Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32302e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e32302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          RwOHjUMrGKAOQQCReLgjehAFkq6maBz8Th8wFcRXzA4=
Subject key identifier:   99:04:54:75:16:6C:9F:B9:E1:0D:EE:AC:79:9F:95:81:31:95:59:93
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       35D4CA872F801781F8797241F60BDDE7C0676D27
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32302e302f32322d3234203d3e203437353833.roa
Signing time:             Thu 15 May 2025 10:46:19 +0000
ROA not before:           Thu 15 May 2025 10:41:19 +0000
ROA not after:            Thu 14 May 2026 10:46:19 +0000
asID:                     47583
IP address blocks:        62.72.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:d4:ca:87:2f:80:17:81:f8:79:72:41:f6:0b:dd:e7:c0:67:6d:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 15 10:41:19 2025 GMT
            Not After : May 14 10:46:19 2026 GMT
        Subject: CN=99045475166C9FB9E10DEEAC799F958131955993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:40:5b:90:d1:2a:80:db:53:16:f6:ff:e4:20:
                    f7:e2:d8:9a:35:63:04:46:4a:a2:ad:0e:be:26:8a:
                    0a:41:ee:bb:cb:c8:70:be:b4:3c:db:0c:63:e0:b3:
                    20:da:4c:62:7b:68:05:e8:fd:29:07:17:7a:84:19:
                    32:3a:eb:40:81:82:0a:19:5b:fc:2f:e8:2f:02:52:
                    0c:72:26:69:f6:db:cd:65:47:6a:dc:c1:25:b6:ca:
                    66:9c:49:e6:35:b0:38:dc:90:46:bf:d6:c6:17:1a:
                    1e:b3:09:5f:e0:cc:c4:ca:81:bf:cd:75:a7:a4:76:
                    d9:c2:a9:61:2b:3b:7a:3d:af:08:53:56:01:62:75:
                    23:ee:36:05:23:71:c8:7f:79:41:a1:92:49:99:bb:
                    e5:65:1d:f0:0c:df:59:25:a7:75:c1:57:37:db:a0:
                    19:d8:13:dc:8d:ca:d6:7a:3d:e3:10:a2:36:59:d5:
                    62:c1:48:67:a1:db:47:66:bb:68:93:0e:ec:06:e4:
                    ae:f4:f6:0b:06:f2:96:22:c2:01:23:61:1b:cf:0b:
                    18:5a:f0:9d:05:e6:64:c2:b3:5f:3b:04:e7:56:89:
                    56:b4:b8:54:5c:11:88:5b:89:4d:e5:f4:ff:28:ea:
                    8e:08:33:e2:f7:d5:2d:8e:e2:bf:7a:0f:87:40:93:
                    0b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:04:54:75:16:6C:9F:B9:E1:0D:EE:AC:79:9F:95:81:31:95:59:93
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:fe:8d:82:c5:f9:c9:ff:55:75:73:eb:3b:80:a7:94:c5:b7:
         e5:99:c5:ae:05:3b:9f:c2:f0:62:88:02:8d:07:ec:18:eb:fc:
         7f:0b:b7:ef:08:2d:32:27:32:dc:67:31:c3:a8:db:0a:a3:f5:
         ea:5b:87:0e:d8:e9:4c:6c:27:73:f3:17:20:2a:73:1b:5a:18:
         be:d2:27:dd:b7:c8:f7:b0:ff:cc:30:de:72:e4:a2:43:41:31:
         18:d8:f5:8e:f2:24:da:3b:fb:19:94:61:47:d5:eb:3e:cc:f2:
         11:d1:8c:6c:a8:69:da:01:bc:42:b9:fb:df:69:86:db:81:5c:
         80:0a:7a:e0:90:1f:8e:39:a4:48:32:eb:1a:f9:20:33:10:c8:
         ac:0d:04:10:e2:43:2a:83:79:1e:fb:0b:7f:34:1e:9d:ba:3b:
         1e:08:56:5a:e6:6e:c6:0f:e9:e6:3e:5b:ce:23:32:ad:34:c0:
         14:65:e7:08:3b:a6:a2:f6:3e:c9:c5:09:dd:92:25:b2:39:2d:
         51:21:44:7b:4a:dd:aa:6f:06:b0:47:16:b8:d1:c4:bb:78:4d:
         88:fe:fe:f2:56:e9:5e:14:b5:b9:de:2f:40:12:cb:f1:6d:6f:
         49:ac:c0:f3:eb:57:a5:8a:5a:f7:64:bd:67:cd:19:5c:36:e5:
         89:8e:60:9a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNdTKhy+AF4H4eXJB9gvd58BnbScwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTUxMDQxMTlaFw0yNjA1MTQxMDQ2MTlaMDMxMTAvBgNV
BAMTKDk5MDQ1NDc1MTY2QzlGQjlFMTBERUVBQzc5OUY5NTgxMzE5NTU5OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOQFuQ0SqA21MW9v/kIPfi2Jo1
YwRGSqKtDr4migpB7rvLyHC+tDzbDGPgsyDaTGJ7aAXo/SkHF3qEGTI660CBggoZ
W/wv6C8CUgxyJmn2281lR2rcwSW2ymacSeY1sDjckEa/1sYXGh6zCV/gzMTKgb/N
daekdtnCqWErO3o9rwhTVgFidSPuNgUjcch/eUGhkkmZu+VlHfAM31klp3XBVzfb
oBnYE9yNytZ6PeMQojZZ1WLBSGeh20dmu2iTDuwG5K709gsG8pYiwgEjYRvPCxha
8J0F5mTCs187BOdWiVa0uFRcEYhbiU3l9P8o6o4IM+L31S2O4r96D4dAkws3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmQRUdRZsn7nhDe6seZ+VgTGVWZMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzIzMDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SBQw
DQYJKoZIhvcNAQELBQADggEBAHz+jYLF+cn/VXVz6zuAp5TFt+WZxa4FO5/C8GKI
Ao0H7Bjr/H8Lt+8ILTInMtxnMcOo2wqj9epbhw7Y6UxsJ3PzFyAqcxtaGL7SJ923
yPew/8ww3nLkokNBMRjY9Y7yJNo7+xmUYUfV6z7M8hHRjGyoadoBvEK5+99phtuB
XIAKeuCQH445pEgy6xr5IDMQyKwNBBDiQyqDeR77C380Hp26Ox4IVlrmbsYP6eY+
W84jMq00wBRl5wg7pqL2PsnFCd2SJbI5LVEhRHtK3apvBrBHFrjRxLt4TYj+/vJW
6V4UtbneL0ASy/Ftb0mswPPrV6WKWvdkvWfNGVw25YmOYJo=
-----END CERTIFICATE-----