Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e302e302f32312d3234203d3e203437353833.roa
File:                     36322e37322e302e302f32312d3234203d3e203437353833.roa (raw, json)
Hash identifier:          cCOSqBZPyLzQhM6ZxpbVDe5eiYdUz2+3q59UZG9+4Cc=
Subject key identifier:   12:59:3B:86:86:E6:3C:53:DB:A8:52:5D:CF:B3:0A:89:87:CE:E6:CC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       ADD29D6034A24EA77DAD9CC2E1D77D6C3DDA41
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e302e302f32312d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:40:51 +0000
ROA not before:           Thu 13 Jun 2024 10:35:51 +0000
ROA not after:            Thu 12 Jun 2025 10:40:51 +0000
asID:                     47583
IP address blocks:        62.72.0.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ad:d2:9d:60:34:a2:4e:a7:7d:ad:9c:c2:e1:d7:7d:6c:3d:da:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:35:51 2024 GMT
            Not After : Jun 12 10:40:51 2025 GMT
        Subject: CN=12593B8686E63C53DBA8525DCFB30A8987CEE6CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e0:af:8a:09:ed:99:32:6e:cc:97:ae:af:d4:
                    c0:b0:3b:16:f1:54:ca:ab:f4:93:ae:e1:2e:9d:83:
                    88:2e:14:dc:22:11:36:67:3b:fe:78:11:62:78:b5:
                    e5:05:c4:48:6a:60:2d:7d:0b:1c:d7:78:61:9d:75:
                    c0:56:d2:67:db:5f:db:2c:75:ca:6c:19:2b:b3:00:
                    1a:c2:83:14:d3:5c:32:20:b2:08:39:cd:42:dd:e6:
                    07:45:c9:41:6d:2f:d3:c6:00:7e:60:f2:aa:f7:a6:
                    78:bb:74:fd:bb:c1:2f:90:c8:ac:0c:f1:ce:0b:0f:
                    78:71:bf:82:53:8f:1d:d7:33:db:a0:f3:79:29:12:
                    42:2b:5c:3d:c7:5b:d0:77:fa:33:0b:98:1b:e0:0d:
                    6f:79:ae:56:f5:99:35:16:21:2e:3e:3a:00:d7:42:
                    e5:8c:d5:35:56:97:20:75:45:c3:5a:eb:ea:19:44:
                    63:dc:b6:b7:60:e8:db:6d:37:f0:75:ff:14:fa:a9:
                    4d:3c:f7:fc:57:82:51:8d:75:13:f1:35:a2:94:6a:
                    bc:95:19:e2:46:86:dd:35:ad:ce:bc:f3:b2:24:88:
                    f8:b4:a2:a8:ce:6c:90:d2:0c:4e:85:6b:12:e8:d1:
                    95:b2:9a:8a:5f:4f:a1:16:05:f3:b6:2b:f4:48:9f:
                    f6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:59:3B:86:86:E6:3C:53:DB:A8:52:5D:CF:B3:0A:89:87:CE:E6:CC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e302e302f32312d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2e:0a:c1:7e:a9:aa:9f:a4:9a:9d:9b:4d:50:4c:71:04:f2:d6:
         cd:af:dd:22:63:f2:31:63:89:6e:cb:77:00:75:02:a7:d2:c8:
         ca:d0:e2:eb:a9:d4:49:67:d5:d9:e6:02:47:52:d2:54:37:43:
         d8:3a:72:fe:9d:80:3d:6c:b6:48:f8:11:b7:6c:a8:5f:56:36:
         d0:b0:3b:2b:8b:75:13:03:30:07:32:00:a1:51:7b:ef:f1:1d:
         ae:f5:de:cb:96:44:e5:c6:a0:02:b2:b6:94:0e:e1:ec:ae:b1:
         62:78:a6:64:dd:10:56:dc:9c:bd:16:27:fa:46:04:81:e4:da:
         3e:bf:20:f0:c8:4f:ba:6a:8f:52:01:5a:c6:a0:f0:c7:d4:22:
         87:d1:86:97:e8:46:9f:d8:bf:16:51:5e:4a:d3:61:3e:86:2f:
         9e:48:e6:c6:3c:67:66:b8:aa:e3:2a:57:d4:91:89:72:47:e0:
         1f:2a:23:91:3c:3c:24:43:6c:e2:bc:ed:39:ae:29:2c:c2:b5:
         71:d8:d0:78:51:6f:ec:52:3e:49:1c:94:f0:8f:c3:f1:18:b4:
         23:cb:45:cd:3c:92:26:a7:ea:66:8f:c3:91:3c:79:ee:6c:4b:
         79:aa:b7:14:96:5f:16:b3:ee:fd:05:ff:dd:2c:f9:ff:d3:7f:
         5b:43:e1:e1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUAK3SnWA0ok6nfa2cwuHXfWw92kEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM1NTFaFw0yNTA2MTIxMDQwNTFaMDMxMTAvBgNV
BAMTKDEyNTkzQjg2ODZFNjNDNTNEQkE4NTI1RENGQjMwQTg5ODdDRUU2Q0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK4K+KCe2ZMm7Ml66v1MCwOxbx
VMqr9JOu4S6dg4guFNwiETZnO/54EWJ4teUFxEhqYC19CxzXeGGddcBW0mfbX9ss
dcpsGSuzABrCgxTTXDIgsgg5zULd5gdFyUFtL9PGAH5g8qr3pni7dP27wS+QyKwM
8c4LD3hxv4JTjx3XM9ug83kpEkIrXD3HW9B3+jMLmBvgDW95rlb1mTUWIS4+OgDX
QuWM1TVWlyB1RcNa6+oZRGPctrdg6NttN/B1/xT6qU089/xXglGNdRPxNaKUaryV
GeJGht01rc6887IkiPi0oqjObJDSDE6FaxLo0ZWymopfT6EWBfO2K/RIn/ZHAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUElk7hobmPFPbqFJdz7MKiYfO5swwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzAyZTMw
MmYzMjMxMmQzMjM0MjAzZDNlMjAzNDM3MzUzODMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPkgAMA0G
CSqGSIb3DQEBCwUAA4IBAQAuCsF+qaqfpJqdm01QTHEE8tbNr90iY/IxY4luy3cA
dQKn0sjK0OLrqdRJZ9XZ5gJHUtJUN0PYOnL+nYA9bLZI+BG3bKhfVjbQsDsri3UT
AzAHMgChUXvv8R2u9d7LlkTlxqACsraUDuHsrrFieKZk3RBW3Jy9Fif6RgSB5No+
vyDwyE+6ao9SAVrGoPDH1CKH0YaX6Eaf2L8WUV5K02E+hi+eSObGPGdmuKrjKlfU
kYlyR+AfKiORPDwkQ2zivO05rikswrVx2NB4UW/sUj5JHJTwj8PxGLQjy0XNPJIm
p+pmj8ORPHnubEt5qrcUll8Ws+79Bf/dLPn/039bQ+Hh
-----END CERTIFICATE-----