Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e302e302f32312d3234203d3e203437353833.roa
File:                     36322e37322e302e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          EvH9tJSUNlxdX/TT6zfm/gTHnycv95VOS0qNGP1dgkU=
Subject key identifier:   21:02:DA:CA:C7:7B:31:3A:0B:6C:39:AF:FC:E5:5C:5E:6B:22:28:FF
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6FC0C3A08E1D9460D571C481D7D2BD183D8ED3AE
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e302e302f32312d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:19 +0000
ROA not before:           Thu 15 May 2025 10:41:19 +0000
ROA not after:            Thu 14 May 2026 10:46:19 +0000
asID:                     47583
IP address blocks:        62.72.0.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:c0:c3:a0:8e:1d:94:60:d5:71:c4:81:d7:d2:bd:18:3d:8e:d3:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:19 2025 GMT
            Not After : May 14 10:46:19 2026 GMT
        Subject: CN=2102DACAC77B313A0B6C39AFFCE55C5E6B2228FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7d:dd:f9:48:ee:c6:20:e2:a5:b5:bd:98:e2:
                    c4:72:bd:f2:f1:af:3f:31:f6:c0:02:c5:52:6d:95:
                    9a:f3:fe:94:5a:38:0d:c2:b2:f8:5e:d0:ea:7d:7b:
                    25:1e:39:a7:bf:36:01:74:21:60:30:60:1d:e8:e6:
                    3e:5e:4d:51:32:49:78:98:5b:4d:ac:42:2e:ad:86:
                    48:7d:fd:2e:03:b5:94:27:93:e4:3a:e8:cd:2b:7d:
                    89:29:05:ab:fc:dd:98:96:df:6c:d6:b1:93:02:86:
                    ee:13:50:5d:03:a7:2f:0f:4c:5a:cd:96:cc:b5:11:
                    aa:88:7f:a2:f8:7e:8b:a2:da:60:a5:c3:7e:ca:bb:
                    f9:42:ed:7c:22:df:16:1a:6e:c4:2c:2c:4f:76:81:
                    11:42:6d:2a:8a:08:22:24:c2:df:ce:1f:f0:bf:aa:
                    08:13:5d:41:71:c6:cd:e4:26:e7:0b:55:3c:89:a8:
                    f6:b0:91:8a:f2:4a:bc:56:b2:d9:d8:85:0b:f0:03:
                    c1:ba:c3:b5:2b:e1:6c:fb:08:33:4c:cf:92:ac:c7:
                    2b:7d:bc:4a:0d:3e:de:9a:57:c4:f1:24:5b:e8:b2:
                    05:f1:70:c9:84:45:a8:50:74:4e:1f:8e:58:44:4f:
                    7c:49:67:ad:81:11:7a:03:40:f9:9b:fe:2d:60:c6:
                    85:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:02:DA:CA:C7:7B:31:3A:0B:6C:39:AF:FC:E5:5C:5E:6B:22:28:FF
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e302e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         72:58:54:9f:24:d1:68:93:08:88:f2:df:2b:da:2a:53:42:7f:
         09:a2:26:ec:c6:60:57:c6:99:81:40:f6:8b:56:4d:ad:68:10:
         43:6c:94:d4:df:e1:0e:62:c6:bc:5f:7b:02:8a:da:4d:18:45:
         33:4f:f7:cb:6b:6e:cc:7b:ec:3c:d1:ab:24:a0:4e:b8:06:86:
         d9:4a:1e:d3:3d:b7:49:3c:28:dc:9a:f5:9c:39:33:5e:f4:ce:
         bf:bb:31:c1:2e:df:a3:51:60:38:7e:b2:38:52:37:22:6e:5a:
         53:c0:3a:90:40:35:9e:a9:40:ba:f0:d7:95:8f:d3:d0:71:50:
         58:33:b6:11:e9:df:3e:f7:b0:e1:b4:cc:2e:92:b1:d9:f4:83:
         81:ce:18:fa:db:c4:f4:60:38:54:8c:8b:ab:a9:23:35:c1:a4:
         5e:33:19:f1:85:08:cf:28:7c:be:22:12:71:bd:3f:b6:76:04:
         06:f9:32:56:04:4f:42:53:70:62:20:22:db:bf:f1:5e:45:11:
         95:10:0c:17:9e:f1:d6:dc:98:42:aa:68:00:9c:d3:46:a4:32:
         fd:c0:3c:5a:de:40:6e:b6:56:be:a7:f9:96:6b:ea:ac:28:b1:
         fa:d8:f0:2d:33:8f:ec:4d:de:4e:6b:62:78:71:6e:fb:05:77:
         29:62:13:4a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUb8DDoI4dlGDVccSB19K9GD2O064wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTlaFw0yNjA1MTQxMDQ2MTlaMDMxMTAvBgNV
BAMTKDIxMDJEQUNBQzc3QjMxM0EwQjZDMzlBRkZDRTU1QzVFNkIyMjI4RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDfd35SO7GIOKltb2Y4sRyvfLx
rz8x9sACxVJtlZrz/pRaOA3Csvhe0Op9eyUeOae/NgF0IWAwYB3o5j5eTVEySXiY
W02sQi6thkh9/S4DtZQnk+Q66M0rfYkpBav83ZiW32zWsZMChu4TUF0Dpy8PTFrN
lsy1EaqIf6L4foui2mClw37Ku/lC7Xwi3xYabsQsLE92gRFCbSqKCCIkwt/OH/C/
qggTXUFxxs3kJucLVTyJqPawkYrySrxWstnYhQvwA8G6w7Ur4Wz7CDNMz5Ksxyt9
vEoNPt6aV8TxJFvosgXxcMmERahQdE4fjlhET3xJZ62BEXoDQPmb/i1gxoVjAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUIQLaysd7MToLbDmv/OVcXmsiKP8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzAyZTMw
MmYzMjMxMmQzMjM0MjAzZDNlMjAzNDM3MzUzODMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPkgAMA0G
CSqGSIb3DQEBCwUAA4IBAQByWFSfJNFokwiI8t8r2ipTQn8JoibsxmBXxpmBQPaL
Vk2taBBDbJTU3+EOYsa8X3sCitpNGEUzT/fLa27Me+w80askoE64BobZSh7TPbdJ
PCjcmvWcOTNe9M6/uzHBLt+jUWA4frI4UjciblpTwDqQQDWeqUC68NeVj9PQcVBY
M7YR6d8+97DhtMwukrHZ9IOBzhj628T0YDhUjIurqSM1waReMxnxhQjPKHy+IhJx
vT+2dgQG+TJWBE9CU3BiICLbv/FeRRGVEAwXnvHW3JhCqmgAnNNGpDL9wDxa3kBu
tla+p/mWa+qsKLH62PAtM4/sTd5Oa2J4cW77BXcpYhNK
-----END CERTIFICATE-----