Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32302e302f32322d3232203d3e203437353833.roa
File:                     36322e37322e32302e302f32322d3232203d3e203437353833.roa (raw, json)
Hash identifier:          KTOCQSIhscHmEmPqtrXSWkeUW28JLsdOhNw2D33tqas=
Subject key identifier:   42:18:EE:D8:D3:B7:E7:D6:AC:BA:6D:44:3F:8C:82:00:C6:B1:1C:BF
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       402A5A32E9136B55DA0C3F8948ED9C6FCC9373A7
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32302e302f32322d3232203d3e203437353833.roa
Signing time:             Wed 12 Jul 2023 18:16:43 +0000
ROA not before:           Wed 12 Jul 2023 18:11:43 +0000
ROA not after:            Wed 10 Jul 2024 18:16:43 +0000
asID:                     47583
IP address blocks:        62.72.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:2a:5a:32:e9:13:6b:55:da:0c:3f:89:48:ed:9c:6f:cc:93:73:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 12 18:11:43 2023 GMT
            Not After : Jul 10 18:16:43 2024 GMT
        Subject: CN=4218EED8D3B7E7D6ACBA6D443F8C8200C6B11CBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d3:a3:9b:a5:6c:fd:ec:5d:21:c1:87:51:37:
                    52:2d:2d:85:2b:93:a9:82:ba:99:c6:3c:78:fb:ff:
                    eb:60:ad:d7:14:31:43:40:89:f6:c8:f4:f6:d4:e4:
                    9b:d1:3b:0c:c3:76:33:7e:e6:bc:39:8e:80:74:b3:
                    6b:ef:20:81:1c:ac:fb:64:d2:ec:59:72:40:7d:34:
                    01:62:17:6c:55:8d:9c:65:a0:65:1b:e3:39:53:df:
                    d0:24:e8:66:0b:38:92:fb:1f:9a:71:58:89:cc:62:
                    de:d6:b6:fb:b1:45:ac:0d:9e:71:fc:de:41:81:55:
                    f3:a4:bf:58:5e:de:47:16:3f:c0:b2:19:e0:8a:fe:
                    d0:f9:a1:3b:a4:0c:97:54:a9:0d:e5:59:ad:b9:23:
                    20:0e:07:31:9b:ca:ff:ec:47:d0:7f:87:f1:fe:49:
                    f6:b3:b3:c8:e1:3e:ff:72:da:4f:9b:e4:fc:ab:82:
                    6b:a3:70:4a:4f:ff:5b:d7:37:2a:93:a2:6b:5d:7d:
                    a6:bf:08:55:8a:b8:42:a8:81:1a:56:f7:dc:d5:b4:
                    b3:ad:d2:40:21:e9:a0:81:0d:ee:6b:65:b1:5f:2b:
                    40:4e:44:0c:d6:c3:87:31:cd:0c:32:1c:91:80:28:
                    f1:3d:06:2b:f5:9a:0a:f2:d3:1a:d3:6f:e3:10:6a:
                    07:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:18:EE:D8:D3:B7:E7:D6:AC:BA:6D:44:3F:8C:82:00:C6:B1:1C:BF
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32302e302f32322d3232203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:90:0c:ea:48:ca:07:5e:6a:06:73:3f:7a:31:e1:06:e2:fd:
         6e:0e:2e:69:02:eb:c6:75:df:d5:28:3e:3b:90:5e:fe:01:aa:
         d7:92:ac:6c:96:3e:4f:14:3d:b3:ff:be:1f:6b:3c:4b:31:17:
         a3:76:28:2a:f5:81:04:bd:4f:9e:5b:3d:85:e4:ce:da:3d:c5:
         85:f4:1a:8c:17:2d:04:8f:9d:c6:f1:e8:2c:49:46:ae:53:51:
         2c:ba:23:d2:94:f5:df:4c:e1:70:52:98:c9:f8:f8:f5:cd:42:
         5e:34:59:b9:1e:42:4f:91:f3:aa:0f:a2:dd:96:cb:1b:86:62:
         9f:96:27:03:f7:de:d4:0d:10:fd:62:f6:6f:4f:fc:ed:7a:44:
         de:36:65:e0:9a:1f:95:a0:a8:da:03:85:0a:da:4d:35:6e:6c:
         e5:50:34:3f:7a:51:2b:89:95:65:c3:dd:e2:4d:0f:fd:c4:44:
         64:75:c8:b3:7d:e2:b7:b3:83:06:ab:44:bc:1e:ba:5c:e0:eb:
         08:52:75:ce:fa:34:21:bc:4c:f7:09:60:3e:b1:3d:62:f1:6f:
         8b:ae:da:df:f6:d6:03:11:6a:ed:99:e8:c5:3e:45:c3:59:fc:
         50:fa:6b:f2:7c:89:51:33:70:18:df:8f:69:c1:f0:a3:d6:61:
         58:69:2a:79
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQCpaMukTa1XaDD+JSO2cb8yTc6cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA3MTIxODExNDNaFw0yNDA3MTAxODE2NDNaMDMxMTAvBgNV
BAMTKDQyMThFRUQ4RDNCN0U3RDZBQ0JBNkQ0NDNGOEM4MjAwQzZCMTFDQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN06ObpWz97F0hwYdRN1ItLYUr
k6mCupnGPHj7/+tgrdcUMUNAifbI9PbU5JvROwzDdjN+5rw5joB0s2vvIIEcrPtk
0uxZckB9NAFiF2xVjZxloGUb4zlT39Ak6GYLOJL7H5pxWInMYt7WtvuxRawNnnH8
3kGBVfOkv1he3kcWP8CyGeCK/tD5oTukDJdUqQ3lWa25IyAOBzGbyv/sR9B/h/H+
Sfazs8jhPv9y2k+b5PyrgmujcEpP/1vXNyqTomtdfaa/CFWKuEKogRpW99zVtLOt
0kAh6aCBDe5rZbFfK0BORAzWw4cxzQwyHJGAKPE9Biv1mgry0xrTb+MQagePAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUQhju2NO359asum1EP4yCAMaxHL8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzIzMDJl
MzAyZjMyMzIyZDMyMzIyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SBQw
DQYJKoZIhvcNAQELBQADggEBAAmQDOpIygdeagZzP3ox4Qbi/W4OLmkC68Z139Uo
PjuQXv4BqteSrGyWPk8UPbP/vh9rPEsxF6N2KCr1gQS9T55bPYXkzto9xYX0GowX
LQSPncbx6CxJRq5TUSy6I9KU9d9M4XBSmMn4+PXNQl40WbkeQk+R86oPot2WyxuG
Yp+WJwP33tQNEP1i9m9P/O16RN42ZeCaH5WgqNoDhQraTTVubOVQND96USuJlWXD
3eJND/3ERGR1yLN94rezgwarRLweulzg6whSdc76NCG8TPcJYD6xPWLxb4uu2t/2
1gMRau2Z6MU+RcNZ/FD6a/J8iVEzcBjfj2nB8KPWYVhpKnk=
-----END CERTIFICATE-----