Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32342e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e32342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          5BenzmDB5q6qXacynmVvtExRsMpVdPRc5kZP3C/Z8Cc=
Subject key identifier:   BC:27:BC:D3:32:04:F4:89:2F:E7:11:D6:C0:9F:12:EA:5D:F3:59:FF
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6E597B6A9E2F825620BD2C4A7C894EA5B8218389
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32342e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 19 Jul 2024 07:04:15 +0000
ROA not before:           Fri 19 Jul 2024 06:59:15 +0000
ROA not after:            Fri 18 Jul 2025 07:04:15 +0000
asID:                     47583
IP address blocks:        62.72.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:59:7b:6a:9e:2f:82:56:20:bd:2c:4a:7c:89:4e:a5:b8:21:83:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 19 06:59:15 2024 GMT
            Not After : Jul 18 07:04:15 2025 GMT
        Subject: CN=BC27BCD33204F4892FE711D6C09F12EA5DF359FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:03:a9:f3:fb:96:ea:0b:e4:fb:ce:d5:15:e7:
                    8c:fd:0e:fb:81:b0:e7:71:42:e2:34:3b:40:4b:0c:
                    8f:b1:96:62:ff:e4:7f:3b:b8:4c:eb:53:02:b2:47:
                    48:10:59:36:2c:5a:e0:dc:3d:20:dc:f2:de:ea:7b:
                    4e:b0:79:ef:5e:23:42:48:00:77:6e:81:44:ac:59:
                    0e:8c:c4:3e:82:f0:32:22:cb:23:45:b3:97:c5:b3:
                    cf:ad:f7:f9:34:41:7c:01:db:14:de:4e:69:42:92:
                    40:a2:09:0a:c5:2f:d2:bc:bc:69:70:12:15:10:53:
                    ad:43:11:1f:e4:ba:92:4b:fd:15:17:d3:3f:e6:85:
                    11:ad:18:80:55:f3:75:91:9f:5f:b4:57:29:7d:3a:
                    d2:cb:76:8a:f0:8f:7f:d4:2b:8e:85:81:12:d5:c3:
                    6e:41:43:2b:4c:6e:9d:08:10:40:32:14:84:02:86:
                    8e:f0:b9:9b:4d:cc:f4:8f:09:75:b1:c1:6b:7c:94:
                    23:95:6c:9c:bc:69:09:50:c4:df:af:7c:f7:da:ef:
                    88:d3:77:21:59:9a:55:07:4d:b1:0a:b1:03:59:1c:
                    55:55:60:21:cb:82:92:40:c1:a0:09:10:dd:a2:b9:
                    c4:24:35:e5:d4:43:3d:e0:ff:ef:52:cf:3f:dc:7f:
                    61:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:27:BC:D3:32:04:F4:89:2F:E7:11:D6:C0:9F:12:EA:5D:F3:59:FF
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:bf:04:b4:4e:1b:f5:5d:81:ed:1d:8f:3f:35:14:81:47:13:
         74:12:e2:4f:fa:3d:19:26:ee:e7:30:5f:1f:d0:98:c3:22:99:
         e9:a6:ba:ec:63:e5:46:8e:bd:20:2e:66:06:03:c2:59:b6:5a:
         dc:65:6b:ad:ba:3b:38:8c:82:4d:1c:25:48:fa:4b:5f:30:4c:
         94:49:26:cd:b8:76:c1:bd:32:cb:99:3a:cc:6c:be:19:35:d0:
         a9:94:ee:0a:aa:19:de:2b:58:67:71:8c:9e:0e:b5:a8:48:e3:
         72:33:46:a2:f3:89:e4:36:6d:d1:01:86:31:b9:d3:25:e1:f8:
         2e:2e:dd:5b:b9:2e:7f:51:0c:5d:3e:c8:f1:ac:46:54:51:f5:
         34:d5:99:e9:bc:c3:db:cc:db:88:54:1f:36:a4:ea:f2:21:76:
         59:73:35:aa:ae:d3:6f:a2:83:05:46:1f:39:c0:8c:f7:9c:cf:
         f9:07:4d:7f:6c:30:a5:63:07:47:d7:24:1c:29:a8:0e:6c:80:
         22:43:e5:b2:f9:91:04:7e:09:e0:f9:aa:1a:68:24:ef:f3:85:
         9d:13:74:d4:3b:1e:2e:c5:c9:79:9d:69:c7:77:a0:ff:5f:e3:
         30:4a:8f:84:7b:c8:cd:6e:27:be:05:e5:43:17:0b:e7:b6:84:
         1e:f4:09:18
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbll7ap4vglYgvSxKfIlOpbghg4kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MTkwNjU5MTVaFw0yNTA3MTgwNzA0MTVaMDMxMTAvBgNV
BAMTKEJDMjdCQ0QzMzIwNEY0ODkyRkU3MTFENkMwOUYxMkVBNURGMzU5RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0A6nz+5bqC+T7ztUV54z9DvuB
sOdxQuI0O0BLDI+xlmL/5H87uEzrUwKyR0gQWTYsWuDcPSDc8t7qe06wee9eI0JI
AHdugUSsWQ6MxD6C8DIiyyNFs5fFs8+t9/k0QXwB2xTeTmlCkkCiCQrFL9K8vGlw
EhUQU61DER/kupJL/RUX0z/mhRGtGIBV83WRn1+0Vyl9OtLLdorwj3/UK46FgRLV
w25BQytMbp0IEEAyFIQCho7wuZtNzPSPCXWxwWt8lCOVbJy8aQlQxN+vfPfa74jT
dyFZmlUHTbEKsQNZHFVVYCHLgpJAwaAJEN2iucQkNeXUQz3g/+9Szz/cf2EbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUvCe80zIE9Ikv5xHWwJ8S6l3zWf8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzIzNDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SBgw
DQYJKoZIhvcNAQELBQADggEBAJe/BLROG/Vdge0djz81FIFHE3QS4k/6PRkm7ucw
Xx/QmMMimemmuuxj5UaOvSAuZgYDwlm2Wtxla626OziMgk0cJUj6S18wTJRJJs24
dsG9MsuZOsxsvhk10KmU7gqqGd4rWGdxjJ4OtahI43IzRqLzieQ2bdEBhjG50yXh
+C4u3Vu5Ln9RDF0+yPGsRlRR9TTVmem8w9vM24hUHzak6vIhdllzNaqu02+igwVG
HznAjPecz/kHTX9sMKVjB0fXJBwpqA5sgCJD5bL5kQR+CeD5qhpoJO/zhZ0TdNQ7
Hi7FyXmdacd3oP9f4zBKj4R7yM1uJ74F5UMXC+e2hB70CRg=
-----END CERTIFICATE-----