Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32382e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e32382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          K+b69yD3byEz7w2sxIVQ6IYQouEmTIVx/rrJkn3DRY8=
Subject key identifier:   D5:ED:9E:89:16:FD:0B:45:EE:95:46:01:C9:24:94:F8:E9:A7:BD:0D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       657E8FF680FCCAEAF24F4CCCBD986FF0B6C031C0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32382e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 18 Aug 2023 06:43:09 +0000
ROA not before:           Fri 18 Aug 2023 06:38:09 +0000
ROA not after:            Fri 16 Aug 2024 06:43:09 +0000
asID:                     47583
IP address blocks:        62.72.28.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:7e:8f:f6:80:fc:ca:ea:f2:4f:4c:cc:bd:98:6f:f0:b6:c0:31:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 18 06:38:09 2023 GMT
            Not After : Aug 16 06:43:09 2024 GMT
        Subject: CN=D5ED9E8916FD0B45EE954601C92494F8E9A7BD0D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:81:21:d9:99:34:b2:d0:e7:1f:fe:b1:db:fa:
                    e8:1c:9b:fd:49:ad:83:08:14:52:55:57:77:71:4b:
                    4f:f4:17:9d:6f:89:21:6c:de:bc:d1:47:2f:a5:2c:
                    89:3b:9f:79:5c:f3:1f:31:2a:0b:0f:76:e4:21:91:
                    60:da:3a:9e:de:2b:81:65:9f:e9:71:21:6a:04:49:
                    5a:f3:99:c6:35:29:43:91:a4:02:7b:8b:a4:08:5d:
                    61:ee:f9:a8:0c:ce:42:4b:90:84:79:d0:e8:78:8e:
                    ea:d0:8a:9c:de:fd:0a:38:78:d2:00:9f:7c:f3:a1:
                    12:ec:05:24:0c:df:09:bc:28:3a:d0:3f:37:0d:d6:
                    9d:d9:2a:cb:2b:7e:a4:75:ea:8d:a3:42:ad:80:dc:
                    af:84:23:2a:9b:49:ae:06:8c:67:07:96:34:63:59:
                    bd:18:ff:74:74:ba:26:e7:ec:28:bc:3f:a5:11:84:
                    6e:21:3f:4b:5e:2c:ea:ee:9d:b5:35:c4:95:0e:9b:
                    04:a7:e8:fe:a3:69:65:e9:ba:4d:31:31:b3:1f:48:
                    90:7f:f8:b0:98:d6:4e:a7:1c:88:d8:89:e2:9c:10:
                    df:b0:a7:9f:42:88:45:b7:60:9c:32:0d:16:4b:62:
                    9d:dd:3e:d1:5c:fa:47:6e:d8:29:83:0b:06:8b:51:
                    c6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:ED:9E:89:16:FD:0B:45:EE:95:46:01:C9:24:94:F8:E9:A7:BD:0D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e32382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:2a:f7:cf:86:3f:0b:d0:19:a2:6e:cd:9e:98:d5:39:26:ad:
         f8:88:15:75:fb:06:a1:f9:ba:42:84:3d:19:5a:69:fd:d5:5d:
         99:d8:b5:ca:1a:5e:39:7a:15:4b:d6:22:26:91:c5:ec:7a:6d:
         b2:da:ca:ce:93:5a:e4:5b:fd:a7:e3:9b:6f:6b:9c:35:28:96:
         1d:85:52:a4:84:93:ae:e4:bd:81:c6:70:ef:f3:07:02:1d:97:
         83:a9:86:cd:c4:98:bd:58:a8:97:78:f1:74:44:db:4c:1d:16:
         11:b7:4d:25:04:73:bc:82:87:ae:68:78:15:9a:0c:00:72:6e:
         d4:75:07:82:8c:1e:f3:79:6e:dc:41:81:88:4e:05:13:92:63:
         67:72:97:2d:59:3e:7c:f2:b4:86:1f:9a:d0:5c:82:51:25:83:
         5a:29:c4:86:71:05:48:2b:84:21:ad:a8:ed:c6:e1:22:8e:95:
         09:df:e4:43:42:5c:29:2d:b0:2b:57:c7:97:77:46:1a:bf:20:
         f1:c9:03:97:4b:e2:40:ac:35:04:e4:34:b7:1a:04:a7:fc:f7:
         d6:a6:9d:14:dc:ea:d4:b8:9a:68:b1:72:27:6e:c9:9d:eb:37:
         da:f5:ae:43:b0:36:3c:77:fa:ba:c6:e6:c9:96:f8:50:65:c1:
         b6:c6:89:af
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZX6P9oD8yuryT0zMvZhv8LbAMcAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MTgwNjM4MDlaFw0yNDA4MTYwNjQzMDlaMDMxMTAvBgNV
BAMTKEQ1RUQ5RTg5MTZGRDBCNDVFRTk1NDYwMUM5MjQ5NEY4RTlBN0JEMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRgSHZmTSy0Ocf/rHb+ugcm/1J
rYMIFFJVV3dxS0/0F51viSFs3rzRRy+lLIk7n3lc8x8xKgsPduQhkWDaOp7eK4Fl
n+lxIWoESVrzmcY1KUORpAJ7i6QIXWHu+agMzkJLkIR50Oh4jurQipze/Qo4eNIA
n3zzoRLsBSQM3wm8KDrQPzcN1p3ZKssrfqR16o2jQq2A3K+EIyqbSa4GjGcHljRj
Wb0Y/3R0uibn7Ci8P6URhG4hP0teLOrunbU1xJUOmwSn6P6jaWXpuk0xMbMfSJB/
+LCY1k6nHIjYieKcEN+wp59CiEW3YJwyDRZLYp3dPtFc+kdu2CmDCwaLUcZFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU1e2eiRb9C0XulUYBySSU+OmnvQ0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzIzODJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SBww
DQYJKoZIhvcNAQELBQADggEBAAUq98+GPwvQGaJuzZ6Y1TkmrfiIFXX7BqH5ukKE
PRlaaf3VXZnYtcoaXjl6FUvWIiaRxex6bbLays6TWuRb/afjm29rnDUolh2FUqSE
k67kvYHGcO/zBwIdl4Ophs3EmL1YqJd48XRE20wdFhG3TSUEc7yCh65oeBWaDABy
btR1B4KMHvN5btxBgYhOBROSY2dyly1ZPnzytIYfmtBcglElg1opxIZxBUgrhCGt
qO3G4SKOlQnf5ENCXCktsCtXx5d3Rhq/IPHJA5dL4kCsNQTkNLcaBKf899amnRTc
6tS4mmixciduyZ3rN9r1rkOwNjx3+rrG5smW+FBlwbbGia8=
-----END CERTIFICATE-----