Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32382e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e32382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          vhNzCUy7CU/bgp1bzGGVqQxVlR1LCgx/hQu2+U6lafo=
Subject key identifier:   64:A8:A1:B5:63:1C:31:9A:37:CE:58:19:D2:8C:F7:AC:44:87:04:25
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0D964FC1F9E6880D345E1CF0E1E11B722A858184
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32382e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 22 May 2026 08:24:24 +0000
ROA not before:           Fri 22 May 2026 08:19:24 +0000
ROA not after:            Fri 21 May 2027 08:24:24 +0000
asID:                     47583
IP address blocks:        62.72.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:52:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:96:4f:c1:f9:e6:88:0d:34:5e:1c:f0:e1:e1:1b:72:2a:85:81:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 22 08:19:24 2026 GMT
            Not After : May 21 08:24:24 2027 GMT
        Subject: CN=64A8A1B5631C319A37CE5819D28CF7AC44870425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:95:77:6f:8f:fd:69:ab:75:6a:03:a1:c2:bb:
                    96:69:e6:dc:a2:0d:3b:fb:b6:df:73:4c:30:5e:11:
                    a3:5e:a3:e5:2a:b7:c2:56:33:bb:94:35:1b:d4:e1:
                    e7:82:e9:a2:41:40:3f:8c:d5:e0:46:7a:67:1f:7c:
                    2d:da:a9:18:b6:26:af:75:7e:57:94:66:73:84:bb:
                    8c:cb:a9:3b:73:e5:54:21:9c:d1:80:4a:dd:4e:c8:
                    28:e9:3f:fd:9b:a2:da:42:3a:bd:65:27:8b:35:34:
                    39:0e:61:68:9a:87:0b:c1:c8:d8:26:5a:33:e2:21:
                    74:9e:f0:8e:04:31:f9:98:03:a2:d3:a3:c1:10:50:
                    14:69:47:dc:9c:7a:c7:ce:c0:91:12:44:37:f1:ce:
                    1d:86:f3:f7:3f:ce:ef:7c:65:7c:19:23:77:e6:68:
                    9d:f1:2f:8d:65:02:89:fe:37:67:98:c0:e6:8b:b4:
                    6c:4e:8a:f8:9e:7b:00:ab:72:f4:4a:76:84:ed:b9:
                    67:32:e6:51:3c:d8:c2:4b:28:95:59:e1:a5:2d:e2:
                    b9:a9:04:db:01:04:2a:f6:d2:ed:08:ba:61:98:ac:
                    00:95:c4:5c:0f:31:99:8b:9c:04:e8:a7:10:af:82:
                    ef:b7:98:70:76:20:c8:63:b2:4b:f0:71:19:3f:94:
                    06:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:A8:A1:B5:63:1C:31:9A:37:CE:58:19:D2:8C:F7:AC:44:87:04:25
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:35:a6:a5:2f:7e:c2:38:fe:eb:d5:17:95:d6:30:23:d5:de:
         7b:a7:32:5c:3a:7c:70:a3:b3:fe:20:b2:d3:e0:d7:1c:da:61:
         19:a9:1a:17:44:9e:2e:d0:bc:bb:01:df:86:7f:c2:e5:ae:e9:
         03:34:4a:2e:09:9e:a9:96:b8:38:d1:7b:35:2c:ec:15:ff:61:
         7a:ef:1f:06:14:9e:12:4d:f4:9a:0c:5c:53:ae:fe:ed:47:60:
         e5:8b:62:2b:79:98:f7:ad:24:77:67:87:33:8a:d3:fb:5c:a8:
         4d:d1:d8:ee:a5:36:42:7a:d8:da:74:e3:5d:2e:f1:81:c4:30:
         4e:70:d4:83:7c:5c:b7:59:4f:8d:61:92:5c:70:86:bb:4e:69:
         97:92:d0:5c:c3:77:db:44:cc:1a:f4:a0:12:8d:78:bd:a4:2a:
         9b:05:d5:38:93:ff:bc:ec:79:87:19:db:ea:3e:e6:c7:8d:a7:
         17:ea:53:66:0a:74:7e:ed:fe:e6:42:b6:b5:14:c2:e6:53:2d:
         50:24:1a:23:14:b4:df:8f:dd:b6:2e:5b:3f:5b:02:ba:ac:28:
         b9:34:65:3c:22:60:b3:e3:53:2f:60:a0:d4:d7:e4:2f:03:ab:
         66:83:cb:2e:06:f2:87:ff:be:24:97:3d:b6:68:cf:ed:da:50:
         8c:c8:ca:68
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDZZPwfnmiA00Xhzw4eEbciqFgYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA1MjIwODE5MjRaFw0yNzA1MjEwODI0MjRaMDMxMTAvBgNV
BAMTKDY0QThBMUI1NjMxQzMxOUEzN0NFNTgxOUQyOENGN0FDNDQ4NzA0MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChlXdvj/1pq3VqA6HCu5Zp5tyi
DTv7tt9zTDBeEaNeo+Uqt8JWM7uUNRvU4eeC6aJBQD+M1eBGemcffC3aqRi2Jq91
fleUZnOEu4zLqTtz5VQhnNGASt1OyCjpP/2botpCOr1lJ4s1NDkOYWiahwvByNgm
WjPiIXSe8I4EMfmYA6LTo8EQUBRpR9ycesfOwJESRDfxzh2G8/c/zu98ZXwZI3fm
aJ3xL41lAon+N2eYwOaLtGxOivieewCrcvRKdoTtuWcy5lE82MJLKJVZ4aUt4rmp
BNsBBCr20u0IumGYrACVxFwPMZmLnATopxCvgu+3mHB2IMhjskvwcRk/lAZHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZKihtWMcMZo3zlgZ0oz3rESHBCUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzIzODJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SBww
DQYJKoZIhvcNAQELBQADggEBAIY1pqUvfsI4/uvVF5XWMCPV3nunMlw6fHCjs/4g
stPg1xzaYRmpGhdEni7QvLsB34Z/wuWu6QM0Si4JnqmWuDjRezUs7BX/YXrvHwYU
nhJN9JoMXFOu/u1HYOWLYit5mPetJHdnhzOK0/tcqE3R2O6lNkJ62Np0410u8YHE
ME5w1IN8XLdZT41hklxwhrtOaZeS0FzDd9tEzBr0oBKNeL2kKpsF1TiT/7zseYcZ
2+o+5seNpxfqU2YKdH7t/uZCtrUUwuZTLVAkGiMUtN+P3bYuWz9bArqsKLk0ZTwi
YLPjUy9goNTX5C8Dq2aDyy4G8of/viSXPbZoz+3aUIzIymg=
-----END CERTIFICATE-----