Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e36332e302f32342d3234203d3e2039333034.roa
File:                     36322e3134312e36332e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          8UNVBIgCV5RhXsK6cBrETcMUrb8ewxJdVYkatZFSQ+A=
Subject key identifier:   AE:CC:AF:D4:35:44:50:12:95:5B:96:C6:31:B4:25:11:19:42:27:A3
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       5D1FF49BEB12A744EAE605AAD946CBEE39649A60
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e36332e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 02 Jun 2025 16:10:31 +0000
ROA not before:           Mon 02 Jun 2025 16:05:31 +0000
ROA not after:            Mon 01 Jun 2026 16:10:31 +0000
asID:                     9304
IP address blocks:        62.141.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 00:06:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:1f:f4:9b:eb:12:a7:44:ea:e6:05:aa:d9:46:cb:ee:39:64:9a:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: Jun  2 16:05:31 2025 GMT
            Not After : Jun  1 16:10:31 2026 GMT
        Subject: CN=AECCAFD435445012955B96C631B42511194227A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:56:ec:5b:3d:7f:8d:da:37:85:36:02:77:40:
                    dc:1c:d2:5d:83:48:53:f2:09:0d:ef:ae:52:d0:20:
                    bd:49:54:d2:15:92:68:45:e1:0a:a1:e9:0b:88:e5:
                    e5:ee:7f:81:7f:60:60:06:d2:97:d7:e5:dd:7d:d7:
                    04:4f:9d:b6:38:4c:30:ba:3c:f3:6f:c8:8e:0b:2a:
                    bb:11:6a:e8:d9:35:09:23:5c:51:9b:cc:bd:54:4d:
                    d5:6b:8c:bb:73:d0:16:b2:b1:0e:3d:40:2a:f3:1a:
                    4a:8f:d3:21:5d:6d:00:8c:22:45:79:24:6a:47:eb:
                    61:1d:f3:94:64:a4:5f:21:1a:65:56:31:3d:bc:a8:
                    98:b1:57:32:d8:a5:b2:29:88:1b:1c:2d:ad:9a:a5:
                    e7:83:a2:28:ad:f3:5f:25:bd:fc:e9:cb:79:ce:ed:
                    e8:86:38:74:4e:64:3c:a3:58:d3:1d:ec:dc:dd:23:
                    d8:d8:3c:91:00:01:fb:23:ec:db:f0:5e:35:b0:56:
                    ba:8d:dd:fc:1e:42:a0:27:1e:4a:28:70:ac:5a:19:
                    f9:3a:7e:73:27:89:8f:f8:aa:c0:0f:47:e8:61:cf:
                    03:2a:a3:f1:3b:f9:85:6f:66:f3:05:9b:1b:2d:d7:
                    5e:e6:c0:f8:6a:1b:ad:d4:54:96:8b:46:77:7c:a9:
                    62:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:CC:AF:D4:35:44:50:12:95:5B:96:C6:31:B4:25:11:19:42:27:A3
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e36332e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.141.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:94:43:ee:a0:46:52:af:81:e7:7b:75:96:7f:fd:6c:4c:0f:
         85:68:3f:08:fa:a5:44:4b:aa:f8:5e:a3:af:7d:23:56:f0:f4:
         10:db:23:d0:c9:f3:4f:89:46:55:cd:70:a1:31:e9:9e:3a:53:
         87:f0:ae:ba:17:cf:e8:d3:78:47:55:e2:a1:02:64:03:fa:f8:
         4a:0d:7a:d1:15:1d:b3:17:a6:77:a6:54:22:03:32:3b:83:83:
         1d:53:b1:a6:ad:71:e6:82:76:fa:3c:19:ae:f9:f4:39:cb:ac:
         0b:24:a6:93:3e:21:49:5a:fb:12:b5:60:34:44:07:38:c4:69:
         45:d8:1f:9b:54:99:d9:6d:b6:53:fe:06:45:f8:f3:cd:e0:0e:
         0e:37:bd:10:8d:a9:95:8a:95:00:70:f3:56:a7:57:de:18:f7:
         3a:f2:f5:6d:fb:31:da:67:6b:15:67:64:3a:5e:17:04:c3:01:
         ff:44:22:89:8d:46:a2:3f:0f:a2:9e:7e:3d:57:79:77:ba:e4:
         a7:d4:40:ca:f3:2d:c9:12:26:dc:c3:4f:b8:57:bc:3d:5e:44:
         8e:c4:9e:1d:da:bb:e0:ff:f8:f3:b6:68:86:3a:8e:ab:61:29:
         1d:dc:43:aa:ef:fe:7e:ea:1d:ee:0c:95:37:86:8b:08:88:00:
         3f:64:17:99
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXR/0m+sSp0Tq5gWq2UbL7jlkmmAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNTA2MDIxNjA1MzFaFw0yNjA2MDExNjEwMzFaMDMxMTAvBgNV
BAMTKEFFQ0NBRkQ0MzU0NDUwMTI5NTVCOTZDNjMxQjQyNTExMTk0MjI3QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmVuxbPX+N2jeFNgJ3QNwc0l2D
SFPyCQ3vrlLQIL1JVNIVkmhF4Qqh6QuI5eXuf4F/YGAG0pfX5d191wRPnbY4TDC6
PPNvyI4LKrsRaujZNQkjXFGbzL1UTdVrjLtz0BaysQ49QCrzGkqP0yFdbQCMIkV5
JGpH62Ed85RkpF8hGmVWMT28qJixVzLYpbIpiBscLa2apeeDoiit818lvfzpy3nO
7eiGOHROZDyjWNMd7NzdI9jYPJEAAfsj7NvwXjWwVrqN3fweQqAnHkoocKxaGfk6
fnMniY/4qsAPR+hhzwMqo/E7+YVvZvMFmxst117mwPhqG63UVJaLRnd8qWILAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUrsyv1DVEUBKVW5bGMbQlERlCJ6MwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzYzMjJlMzEzNDMxMmUzNjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+jT8w
DQYJKoZIhvcNAQELBQADggEBAJCUQ+6gRlKvged7dZZ//WxMD4VoPwj6pURLqvhe
o699I1bw9BDbI9DJ80+JRlXNcKEx6Z46U4fwrroXz+jTeEdV4qECZAP6+EoNetEV
HbMXpnemVCIDMjuDgx1TsaatceaCdvo8Ga759DnLrAskppM+IUla+xK1YDREBzjE
aUXYH5tUmdlttlP+BkX4883gDg43vRCNqZWKlQBw81anV94Y9zry9W37MdpnaxVn
ZDpeFwTDAf9EIomNRqI/D6Kefj1XeXe65KfUQMrzLckSJtzDT7hXvD1eRI7Enh3a
u+D/+PO2aIY6jqthKR3cQ6rv/n7qHe4MlTeGiwiIAD9kF5k=
-----END CERTIFICATE-----