Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32302e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e32302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          +qSMcE8IwonAEkZMTaqxwv/lOUqa0BEb1bQQ+xZ9kvE=
Subject key identifier:   6D:10:F3:71:6B:11:7A:05:C3:99:68:D5:B3:00:BE:20:B3:CE:0F:32
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       48DEE389C1B4BB2660447DB5B3EDEE751B2989B0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32302e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 13 Jun 2024 10:41:18 +0000
ROA not before:           Thu 13 Jun 2024 10:36:18 +0000
ROA not after:            Thu 12 Jun 2025 10:41:18 +0000
asID:                     47583
IP address blocks:        62.72.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:de:e3:89:c1:b4:bb:26:60:44:7d:b5:b3:ed:ee:75:1b:29:89:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 13 10:36:18 2024 GMT
            Not After : Jun 12 10:41:18 2025 GMT
        Subject: CN=6D10F3716B117A05C39968D5B300BE20B3CE0F32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8d:47:52:1a:fc:50:fe:f1:47:6a:01:75:c1:
                    fd:3c:4c:01:06:3f:42:26:59:0c:90:15:35:87:1c:
                    65:bf:46:6f:f3:0f:66:06:6a:31:0b:49:c0:5f:16:
                    1e:32:d0:a0:41:01:ad:06:de:16:e8:3c:77:29:76:
                    05:67:b7:fd:82:c3:5f:33:41:a5:dd:c6:d3:e0:4b:
                    e0:0f:19:0e:7a:ac:3e:f6:55:1d:65:64:61:6b:e1:
                    d6:c3:d9:ed:e1:aa:53:a7:c6:10:39:a6:1e:07:5e:
                    ba:d8:d7:ad:4f:68:7b:7a:66:f7:b5:80:ca:a5:54:
                    34:2e:35:c3:6f:cd:95:ea:74:47:d8:47:3e:9c:b6:
                    4d:9e:18:0a:ef:5d:7b:05:e4:3a:bd:1a:e6:02:66:
                    d3:2e:4b:5a:67:59:39:25:10:03:4c:6c:cd:ea:79:
                    c0:80:90:cf:aa:94:29:f1:51:d2:27:cf:eb:29:b1:
                    d8:b8:8d:f6:85:b0:12:81:f8:b3:7d:5b:8a:7f:74:
                    f6:ce:df:98:1c:f7:ed:71:86:cb:4e:0d:25:66:14:
                    ef:a8:bb:e4:a8:a0:12:02:2b:0e:7a:9a:1a:69:f0:
                    21:6f:2d:86:26:0a:da:a3:b6:d6:de:26:8d:5d:50:
                    4f:3e:57:f5:81:e7:08:68:92:0b:09:b6:ec:aa:21:
                    26:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:10:F3:71:6B:11:7A:05:C3:99:68:D5:B3:00:BE:20:B3:CE:0F:32
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:54:13:64:04:61:b5:f3:da:7c:3c:d0:78:b6:51:f7:50:8d:
         79:04:ab:d8:bd:38:0c:80:3b:5a:64:5a:bb:95:f1:2b:71:26:
         0c:bf:90:ed:f3:4b:ed:be:70:dd:77:03:bf:20:56:83:52:e3:
         d0:07:ec:73:41:7d:66:ad:20:cf:a2:a6:0f:37:e2:48:74:06:
         53:aa:7e:69:68:b2:9b:a4:cf:57:e1:50:74:ae:1d:1c:9f:3a:
         fb:2f:22:c3:fc:0e:5f:1f:22:08:8e:e9:02:bc:05:2f:f6:3b:
         30:d8:22:85:3b:de:32:ee:48:d0:d6:39:df:bc:78:33:3a:0c:
         0a:8d:0b:a1:d8:95:57:7a:3f:92:18:c6:b6:0a:b3:11:7b:f5:
         92:e6:9a:12:64:a6:58:bd:bc:32:d4:8c:61:2f:3f:ce:d5:0c:
         b1:20:a6:17:a8:1a:50:65:ab:e0:3f:72:e8:fc:e1:04:95:15:
         a9:98:4b:ce:bc:c0:5c:60:d4:0e:8d:f4:f8:02:3a:28:54:ab:
         88:68:41:ec:ee:16:cf:01:b5:95:ec:d1:99:03:3f:f3:4a:c9:
         c9:a3:11:19:3e:c5:57:03:db:57:9d:12:53:5e:28:27:01:ad:
         8f:c6:15:24:74:8e:e8:6b:03:62:0d:15:dd:d8:38:57:09:a4:
         9e:b2:78:b5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSN7jicG0uyZgRH21s+3udRspibAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTMxMDM2MThaFw0yNTA2MTIxMDQxMThaMDMxMTAvBgNV
BAMTKDZEMTBGMzcxNkIxMTdBMDVDMzk5NjhENUIzMDBCRTIwQjNDRTBGMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYjUdSGvxQ/vFHagF1wf08TAEG
P0ImWQyQFTWHHGW/Rm/zD2YGajELScBfFh4y0KBBAa0G3hboPHcpdgVnt/2Cw18z
QaXdxtPgS+APGQ56rD72VR1lZGFr4dbD2e3hqlOnxhA5ph4HXrrY161PaHt6Zve1
gMqlVDQuNcNvzZXqdEfYRz6ctk2eGArvXXsF5Dq9GuYCZtMuS1pnWTklEANMbM3q
ecCAkM+qlCnxUdInz+spsdi4jfaFsBKB+LN9W4p/dPbO35gc9+1xhstODSVmFO+o
u+SooBICKw56mhpp8CFvLYYmCtqjttbeJo1dUE8+V/WB5whokgsJtuyqISYDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUbRDzcWsRegXDmWjVswC+ILPODzIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzIzMDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SBQw
DQYJKoZIhvcNAQELBQADggEBACxUE2QEYbXz2nw80Hi2UfdQjXkEq9i9OAyAO1pk
WruV8StxJgy/kO3zS+2+cN13A78gVoNS49AH7HNBfWatIM+ipg834kh0BlOqfmlo
spukz1fhUHSuHRyfOvsvIsP8Dl8fIgiO6QK8BS/2OzDYIoU73jLuSNDWOd+8eDM6
DAqNC6HYlVd6P5IYxrYKsxF79ZLmmhJkpli9vDLUjGEvP87VDLEgpheoGlBlq+A/
cuj84QSVFamYS868wFxg1A6N9PgCOihUq4hoQezuFs8BtZXs0ZkDP/NKycmjERk+
xVcD21edElNeKCcBrY/GFSR0juhrA2INFd3YOFcJpJ6yeLU=
-----END CERTIFICATE-----