Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e332e392e302f32342d3234203d3e20323031333431.roa
File:                     36322e332e392e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          js0H1q9kiPXbliBM3It1bpvE7X/Y1U4hOmnm+d7eo9M=
Subject key identifier:   0F:BD:C4:10:5C:12:55:39:6F:69:FA:15:88:85:93:81:81:1A:EE:6B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       371F62C50378AA46B0D51D9611A5E0A2FEBF45F5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e332e392e302f32342d3234203d3e20323031333431.roa
Signing time:             Thu 31 Aug 2023 11:59:15 +0000
ROA not before:           Thu 31 Aug 2023 11:54:15 +0000
ROA not after:            Thu 29 Aug 2024 11:59:15 +0000
asID:                     201341
IP address blocks:        62.3.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:1f:62:c5:03:78:aa:46:b0:d5:1d:96:11:a5:e0:a2:fe:bf:45:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 31 11:54:15 2023 GMT
            Not After : Aug 29 11:59:15 2024 GMT
        Subject: CN=0FBDC4105C1255396F69FA1588859381811AEE6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e1:f8:0b:d9:a5:f2:96:1d:59:6d:f2:c3:85:
                    9e:b3:29:0f:0d:4c:eb:45:58:f3:bb:cf:60:5e:ca:
                    02:f2:a3:80:da:fc:f9:38:29:9f:8e:6c:b6:76:b7:
                    ac:bf:aa:08:4c:0d:98:f7:38:53:8f:ba:d3:09:75:
                    22:7e:8e:73:4e:84:89:c1:e4:61:90:a5:53:c6:57:
                    b2:14:cb:15:be:21:c2:63:81:1e:e6:ce:d2:81:fa:
                    d6:b6:cd:7f:34:ff:8f:c3:cc:2a:05:ac:98:54:90:
                    2b:e4:f8:03:70:d0:41:94:cd:8f:61:6d:65:9e:0a:
                    e8:51:64:eb:c6:50:6f:bb:93:07:40:81:0a:35:28:
                    90:bf:cd:d4:99:09:7b:42:2b:e7:d4:39:09:ba:4c:
                    bc:ea:29:a3:8b:1d:9c:24:bd:d8:de:4d:e7:c6:95:
                    90:f7:fd:2f:6d:85:13:e6:6e:ae:93:60:3f:59:52:
                    fe:10:20:e2:5d:4b:53:d7:26:19:30:1a:6d:16:ec:
                    f1:f4:f7:c2:d6:f8:27:8b:6c:70:24:84:45:1e:d9:
                    7c:63:33:63:7a:c6:9a:f9:5e:ec:b6:93:16:ee:e8:
                    79:bd:04:73:88:d0:26:e0:f2:08:e0:82:f3:de:ae:
                    8a:b0:24:b9:1b:1e:a7:b4:d7:62:6e:3c:75:50:8c:
                    91:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:BD:C4:10:5C:12:55:39:6F:69:FA:15:88:85:93:81:81:1A:EE:6B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e332e392e302f32342d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:49:12:f5:05:10:f7:dc:c5:9c:b4:13:75:81:ae:48:ca:9a:
         f4:05:66:33:c4:66:75:1d:22:38:a2:48:e8:e0:0c:ec:ad:80:
         c1:80:86:98:1a:71:66:04:f8:e0:1a:41:61:0e:a5:c2:f3:05:
         9b:1b:ee:3e:00:68:90:c4:40:dd:af:13:c6:34:47:6d:ba:0f:
         cf:88:48:9d:c4:b8:39:c0:0e:60:22:a1:20:4d:17:64:be:98:
         36:66:71:f9:e2:aa:1a:08:5f:f1:04:b3:66:30:a4:09:68:3d:
         f6:28:e2:7e:b7:fa:22:26:38:67:73:ec:f7:83:03:cb:de:1f:
         45:12:8a:9a:92:85:6d:32:85:71:bd:3e:24:3d:08:39:22:be:
         03:f8:44:e1:72:26:61:c2:aa:fc:bb:4a:b6:88:9a:f7:53:79:
         45:4f:60:c8:34:11:b0:ac:95:85:08:cf:1f:8c:a7:37:e7:46:
         7c:b5:1f:6a:d2:03:5f:3f:9b:d6:e6:16:bc:b6:19:0f:40:0f:
         1c:da:66:c5:29:e7:d7:93:73:d4:05:8c:9a:fc:f8:ff:c9:f7:
         83:b3:79:98:96:80:b2:77:f6:b8:7b:5b:d4:67:48:be:cd:76:
         90:51:8a:ac:ff:2a:e9:79:f1:8b:a9:ca:d4:12:ee:83:f5:19:
         96:ea:19:5d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUNx9ixQN4qkaw1R2WEaXgov6/RfUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MzExMTU0MTVaFw0yNDA4MjkxMTU5MTVaMDMxMTAvBgNV
BAMTKDBGQkRDNDEwNUMxMjU1Mzk2RjY5RkExNTg4ODU5MzgxODExQUVFNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM4fgL2aXylh1ZbfLDhZ6zKQ8N
TOtFWPO7z2BeygLyo4Da/Pk4KZ+ObLZ2t6y/qghMDZj3OFOPutMJdSJ+jnNOhInB
5GGQpVPGV7IUyxW+IcJjgR7mztKB+ta2zX80/4/DzCoFrJhUkCvk+ANw0EGUzY9h
bWWeCuhRZOvGUG+7kwdAgQo1KJC/zdSZCXtCK+fUOQm6TLzqKaOLHZwkvdjeTefG
lZD3/S9thRPmbq6TYD9ZUv4QIOJdS1PXJhkwGm0W7PH098LW+CeLbHAkhEUe2Xxj
M2N6xpr5Xuy2kxbu6Hm9BHOI0Cbg8gjggvPeroqwJLkbHqe012JuPHVQjJEJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUD73EEFwSVTlvafoViIWTgYEa7mswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzMyZTM5MmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzIzMDMxMzMzNDMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMJMA0G
CSqGSIb3DQEBCwUAA4IBAQBjSRL1BRD33MWctBN1ga5Iypr0BWYzxGZ1HSI4okjo
4AzsrYDBgIaYGnFmBPjgGkFhDqXC8wWbG+4+AGiQxEDdrxPGNEdtug/PiEidxLg5
wA5gIqEgTRdkvpg2ZnH54qoaCF/xBLNmMKQJaD32KOJ+t/oiJjhnc+z3gwPL3h9F
EoqakoVtMoVxvT4kPQg5Ir4D+EThciZhwqr8u0q2iJr3U3lFT2DINBGwrJWFCM8f
jKc350Z8tR9q0gNfP5vW5ha8thkPQA8c2mbFKefXk3PUBYya/Pj/yfeDs3mYloCy
d/a4e1vUZ0i+zXaQUYqs/yrpefGLqcrUEu6D9RmW6hld
-----END CERTIFICATE-----