Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/36322e332e382e302f32342d3234203d3e20323031333431.roa
File:                     36322e332e382e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          e56Div7/VO0jpnRJbKFyJ010FK2jwE6bNCEreMbwpK8=
Subject key identifier:   7E:06:F1:FD:29:89:7E:64:ED:13:C0:D1:A9:96:65:24:2E:9A:78:04
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       09B85E178B8EA00E6AEDF8E160BB11C152504E27
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/36322e332e382e302f32342d3234203d3e20323031333431.roa
Signing time:             Fri 27 Dec 2024 11:47:07 +0000
ROA not before:           Fri 27 Dec 2024 11:42:07 +0000
ROA not after:            Fri 26 Dec 2025 11:47:07 +0000
asID:                     201341
IP address blocks:        62.3.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:45:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:b8:5e:17:8b:8e:a0:0e:6a:ed:f8:e1:60:bb:11:c1:52:50:4e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Dec 27 11:42:07 2024 GMT
            Not After : Dec 26 11:47:07 2025 GMT
        Subject: CN=7E06F1FD29897E64ED13C0D1A99665242E9A7804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8f:73:db:bb:1f:a3:c8:f1:b3:04:a4:f5:e1:
                    d7:5f:4b:ca:9c:86:6f:31:d4:4a:88:0d:c0:ae:36:
                    c3:d9:5e:69:af:4a:59:a2:79:a1:40:d0:b6:bd:6b:
                    99:97:d2:da:89:b2:99:21:98:76:18:af:4d:2b:a7:
                    63:01:b9:f8:d4:c0:f4:af:87:40:17:d9:cd:45:f7:
                    f8:6a:d0:30:79:0b:a7:92:98:ef:77:95:48:b0:c6:
                    83:d9:6c:50:b3:22:2e:ec:70:a5:7e:5e:55:6a:05:
                    2e:2c:db:b6:81:3c:21:02:19:8a:09:2b:99:2d:62:
                    c2:98:4e:83:ac:c3:b4:43:4c:20:ca:9b:e6:a5:9d:
                    42:7b:05:fc:80:87:f6:39:0d:6a:9e:91:7a:90:1e:
                    cd:84:f2:e9:77:7c:3e:a4:f0:de:a4:a1:20:a3:3b:
                    5a:d8:b0:d2:09:24:b4:02:59:ea:b1:98:4a:a4:de:
                    a7:56:de:bf:e5:31:98:65:64:7a:69:7a:b9:8c:5b:
                    e3:06:91:55:86:ce:66:8c:ff:ca:20:b2:9c:59:72:
                    ca:92:da:d7:9e:7a:5b:b7:81:09:22:92:34:75:90:
                    91:6c:fe:21:54:a3:ee:67:68:83:04:a5:a4:00:08:
                    a9:29:f2:b0:c2:ee:f1:9f:1e:1b:6b:70:1b:9d:21:
                    89:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:06:F1:FD:29:89:7E:64:ED:13:C0:D1:A9:96:65:24:2E:9A:78:04
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/36322e332e382e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:00:5a:03:ec:15:4f:dd:1c:ef:df:5b:da:60:c9:90:b7:ab:
         da:ae:33:9f:ab:f9:5a:59:e2:e1:1e:33:c8:ed:21:b1:13:b1:
         29:70:5c:f1:8a:33:f0:7c:1e:b7:ec:dd:cd:10:dd:1a:6a:92:
         7f:1d:e6:aa:f6:a0:14:98:88:2b:76:33:26:2d:8d:e8:af:44:
         dc:81:68:23:01:3d:b9:53:55:c7:fe:b8:61:03:e1:4a:49:35:
         68:76:c1:ee:c7:41:f4:c6:21:20:36:26:14:fb:6c:00:ed:2a:
         c6:fe:9b:72:75:6d:3a:70:da:d6:c5:ba:1f:ba:12:83:d3:73:
         c2:e8:28:fe:a8:58:f1:3f:92:2c:88:66:6f:5f:23:fd:b3:4f:
         df:ae:8b:49:56:95:9c:1d:64:ef:8d:e9:73:7d:60:d7:77:cd:
         67:f6:98:6a:34:81:8c:f9:19:07:e3:c8:2f:fe:dc:e7:6c:ad:
         cb:dd:ac:66:ee:52:6d:ce:12:6d:03:d3:d0:6f:f7:30:73:42:
         66:22:b4:47:e8:5e:b9:04:ec:a8:93:f7:3d:90:46:5d:8f:56:
         72:7b:37:52:cf:54:47:59:df:66:91:d4:74:27:92:7c:d7:ff:
         fd:05:5d:15:25:71:f4:c9:80:79:4d:fb:ad:79:d9:1c:cb:38:
         e0:93:79:56
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUCbheF4uOoA5q7fjhYLsRwVJQTicwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDEyMjcxMTQyMDdaFw0yNTEyMjYxMTQ3MDdaMDMxMTAvBgNV
BAMTKDdFMDZGMUZEMjk4OTdFNjRFRDEzQzBEMUE5OTY2NTI0MkU5QTc4MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuj3Pbux+jyPGzBKT14ddfS8qc
hm8x1EqIDcCuNsPZXmmvSlmieaFA0La9a5mX0tqJspkhmHYYr00rp2MBufjUwPSv
h0AX2c1F9/hq0DB5C6eSmO93lUiwxoPZbFCzIi7scKV+XlVqBS4s27aBPCECGYoJ
K5ktYsKYToOsw7RDTCDKm+alnUJ7BfyAh/Y5DWqekXqQHs2E8ul3fD6k8N6koSCj
O1rYsNIJJLQCWeqxmEqk3qdW3r/lMZhlZHppermMW+MGkVWGzmaM/8ogspxZcsqS
2teeelu3gQkikjR1kJFs/iFUo+5naIMEpaQACKkp8rDC7vGfHhtrcBudIYllAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUfgbx/SmJfmTtE8DRqZZlJC6aeAQwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zNjMyMmUzMzJlMzgy
ZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+
AwgwDQYJKoZIhvcNAQELBQADggEBABMAWgPsFU/dHO/fW9pgyZC3q9quM5+r+VpZ
4uEeM8jtIbETsSlwXPGKM/B8Hrfs3c0Q3Rpqkn8d5qr2oBSYiCt2MyYtjeivRNyB
aCMBPblTVcf+uGED4UpJNWh2we7HQfTGISA2JhT7bADtKsb+m3J1bTpw2tbFuh+6
EoPTc8LoKP6oWPE/kiyIZm9fI/2zT9+ui0lWlZwdZO+N6XN9YNd3zWf2mGo0gYz5
GQfjyC/+3OdsrcvdrGbuUm3OEm0D09Bv9zBzQmYitEfoXrkE7KiT9z2QRl2PVnJ7
N1LPVEdZ32aR1HQnknzX//0FXRUlcfTJgHlN+6152RzLOOCTeVY=
-----END CERTIFICATE-----