Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e35362e302f32322d3234203d3e203331313033.roa
File:                     36322e3134312e35362e302f32322d3234203d3e203331313033.roa (raw, json)
Hash identifier:          f2uzGttju8CJhu3pIUGxsulMOt6+VibQadUSWlj55ZA=
Subject key identifier:   5C:77:D2:81:82:B3:2D:03:DE:3A:31:6E:57:71:95:1A:53:C0:CC:96
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       6CCB4FABFE2484B968561C8814F6A22F2620A653
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e35362e302f32322d3234203d3e203331313033.roa
Signing time:             Mon 19 May 2025 12:51:17 +0000
ROA not before:           Mon 19 May 2025 12:46:17 +0000
ROA not after:            Mon 18 May 2026 12:51:17 +0000
asID:                     31103
IP address blocks:        62.141.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:cb:4f:ab:fe:24:84:b9:68:56:1c:88:14:f6:a2:2f:26:20:a6:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: May 19 12:46:17 2025 GMT
            Not After : May 18 12:51:17 2026 GMT
        Subject: CN=5C77D28182B32D03DE3A316E5771951A53C0CC96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:bd:06:81:d0:c0:f4:56:37:be:e2:48:83:07:
                    7e:f7:37:a0:1b:e3:14:90:3c:db:04:ae:cd:2a:a1:
                    42:b2:aa:0e:29:81:59:5b:84:b5:e5:77:bb:1f:44:
                    a9:8a:95:31:0f:69:07:85:dc:c9:bd:cc:5d:d1:8a:
                    7d:d0:7b:5b:ea:13:4b:ce:b5:55:d8:cc:b6:5a:ed:
                    86:b9:10:12:44:4c:8b:1f:3e:50:48:12:35:4a:9c:
                    f2:6e:90:5d:b4:c5:6f:84:6b:d6:17:af:8f:b2:d3:
                    45:28:ad:70:d8:32:2a:58:d6:97:08:37:52:49:91:
                    99:a8:d2:4b:6f:3a:08:a0:87:28:38:aa:d4:f7:5e:
                    91:fe:84:28:41:3b:6e:fb:a2:42:e5:30:83:39:60:
                    2a:af:16:31:ce:53:15:c8:67:8b:1c:f4:9d:73:87:
                    88:bd:59:9b:6a:29:65:a1:a3:26:14:06:da:e8:72:
                    33:63:c4:b2:b2:f7:e2:c7:5f:3e:79:c6:0d:25:c0:
                    1a:43:5c:7f:fb:e3:11:a3:31:c8:0f:02:06:9b:fd:
                    4a:4f:30:00:c9:55:1a:a7:2f:81:9a:13:0b:96:9c:
                    80:24:22:51:0e:77:05:4a:c1:9d:b9:80:c9:c3:70:
                    ee:f9:ad:e9:25:b0:b7:a2:4b:04:59:75:a3:be:14:
                    3a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:77:D2:81:82:B3:2D:03:DE:3A:31:6E:57:71:95:1A:53:C0:CC:96
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e35362e302f32322d3234203d3e203331313033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.141.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:f4:c9:73:08:91:0f:3b:4a:b4:34:8e:ea:69:3d:d0:06:8d:
         e9:24:3c:7c:4a:de:a0:f9:7c:78:39:6f:ff:f1:58:f5:d9:c0:
         cd:9e:31:69:56:67:bf:6c:67:f7:a8:5f:05:38:31:45:78:fb:
         5e:ce:39:d6:d8:9e:29:dd:99:be:b3:8f:54:e8:ff:f7:2e:46:
         1c:26:e8:88:83:6b:22:32:53:16:f0:87:36:51:e4:ea:6f:12:
         61:8f:f4:5c:35:29:1d:fa:e7:81:92:73:99:f5:16:c5:c3:43:
         40:83:b7:8b:68:04:8a:db:1c:69:fa:d2:96:da:cf:0c:10:fb:
         b5:88:01:18:51:47:a4:05:db:c2:85:c9:aa:c5:ba:de:74:11:
         47:6b:c5:d5:11:b7:17:1f:a9:2c:2c:20:b0:63:13:95:b9:2f:
         2b:51:b3:23:02:71:a6:a7:ce:87:b9:2a:e2:94:cf:1f:fc:2e:
         d0:ab:8a:05:61:82:0d:c9:4f:9a:65:de:c9:6d:f4:1d:3d:76:
         b7:7f:58:64:f7:09:6c:5d:cb:68:ae:56:2b:bf:01:9a:78:60:
         e3:1a:7c:62:ab:7f:ff:59:e9:ea:5b:70:8d:6a:c4:37:c1:79:
         98:d7:67:f0:8b:02:54:50:5d:60:28:d1:f7:c2:4f:dd:28:a3:
         92:e9:53:d5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbMtPq/4khLloVhyIFPaiLyYgplMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNTA1MTkxMjQ2MTdaFw0yNjA1MTgxMjUxMTdaMDMxMTAvBgNV
BAMTKDVDNzdEMjgxODJCMzJEMDNERTNBMzE2RTU3NzE5NTFBNTNDMENDOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+vQaB0MD0Vje+4kiDB373N6Ab
4xSQPNsErs0qoUKyqg4pgVlbhLXld7sfRKmKlTEPaQeF3Mm9zF3Rin3Qe1vqE0vO
tVXYzLZa7Ya5EBJETIsfPlBIEjVKnPJukF20xW+Ea9YXr4+y00UorXDYMipY1pcI
N1JJkZmo0ktvOgighyg4qtT3XpH+hChBO277okLlMIM5YCqvFjHOUxXIZ4sc9J1z
h4i9WZtqKWWhoyYUBtrocjNjxLKy9+LHXz55xg0lwBpDXH/74xGjMcgPAgab/UpP
MADJVRqnL4GaEwuWnIAkIlEOdwVKwZ25gMnDcO75reklsLeiSwRZdaO+FDqhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXHfSgYKzLQPeOjFuV3GVGlPAzJYwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzYzMjJlMzEzNDMxMmUzNTM2
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzMzMTMxMzAzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAj6N
ODANBgkqhkiG9w0BAQsFAAOCAQEAHPTJcwiRDztKtDSO6mk90AaN6SQ8fEreoPl8
eDlv//FY9dnAzZ4xaVZnv2xn96hfBTgxRXj7Xs451tieKd2ZvrOPVOj/9y5GHCbo
iINrIjJTFvCHNlHk6m8SYY/0XDUpHfrngZJzmfUWxcNDQIO3i2gEitscafrSltrP
DBD7tYgBGFFHpAXbwoXJqsW63nQRR2vF1RG3Fx+pLCwgsGMTlbkvK1GzIwJxpqfO
h7kq4pTPH/wu0KuKBWGCDclPmmXeyW30HT12t39YZPcJbF3LaK5WK78Bmnhg4xp8
Yqt//1np6ltwjWrEN8F5mNdn8IsCVFBdYCjR98JP3SijkulT1Q==
-----END CERTIFICATE-----