Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33362e302f32342d3234203d3e203232343237.roa
File:                     3134392e36322e33362e302f32342d3234203d3e203232343237.roa (raw, json)
Hash identifier:          1ml4FoJZiOM37HxwZsR95KBgGC9eYLQp/7OeUgSFUTo=
Subject key identifier:   1B:18:FA:81:83:03:0F:69:7C:07:D1:8F:EB:04:01:42:08:70:60:0E
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       6F5F9A58824BB2133E173B0F1F6E3578745F0B93
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33362e302f32342d3234203d3e203232343237.roa
Signing time:             Fri 23 Aug 2024 06:47:18 +0000
ROA not before:           Fri 23 Aug 2024 06:42:18 +0000
ROA not after:            Fri 22 Aug 2025 06:47:18 +0000
asID:                     22427
IP address blocks:        149.62.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:5f:9a:58:82:4b:b2:13:3e:17:3b:0f:1f:6e:35:78:74:5f:0b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Aug 23 06:42:18 2024 GMT
            Not After : Aug 22 06:47:18 2025 GMT
        Subject: CN=1B18FA8183030F697C07D18FEB0401420870600E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:50:40:d7:05:83:9a:50:6d:03:c0:0c:b7:44:
                    bd:cb:c7:26:4a:0f:cc:4f:8c:63:0c:c0:d2:2a:a9:
                    99:90:38:12:cc:e6:8d:ac:64:2d:ba:8c:68:83:69:
                    b0:1e:0b:f7:16:04:34:39:fd:43:9c:0e:43:71:39:
                    06:00:38:7f:90:c2:ec:91:da:69:f2:4e:2f:50:7a:
                    95:b8:ec:2a:bf:26:85:a9:73:15:11:80:0c:64:49:
                    0d:f2:f3:ca:60:20:f7:28:7b:22:54:6f:fe:44:23:
                    14:9c:a0:e4:7b:b0:7b:fe:f4:e7:2e:45:bd:ce:ad:
                    2e:27:10:f1:52:33:a8:9e:01:ba:a4:42:44:08:09:
                    dd:50:d4:8d:6d:ba:69:63:55:61:55:80:b9:99:dc:
                    27:ca:2b:33:cb:1e:f8:f2:b3:c4:d2:86:ee:1c:e1:
                    29:d8:78:cc:d0:29:59:45:df:6e:96:bf:d0:6e:66:
                    d0:f7:47:91:96:50:86:1b:9b:e6:3a:19:50:df:47:
                    3b:90:2d:11:aa:7b:aa:9b:b9:66:6c:9b:ec:9f:40:
                    7f:d1:f3:5a:c1:34:44:54:bf:07:17:e1:64:83:19:
                    c6:75:e8:16:67:48:5d:45:25:d4:3d:6b:51:dd:2a:
                    d6:d6:b6:c7:f2:70:6c:6f:47:cc:af:14:cb:3a:10:
                    d1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:18:FA:81:83:03:0F:69:7C:07:D1:8F:EB:04:01:42:08:70:60:0E
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33362e302f32342d3234203d3e203232343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:a8:c8:dd:bd:b3:30:c6:ca:68:37:01:ec:53:fd:09:da:13:
         f0:76:8f:36:36:3d:d7:7a:3e:c0:0b:d1:48:26:0a:88:0a:75:
         45:bd:f6:b0:76:1f:ae:84:3a:1b:63:18:63:56:6a:80:2c:4d:
         6b:2f:61:05:34:99:65:a7:28:47:1b:ed:0b:d0:25:e5:ba:97:
         84:3a:fe:3e:fe:5c:e5:a4:78:9f:1d:fd:8b:af:0a:24:7a:fe:
         96:65:0c:a1:71:02:30:5d:2d:b0:aa:23:5d:72:7a:32:72:e6:
         1c:0d:10:8e:d8:29:3d:38:59:b2:f4:f9:a1:96:86:d7:ee:57:
         11:86:81:e3:e5:80:88:5f:3d:ca:4c:e0:4c:ac:06:e1:b9:d9:
         b2:17:85:dd:e0:59:1c:18:65:fe:1a:fa:6e:d2:a1:dc:c0:28:
         04:42:be:4d:d1:57:c8:e0:34:46:9a:54:48:2f:8a:08:3c:af:
         56:30:c0:23:a1:be:95:f2:80:37:84:ab:83:66:76:41:59:df:
         12:ca:4a:09:2c:a1:2a:e2:0e:5d:84:9a:0a:38:6f:7f:98:74:
         c1:6d:12:05:b2:80:e0:da:88:25:ee:ad:6e:29:78:84:82:37:
         d3:0f:84:a4:9e:97:e9:69:9e:e4:da:a0:40:e0:d7:4b:67:08:
         eb:0d:64:5f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUb1+aWIJLshM+FzsPH241eHRfC5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA4MjMwNjQyMThaFw0yNTA4MjIwNjQ3MThaMDMxMTAvBgNV
BAMTKDFCMThGQTgxODMwMzBGNjk3QzA3RDE4RkVCMDQwMTQyMDg3MDYwMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuUEDXBYOaUG0DwAy3RL3LxyZK
D8xPjGMMwNIqqZmQOBLM5o2sZC26jGiDabAeC/cWBDQ5/UOcDkNxOQYAOH+QwuyR
2mnyTi9QepW47Cq/JoWpcxURgAxkSQ3y88pgIPcoeyJUb/5EIxScoOR7sHv+9Ocu
Rb3OrS4nEPFSM6ieAbqkQkQICd1Q1I1tumljVWFVgLmZ3CfKKzPLHvjys8TShu4c
4SnYeMzQKVlF326Wv9BuZtD3R5GWUIYbm+Y6GVDfRzuQLRGqe6qbuWZsm+yfQH/R
81rBNERUvwcX4WSDGcZ16BZnSF1FJdQ9a1HdKtbWtsfycGxvR8yvFMs6ENGvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGxj6gYMDD2l8B9GP6wQBQghwYA4wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzNDM5MmUzNjMyMmUzMzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMjM0MzIzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJU+
JDANBgkqhkiG9w0BAQsFAAOCAQEAIqjI3b2zMMbKaDcB7FP9CdoT8HaPNjY913o+
wAvRSCYKiAp1Rb32sHYfroQ6G2MYY1ZqgCxNay9hBTSZZacoRxvtC9Al5bqXhDr+
Pv5c5aR4nx39i68KJHr+lmUMoXECMF0tsKojXXJ6MnLmHA0QjtgpPThZsvT5oZaG
1+5XEYaB4+WAiF89ykzgTKwG4bnZsheF3eBZHBhl/hr6btKh3MAoBEK+TdFXyOA0
RppUSC+KCDyvVjDAI6G+lfKAN4Srg2Z2QVnfEspKCSyhKuIOXYSaCjhvf5h0wW0S
BbKA4NqIJe6tbil4hII30w+EpJ6X6Wme5NqgQODXS2cI6w1kXw==
-----END CERTIFICATE-----