Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32382e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e32382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          TWHJeQVu8LHLgwUUXBAxCC94x7kfmbPM05F07RwHZr8=
Subject key identifier:   78:2E:FD:00:95:92:44:27:AE:E1:91:49:6F:65:BA:BA:BA:22:A6:66
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0CBD0C42709D603F5ED95E819572D70FB0B72056
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32382e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 19 Jul 2024 07:04:15 +0000
ROA not before:           Fri 19 Jul 2024 06:59:15 +0000
ROA not after:            Fri 18 Jul 2025 07:04:15 +0000
asID:                     47583
IP address blocks:        62.72.28.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:bd:0c:42:70:9d:60:3f:5e:d9:5e:81:95:72:d7:0f:b0:b7:20:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 19 06:59:15 2024 GMT
            Not After : Jul 18 07:04:15 2025 GMT
        Subject: CN=782EFD0095924427AEE191496F65BABABA22A666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a4:ba:cf:ca:59:53:79:d0:11:94:03:7a:0a:
                    04:15:d0:1d:b4:c7:96:21:60:93:a5:4e:da:1d:34:
                    42:d0:7c:f1:b9:76:a2:67:23:39:f5:ff:53:9f:d4:
                    56:25:11:20:15:b9:92:5a:40:34:ac:a0:b7:4a:6e:
                    a8:40:f3:29:82:7c:e4:69:04:05:75:ba:78:12:b6:
                    9d:31:92:8a:31:a8:a7:0c:2f:8b:6e:6e:e2:4d:f3:
                    ab:41:87:9f:c9:4b:77:21:03:84:d4:8c:77:de:ba:
                    6a:d6:55:47:c5:71:91:cd:ca:8a:e8:53:6b:ca:68:
                    79:38:ac:6d:f0:b0:57:51:2e:8e:d3:bd:82:8e:e3:
                    60:bd:a8:2f:7c:e6:03:a6:e5:95:4d:ff:7b:b5:fa:
                    a5:a3:60:b3:a7:3e:7b:60:69:11:54:72:c6:c9:22:
                    76:08:3c:a4:04:aa:4f:3d:40:15:a2:3c:56:6f:32:
                    95:cb:52:3b:87:ef:a7:c7:51:1e:0d:f5:8a:8e:51:
                    14:65:e4:7a:60:34:8d:8b:94:b5:dd:18:59:46:fb:
                    1b:12:4b:28:6e:11:09:12:e9:b3:40:d2:eb:ee:e8:
                    1e:7f:87:46:62:e6:1a:a2:55:66:2c:8c:c5:69:63:
                    28:34:8c:00:cb:8d:73:34:76:53:81:82:0a:18:e3:
                    e4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:2E:FD:00:95:92:44:27:AE:E1:91:49:6F:65:BA:BA:BA:22:A6:66
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:c5:53:63:af:c0:f7:af:32:98:63:8d:d8:8a:f1:fc:ab:46:
         cf:f1:16:23:b4:8e:f4:85:4e:d4:f4:ca:89:5e:7e:ee:9a:2c:
         48:b6:f7:fd:30:44:13:a9:8f:b8:99:bd:07:75:67:42:97:86:
         4f:22:d2:2c:33:8b:7e:ef:c9:43:11:8a:07:a0:fc:76:57:ff:
         91:ac:6d:04:3a:f3:9e:02:3a:9c:2d:46:cd:3d:76:d1:75:f3:
         73:01:4f:c7:0e:b8:b9:f9:b9:b8:69:ce:b9:49:f9:65:79:e3:
         95:bd:c3:8f:b9:eb:4d:06:54:be:7b:4d:2a:e4:f0:cf:b3:9d:
         eb:57:db:8a:17:5d:cf:c0:bc:08:c7:84:4c:85:35:1e:ca:0b:
         65:51:d4:8c:d2:6c:c6:52:50:f6:f9:1d:34:c6:8a:30:a0:39:
         87:34:67:36:c4:14:66:80:d5:1c:7b:e3:a4:52:49:21:f8:8e:
         10:6a:4e:d2:3b:f8:57:cb:b9:a5:43:be:88:2e:25:76:df:05:
         f8:c3:1a:20:42:23:0d:ec:a8:b7:66:00:2f:ad:f6:d5:bc:8d:
         18:0a:1a:58:2a:34:c3:d9:95:cc:0f:5a:17:f6:17:0d:7c:e2:
         3d:22:e7:43:9e:19:ed:33:9c:77:4c:0a:3d:6e:0c:db:5b:81:
         41:f8:23:e7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDL0MQnCdYD9e2V6BlXLXD7C3IFYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MTkwNjU5MTVaFw0yNTA3MTgwNzA0MTVaMDMxMTAvBgNV
BAMTKDc4MkVGRDAwOTU5MjQ0MjdBRUUxOTE0OTZGNjVCQUJBQkEyMkE2NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTpLrPyllTedARlAN6CgQV0B20
x5YhYJOlTtodNELQfPG5dqJnIzn1/1Of1FYlESAVuZJaQDSsoLdKbqhA8ymCfORp
BAV1ungStp0xkooxqKcML4tubuJN86tBh5/JS3chA4TUjHfeumrWVUfFcZHNyoro
U2vKaHk4rG3wsFdRLo7TvYKO42C9qC985gOm5ZVN/3u1+qWjYLOnPntgaRFUcsbJ
InYIPKQEqk89QBWiPFZvMpXLUjuH76fHUR4N9YqOURRl5HpgNI2LlLXdGFlG+xsS
SyhuEQkS6bNA0uvu6B5/h0Zi5hqiVWYsjMVpYyg0jADLjXM0dlOBggoY4+QnAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUeC79AJWSRCeu4ZFJb2W6uroipmYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzIzODJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SBww
DQYJKoZIhvcNAQELBQADggEBAADFU2OvwPevMphjjdiK8fyrRs/xFiO0jvSFTtT0
yolefu6aLEi29/0wRBOpj7iZvQd1Z0KXhk8i0iwzi37vyUMRigeg/HZX/5GsbQQ6
854COpwtRs09dtF183MBT8cOuLn5ubhpzrlJ+WV545W9w4+5600GVL57TSrk8M+z
netX24oXXc/AvAjHhEyFNR7KC2VR1IzSbMZSUPb5HTTGijCgOYc0ZzbEFGaA1Rx7
46RSSSH4jhBqTtI7+FfLuaVDvoguJXbfBfjDGiBCIw3sqLdmAC+t9tW8jRgKGlgq
NMPZlcwPWhf2Fw184j0i50OeGe0znHdMCj1uDNtbgUH4I+c=
-----END CERTIFICATE-----