Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e33362e302f32322d3234203d3e203437353833.roa
File:                     36322e37322e33362e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          C3Wcus0XeM6CulTENqXE5Bqus2EFOofq3NE/4dawFLM=
Subject key identifier:   D8:79:EA:D9:2D:C5:F0:03:60:EF:1D:4B:9C:13:30:D3:95:B2:D8:8B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3477D5B64A70F63F559F2AAE79F5E88347184351
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e33362e302f32322d3234203d3e203437353833.roa
Signing time:             Fri 19 Jul 2024 07:04:15 +0000
ROA not before:           Fri 19 Jul 2024 06:59:15 +0000
ROA not after:            Fri 18 Jul 2025 07:04:15 +0000
asID:                     47583
IP address blocks:        62.72.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:77:d5:b6:4a:70:f6:3f:55:9f:2a:ae:79:f5:e8:83:47:18:43:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 19 06:59:15 2024 GMT
            Not After : Jul 18 07:04:15 2025 GMT
        Subject: CN=D879EAD92DC5F00360EF1D4B9C1330D395B2D88B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f3:e1:74:db:27:49:fe:bc:2d:8b:bf:83:27:
                    a5:cf:11:c4:23:dd:c7:82:8d:2b:aa:d6:91:39:8f:
                    eb:b0:ca:62:2a:f9:22:46:ab:f9:b7:f4:41:44:14:
                    88:a4:f8:d1:ac:b4:dd:d9:cb:ff:d8:60:24:04:d9:
                    f5:90:fd:c1:d5:f8:ea:4e:b0:59:2e:45:42:1a:97:
                    ae:92:fd:bf:62:b4:32:45:7b:70:27:eb:93:f6:8a:
                    eb:e6:22:5c:e8:dd:c9:e8:ea:e5:08:7c:42:f1:66:
                    2c:44:83:f0:ff:16:da:5c:d9:51:02:9c:ae:76:f6:
                    b1:01:ad:71:9d:65:14:ab:c0:68:55:cc:cd:4b:33:
                    13:eb:c4:d7:2d:74:59:9e:c2:fc:ab:a9:00:ff:d6:
                    82:89:41:2d:a6:97:0a:88:a1:2d:74:35:b5:fc:e6:
                    75:6f:0d:27:88:2d:b0:a9:aa:2a:04:e3:9c:9d:22:
                    54:7b:8d:5e:65:6d:30:d1:33:bd:59:c2:35:d2:f6:
                    e4:37:50:16:40:52:c0:67:06:ca:29:75:78:0d:55:
                    31:a9:25:7b:f3:b9:02:50:ae:a1:a5:c1:9f:52:21:
                    54:e3:cf:6f:c2:1c:30:2b:87:4d:e4:1a:3a:98:ab:
                    cf:60:68:e4:5f:7b:ac:b8:78:7e:67:44:8f:8c:10:
                    84:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:79:EA:D9:2D:C5:F0:03:60:EF:1D:4B:9C:13:30:D3:95:B2:D8:8B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/36322e37322e33362e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:17:f8:56:bc:ee:f6:ad:02:6d:a0:07:de:a6:cb:84:4d:0a:
         7c:38:c8:e5:c1:e8:22:0a:4f:f0:44:79:c7:d5:88:d1:5e:79:
         bc:44:1d:8f:2a:26:ae:76:83:ce:f0:c7:30:1c:da:1a:95:5b:
         e5:35:31:8b:6a:c6:e5:a5:42:b8:24:4f:e6:d3:2d:b3:9a:7e:
         ce:67:12:d8:bf:3d:9f:a2:77:38:c0:77:e8:ba:c3:43:72:ee:
         c5:e9:3b:28:55:0f:96:eb:37:50:40:1f:5d:03:db:d8:84:2b:
         dd:d6:8f:4f:0a:7c:23:4c:d8:cf:6c:67:a1:0a:69:7b:14:11:
         15:47:62:23:5f:56:2e:20:82:4b:ba:cd:38:aa:27:eb:45:40:
         07:ea:64:59:ff:0c:4b:ff:fb:3e:e4:c9:2f:b7:b8:f9:1a:d7:
         7f:a2:88:5a:a6:35:78:8d:01:83:c7:f2:fd:ea:f5:9a:c0:70:
         a7:a4:b4:e9:84:0c:a6:81:8b:1b:e0:7e:0c:1f:62:a9:bb:f9:
         05:a4:66:85:d6:cb:70:a0:9d:2c:a2:0f:ca:c1:d2:de:1f:34:
         0f:08:9a:3e:02:27:e9:d4:67:f5:a7:fa:4f:18:21:a8:8a:98:
         7c:ed:b7:30:e2:69:43:45:e3:b1:ce:e9:c8:d7:3e:82:ae:a0:
         96:29:80:3a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUNHfVtkpw9j9VnyquefXog0cYQ1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA3MTkwNjU5MTVaFw0yNTA3MTgwNzA0MTVaMDMxMTAvBgNV
BAMTKEQ4NzlFQUQ5MkRDNUYwMDM2MEVGMUQ0QjlDMTMzMEQzOTVCMkQ4OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ8+F02ydJ/rwti7+DJ6XPEcQj
3ceCjSuq1pE5j+uwymIq+SJGq/m39EFEFIik+NGstN3Zy//YYCQE2fWQ/cHV+OpO
sFkuRUIal66S/b9itDJFe3An65P2iuvmIlzo3cno6uUIfELxZixEg/D/Ftpc2VEC
nK529rEBrXGdZRSrwGhVzM1LMxPrxNctdFmewvyrqQD/1oKJQS2mlwqIoS10NbX8
5nVvDSeILbCpqioE45ydIlR7jV5lbTDRM71ZwjXS9uQ3UBZAUsBnBsopdXgNVTGp
JXvzuQJQrqGlwZ9SIVTjz2/CHDArh03kGjqYq89gaORfe6y4eH5nRI+MEISRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU2Hnq2S3F8ANg7x1LnBMw05Wy2IswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzYzMjJlMzczMjJlMzMzNjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+SCQw
DQYJKoZIhvcNAQELBQADggEBACkX+Fa87vatAm2gB96my4RNCnw4yOXB6CIKT/BE
ecfViNFeebxEHY8qJq52g87wxzAc2hqVW+U1MYtqxuWlQrgkT+bTLbOafs5nEti/
PZ+idzjAd+i6w0Ny7sXpOyhVD5brN1BAH10D29iEK93Wj08KfCNM2M9sZ6EKaXsU
ERVHYiNfVi4ggku6zTiqJ+tFQAfqZFn/DEv/+z7kyS+3uPka13+iiFqmNXiNAYPH
8v3q9ZrAcKektOmEDKaBixvgfgwfYqm7+QWkZoXWy3CgnSyiD8rB0t4fNA8Imj4C
J+nUZ/Wn+k8YIaiKmHzttzDiaUNF47HO6cjXPoKuoJYpgDo=
-----END CERTIFICATE-----