDc2NAwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzYzMjJlMzEzNDMxMmUzNDM4
MmUzMDJmMzIzMDJkMzIzNDIwM2QzZTIwMzMzMTMxMzAzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBD6N
MDANBgkqhkiG9w0BAQsFAAOCAQEAHo1s50QfX543jHC349gKMDaMzMRD9igKdGjW
a+CyWXtgFHZycA83R6T4Ej1UiBGpEDQZbc4ZgWqvb1Raaffvu9/bM7zBEtQC2etr
tWo64D4MNS3G0WCuixD4mn2FDAEHW55zrws3iH/jappKv8n7RZuApbfWmMwU8+/+
CJaOUkYCVg+w6hcqR0uWelmKwoIWlpYBCcS/RIbNDAkcgUIXj7dIl3slB/uXNAh+
BbngUO3xX7O/LwooG8gXRmk09KOwx9yU3pnAUsZ+WQuxbAnbfG7Y7OUhrEkU8kQR
3q+yW2hL3iqRhfdEsZ/rti/P99y2INtda5VbJK9I9LiWK1Rvng==
-----END CERTIFICATE-----